[SOUND] Welcome to the businesses cyber security. I'm Dr. Herb Mattord, textbook author, and the instructor for this course. This is the first module of a multipart course in which we will looked at issues specific to the management of information security in a typical organization. [SOUND] Information security and cyber security are not precisely the same. The usage of these terms is evolving. [SOUND] Information security is concerned with the protection of information assets while information is being stored, transmitted or processed. Cyber security involves those things [SOUND] when done in a cybernetic or computer context. So information security has a little broader context. But for our purposes, as we explore how managing these processes occurs, we can consider them to be very similar. Security programs typically focus on two components that are designed to work together. The managerial function is responsible for the administration of security. That's the planning, the implementing, monitoring and then improving it. The technical function focuses on those hardware, software and networking components that are used to build and maintain security solutions. Information technology is the vehicle that stores and transports information between business units and an organization. Originally, the field of computer security was concerned with protecting the computer hardware. So why? Because at that time, computers were the most valuable component. In addition, before networking became common, protecting the computer also protected all of the data on the computer. Physical access to the computer could control for many of the risk that we encounter. Now, with networking, everyone uses the information has a role and importantly, the managers of that information are the ones responsible for its security. What is security? In general, security is defined as the quality or state of being free from danger. When we talk about security, there are number of specialized areas of security. That would include things like physical security, data security, communication security, cyber or computer security, and then network security. We've already talked about the term cyber security. Information security is the protection of information and its critical elements when stored, processed, or transmitted. Cyber security is the protection when computer systems are involved, Aa increasingly likely situation today. We protect information through the application of three components, and that's policy, training and awareness programs and technologies. Policy, programs, technologies. Confidentiality, integrity, and availability have been commonly referred to as the CIA triangle or triad. These concepts have been around since the beginning of computer security. We consider them to be the founding trilogy of security. >> Three main cyber security principles for any type of security control are referred to as the CIA principle. [SOUND] [MUSIC] No, not this guy. CIA stands for confidentiality, integrity and availabilit. Confidentiality, a property that information is not disclosed to users, processes or devices unless they have been authorized to access the information. Integrity, a property whereby information has not been modified or destroyed in an unauthorized manner. Availability, the property of being accessible. [MUSIC] [SOUND] >> The model was developed to allow an organization to examine its security approach and determine if there were any gross weaknesses in its protection. You can view the overlapping areas of information security as shown here. In this building, management of information security provides a capstone for the various approaches to security. It's built on a foundation of the protection of confidentiality, integrity and availability. Management incorporates a concept called governance, which is the elevation of security management to the senior executive level. Or even the board of director's level for the organization. Management is responsible for developing policy that is applied to network, computer and data security. [SOUND] Thanks for your attention, and let's get started learning more about the management of cyber security. [SOUND]
