Information Security
This is a collection of notes on information security, to gain a broad overview of the domain, as the foundation of this module:
Glossary
Information Security
"Preservation of confidentiality, integrity and availability of information." ( ISO/IEC 27000:2018 )
The CIA triad
The CIA triad designates a set of concepts for talking about security assurances, and the impacts of security vulnerabilties, suitable for any domain with sensitive information, and backed up by International standards.
Availability
"Property of being accessible and usable on demand by an authorized entity." ( ISO/IEC 27000:2018 )
Confidentiality
"Property that information is not made available or disclosed to unauthorized individuals, entities, or processes." ( ISO/IEC 27000:2018 )
Integrity
"Property of accuracy and completeness." ( ISO/IEC 27000:2018 )
Reflection
My interest in computer science, and science in general consists of atleast two motives, the pursuit of knowledge out of an admiration for order, and the pursuit of techniques to achieve favourable actions. Information security, to me is born from the second motive, and so at the beginning of this module I placed importance on identifying the goals of it. From there I can critically explore the efforts made within the domain, by relating them to the goal-oriented context. The simplicity and standardisation of the CIA triad makes it a great starting point for linking my own initial exploration of the domain.
Following this course, I would like to generalise and learn more about information security from a general game-theoretic context. This would be to build upon my past experiences with mathematics, and my aim would be to further develop model-based reasoning experience. Games are foundational models suitable for reasoning about cooperative and competitive scenarios, including those where information is a resource. Professionally, a game-oriented perspective is beneficial for any goal-based project. Educationally, formal games are a means to operationalise knowledge, and explore optimal strategies; providing a technique to analyse models critically in relation to the formal game.
Organisational Standards
- Data Protection Act 2018 - UK legislation on the subject of personal data.
- ISO/IEC 27000:2018 - An overview and glossary for information security management systems (ISMS).