Establishing multiple layers of defense is critical to protecting valuable information assets. An effective multilayered defense involves no...
Physical, Procedural, and Technical Controls in Information Security
In this post, I will briefly discuss the three major types or categories of controls that can be used to defend information systems – namely...
Using Multiple Controls or Countermeasures for Information Security
In this post I would like to talk about using multiple controls or countermeasures for information security purposes. To begin, consider a c...
Defending against Attacks on Information Systems
In broad terms, there are six different approaches that can be used to defend information systems against attacks by malicious parties. The ...
Prerequisites for Attacking an Information System
In order for an attack on an information system to succeed, an attacker must possess three specific things: (1) method , (2) opportunity , a...
Harm and the Value of Information Assets
Although in an earlier post I discussed the four types of acts that can cause harm to an information system, here I would like to briefly d...
Types of Information System Attackers
Who are these people who seek to compromise the confidentiality, integrity, or availability of our information assets? Surprisingly, many at...
Understanding Threats to Information Systems
To better understand the various ways in which the confidentiality, integrity, or availability of information assets can be threatened, cons...
Integrity, Availability, and Information Security
In an earlier post , I discussed confidentiality in the context of information security. In this post, I would like to elaborate on the rema...