CAB240 Lecture Notes - Lecture 2: Information Security, Lost And Found, Physical Security

Information is an important asset for individuals and organisations. Information security is about protecting information assets from damage or harm. For particular assets, security goals may be: confidentiality, availability. Set of circumstances with the potential to cause harm to an asset by compromising security goals: potential cause of an undesirable event resulting in harm. Vulnerability: characteristic of a weakness in a system that could, if acted on by a threat, result in harm to asset. Security incident: occurs when threats and vulnerabilities coincide, attack: when vulnerabilities are deliberately exploited. Consider threats and vulnerabilities for all components and interactions: Threats: threat sources, external: from outside of the organisation. Includes people who are not authorised to use the systems: organised criminal groups, commercial competitor, political activist, etc, may need access to assets in order to cause harm, physical and or logical access.