The five pillars of information assurance are: confidentiality, integrity, avail

Question

The five pillars of information assurance are: confidentiality, integrity, availability, authentication, and non-repudiation. To learn more about how these concepts are used in an information security program see: http://www.educause.edu/EDUCAUSE+Quarterly/EDUCAUSEQuarterlyMagazineVolum/WhatsinaName/157298

A plain English overview of ISO 27002 (previously numbered as ISO 17799) is available online from Praxiom Research Group Ltd. See: http://www.praxiom.com/iso-17799-intro.htm

Weekly Question:

This is a two part question. You must address BOTH PARTS (A and B) in your response to the weekly question.

A. Discuss how you could use the ISO 27002 Plain English descriptions from Praxiom Research Group, Ltd. in researching your contributions to your group project. Give at least two examples.

B. Explain how you will use the 5 Pillars of Information Assurance in your contributions to Health Care project . Give at least two examples for your selected section or topic.

Explanation / Answer

a. Asset In the context of ISO 27001 and ISO 27002, an asset is any tangible or intangible thing that has value to an organization. Availability Availability is a characteristic that applies to assets. An asset is available if it is accessible and usable when needed by an authorized entity. In the context of this standard, assets include things like information, systems, facilities, networks, and computers. All of these assets must be available to authorized entities when they need to access or use them. Confidentiality Confidentiality is a characteristic that applies to information. To protect and preserve the confidentiality of information means to ensure that it is not made available or disclosed to unauthorized entities. In this context, entities include both individuals and processes. Control A control is any administrative, management, technical, or legal method that is used to manage risk. Controls are safeguards or countermeasures. Controls include things like practices, policies, procedures, programs, techniques, technologies, guidelines, and organizational structures. Corrective actions Corrective actions are steps that are taken to address existing nonconformities and make improvements. Corrective actions deal with actual nonconformities (problems), ones that have already occurred. They solve existing problems by removing their causes. In general, the corrective action process can be thought of as a problem solving process. Document The term document refers to information and the medium that is used to bring it into existence. Documents can take any form or use any type of medium. The extent of your ISMS documentation will depend on the scope of your ISMS, the complexity of your security requirements, the size of your organization, and the type of activities it carries out. Information processing facility An information processing facility is defined as any system, service, or infrastructure, or any physical location that houses these things. A facility can be either an activity or a place; it can be either tangible or intangible. Information security Information security is all about protecting and preserving information. It

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.