This chapter has covered foundational concepts in Information Security. In a nutshell, assets such as physical, hardware, software, information and personnel require protection. Protection of assets is based on CIA requirements. CIA values are determined using risk assessment methods (covered in the next chapter). Information security is ensured through security governance and demonstrated through compliance.
Continued in the next chapter are topics, such as understanding and applying risk management concepts, threat modeling, and establishing business continuity requirements in this first domain.