web analytics

An Introduction to Information Security

1.1 Purpose
This publication serves as a starting-point for those new to information security as well as those unfamiliar with NIST information security publications and guidelines. The intent of this special publication is to provide a high-level overview of information security principles by introducing related concepts and the security control families (as defined in NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations) that organizations can leverage to effectively secure their systems 1 and information. To better understand the meaning and intent of the security control families described later, this publication begins by familiarizing the reader with various information security principles.

After the introduction of these security principles, the publication provides detailed descriptions of multiple security control families as well as the benefits of each control family. The point is not to impose requirements on organizations, but to explore available techniques for applying a specific control family to an organization’s system and to explain the benefit(s) of employing the selected controls.

Since this publication provides an introduction to information security, detailed steps as to how security controls are implemented or how to check for security control effectiveness are not included. Rather, separate publications that may provide more detailed information about a specific topic will be noted as a reference.

1.2 Intended Audience
The target audience for this publication are those new to the information security principles and tenets needed to protect information and systems in a way that is commensurate with risk. This publication provides a basic foundation of concepts and ideas to any person tasked with or interested in understanding how to secure systems.

For that reason, this publication is a good resource for anyone seeking a better understanding of information security basics or a high-level view on the topic. The tips and techniques described in this publication may be applied to any type of information or system in any type of organization. While there may be differences in the way federal organizations, academia, and the private sector process, store, and disseminate information within their respective systems, the basic principles of information security are applicable to all.

An-Introduction-to-Information-SecurityDownload
LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Joas Antonio
Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio
Guide for Multi-Cloud Read Team...
CISO2CISO Notepad Series
The sqreen DevSecOps Security Checklist
The sqreen DevSecOps Security Checklist
HADESS
DevSecOps Guides – Comprehensive resource for integrating security into the software development by HADESS
DevSecOps Guides – Comprehensive resource...
Splunk
81 Siem Very important Use Cases for your SOC by SPLUNK
81 Siem Very important Use...
NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
RedHat
State of Kubernetes Security Report 2022 by RedHat
State of Kubernetes Security Report...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...
Forrester - Allie Mellen
Adapt Or Die: XDR Is On A Collision Course With SIEM And SOAR – EDR Is Dead, Long Live XDR by Allie Mellen – Forrester
Adapt Or Die: XDR Is...
CYBER LEADERSHIP INTITUTE
CISO PLAYBOOK: FIRST 100 DAYS Setting the CISO up for success
CISO PLAYBOOK: FIRST 100 DAYS...

LASTEST PUBLISHED POSTS

O push
Preview SaaS Attacks Report
Preview SaaS Attacks Report
Australian Government
Essential Eight Maturity Model Nov 2023
Essential Eight Maturity Model Nov...
HEIDRICK & STRUGGLES
2023 Global Chief Information Security Officer Survey
2023 Global Chief Information Security...
Verizon
DBIR2023 Data BreachInvestigations Report
DBIR2023 Data BreachInvestigations Report
comunidad.thehackerway.es thehackerway.es
15 Scripts NSE Disponibles en Nmap
15 Scripts NSE Disponibles en...
InstaSafe
8 TACKLINGCHALLENGESIN CYBERTHREATINTELLIGENCE
8 TACKLINGCHALLENGESIN CYBERTHREATINTELLIGENCE
whitepaper
7 STEPS TO IMPROVEOT CYBERSECURITYHow to secure access to your OT environment
7 STEPS TO IMPROVEOT CYBERSECURITYHow...
ANDY BROWN & HELMUTH LUDWIG
Cybersecurity: Seven Steps for Boards of Directors
Cybersecurity: Seven Steps for Boards...
Lumiverse Solutions
5G The Next Generation of Cyber Security Risks
5G The Next Generation of...
Wiley Brand for Dummies
Securing APIs for Dummies by Noname Security
Securing APIs for Dummies by...
Sally
The role of Intelligence in Cybersecurity
The role of Intelligence in...
AKITRA
The Most Common Cyber Threats That Businesses Are Facing in 2023
The Most Common Cyber Threats...

More Latest Published Posts

FORTINET
2023 State of Operational Technology and Cybersecurity Report
2023 State of Operational Technology and Cybersecurity Report
Governor Kathy Hochul
NEW YORK STATE CYBERSECURITY STRATEGY AUGUST 2023
NEW YORK STATE CYBERSECURITY STRATEGY AUGUST 2023
Simulated PhishingEducationalCampaign Guide
Simulated PhishingEducationalCampaign Guide
LUMU
Decision Making in Cybersecurity
Decision Making in Cybersecurity
HADESS
DevSecOps Checklists
DevSecOps Checklists
ENISA-EUROPA
DIGITAL IDENTITY STANDARDS
DIGITAL IDENTITY STANDARDS
Lawrence Miller for Dummies
Data Leakage FOR DUMMIES
Data Leakage FOR DUMMIES
DNS Incident Response
DNS Incident Response
DNS Incident Response
REMORA
EMAIL, YOUR CYBER SECURITY FRONTLINE
EMAIL, YOUR CYBER SECURITY FRONTLINE
ICS Security Engineer
Industrial Control Systems: Engineering Foundations and Cyber-Physical Attack Lifecycle
Industrial Control Systems: Engineering Foundations and Cyber-Physical Attack Lifecycle
CDPSE
ESTABLISHING CYBER THREAT INTELLIGENCE
ESTABLISHING CYBER THREAT INTELLIGENCE
Poder Ejecutivo Nacional
ESTRATEGIA NACIONAL DE CIBERSEGURIDAD DE LA REPÚBLICA ARGENTINA
ESTRATEGIA NACIONAL DE CIBERSEGURIDAD DE LA REPÚBLICA ARGENTINA
SEPIO
TEST RESULTSON SOME ATTACKS LEVERAGING ROGUE DEVICES SUCH AS POPULAR HACKING AND PEN-TEST TOOLS
TEST RESULTSON SOME ATTACKS LEVERAGING ROGUE DEVICES SUCH AS POPULAR HACKING AND PEN-TEST TOOLS
CSC 2.0
Full Steam Ahead: Enhancing Maritime Cybersecurity
Full Steam Ahead: Enhancing Maritime Cybersecurity
CR Security Planner
Future of Memory Safety
Future of Memory Safety
Data Protection Commission
GDPR CASE STUDIES
GDPR CASE STUDIES
GDPR compliance
GDPR Compliance Project Initiation Document
GDPR Compliance Project Initiation Document
Congressional Research Service
Generative Artificial Intelligence and Data Privacy: A Primer
Generative Artificial Intelligence and Data Privacy: A Primer
OWASP
Go Language Guide
Go Language Guide
Akamai Guardicore
MITIGACIÓN DE RIESGOS, PREVENCIÓN Y NEUTRALIZACIÓN DE LAS INTRUSIONES
MITIGACIÓN DE RIESGOS, PREVENCIÓN Y NEUTRALIZACIÓN DE LAS INTRUSIONES
CCN Español
Guía de configuración segura para AWS
Guía de configuración segura para AWS
isms Forum
Guía de iniciación en la Seguridad aplicada al DevOps
Guía de iniciación en la Seguridad aplicada al DevOps
ANSI
CHARTE D’UTILISATION DES MOYENS INFORMATIQUES ET DES OUTILS NUMÉRIQUES
CHARTE D’UTILISATION DES MOYENS INFORMATIQUES ET DES OUTILS NUMÉRIQUES
Ministerio del Interior España
GUIDE ON SECURITY CONTROLS IN OT SYSTEMS
GUIDE ON SECURITY CONTROLS IN OT SYSTEMS
CertiKit
A 10 step guide to implementing an ISO 27001 Information Security Management System (ISMS)
A 10 step guide to implementing an ISO 27001 Information Security Management System (ISMS)
Interpol
GUIDELINES FOR DIGITAL FORENSICS FIRST RESPONDERS
GUIDELINES FOR DIGITAL FORENSICS FIRST RESPONDERS
CERTIN
Guidelines for Secure Application Design, Development, Implementation & Operations
Guidelines for Secure Application Design, Development, Implementation & Operations
Hacking with Go
Hacking with Go