INFORMATION SECURITY MANAGEMENT

INFORMATION SECURITY MANAGEMENT

Assignment Overview
Security means to be protected from adversaries, from those who would do harm, intentionally or otherwise. The Committee on National Security Systems (CNSS) defines information security as the protection of information and its critical elements.

Availability enables users who need to access information to do so without interference or obstruction and to retrieve that information in the required format.

Accuracy occurs when information is free from mistakes or errors and has the value that the end user expects. If information contains a value different from the user’s expectations due to the intentional or unintentional modification of its content, it is no longer accurate.

Authenticity is the quality or state of being genuine or original, rather than a reproduction or fabrication. Information is authentic when it is the information that was originally created, placed, stored, or transferred.

Confidentiality is the quality or state of preventing disclosure or exposure to unauthorized individuals or systems.

Integrity is the quality or state of being whole, complete, and uncorrupted. The integrity of information is threatened when the information is exposed to corruption, damage, destruction, or other disruption of its authentic state.

Utility is the quality or state of having value for some purpose or end. Information has value when it serves a particular purpose. This means that if information is available, but not in a format meaningful to the end user, it is not useful.

Possession is the quality or state of having ownership or control of some object or item. Information is said to be in one’s possession if one obtains it, independent of format or other characteristics. While a breach of confidentiality always results in a breach of possession, a breach of possession does not always result in a breach of confidentiality.

Module 1 Video

Case Assignment
Discuss the CNSS security model, which has a dimension consisting of the components of confidentiality, integrity, and availability; a second dimension with the components of processing, storage, and transmission; and a third dimension dealing with the components of policy and procedures, technology and education training, and awareness.

Assignment Expectations
Use the CNSS security model to evaluate the protection of information for some organization, club, or class in which you are involved. Using the CNSS model, examine each of the component combinations and discuss how you would address them in your chosen organization. Present your results in a word document using a table to show the security module components and a discussion of how these will be addressed in the organization, club, or class that you selected to discuss.