bcs-ismp-bk-en-GB March 30, 2010 - 08:51 21
1
Information Security Principles
This chapter covers the basic principles of Information Security. It introduces some
specific terminology together with its meaning and definitions and considers the
use of such terminology across the field of Information Assurance management.
It also discusses the way in which Information Assurance management relates to
its environment. This chapter forms about 10 per cent of the CISMP examination
syllabus.
CONCEPTS AND DEFINITIONS
As in any area of business, Information Assurance management has its own
language although, being very closely related to the business need, it is lim-
ited in scope and complexity to enable the wider business population to
appreciate the concepts with little difficulty. Each of the terms listed below
will be further discussed and expanded upon later in the book in the appro-
priate section.
In the following sections the definitions in italics have been taken from
the General Information Assurance Products and Services Initiative (GIPSI)
Security Glossary and Terminology Definitions where available. GIPSI have
taken the definitions from BS ISO/IEC 27001:2005 where the definition exists,
from ISO/IEC FDIS 13335-1 or ISO/IEC 17799 when no 27001 definition is
available, from other ISO standards where there was no 27001, 17799 or
13335 definition, and from SC27 or SD6 where ISO standards provide no
definition. Where there is no extant definition this is provided by the Central
Sponsor for Information Assurance (CSIA) or the authors with its source
where applicable.
LEARNING OUTCOMES
Following study in this area, the reader should be able to define and explain
each of the following terms and to describe their appropriate use as applic-
able.
Information Security
Confidentiality. The property that information is not made available or
disclosed to unauthorised individuals, entities or processes (ISO 13335)
Information will often be applicable only to a limited number of individuals
because of its nature, its content or because its wider distribution will result
1

Get Information Security Management Principles now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.