Security and Risk Management
This chapter presents the following:
• Security terminology and principles
• Protection control types
• Security frameworks, models, standards, and best practices
• Computer laws and crimes
• Intellectual property
• Data breaches
• Risk management
• Threat modeling
• Business continuity and disaster recovery
• Personnel security
• Security governance
The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards—and even then I have my doubts.
—Eugene H. Spafford
In reality, organizations have many other things to do than practice security. Businesses exist to make money. Most nonprofit organizations exist to offer ...