Persian Persian

Information Security

Protecting the company and its assets Management of Risks | Offering a solution | Information classification | Security agency Security training

Information security means the protection of information and information systems from unauthorized access, use, disclosure, disturbance, modification or destruction.

Information security management is the process of defining security controls to protect information assets. The first action of a management plan to enforce information security is to have a security program.

The general principles of information security:

The three basic principles of security are availability, integrity and confidentiality, and typically referred to as the Triple CIA or AIA, which are also the main purpose of any security program. The level of security required to fulfill these principles for each The company is different, because each has a unique combination of goals and business requirements and security.

Security Plan Objectives:

  • Protecting the company and its assets
  • Managing risks by identifying assets, detecting threats and estimating risks
  • Provide a solution for security activities by building information security policies, methods, standards, guidelines and policies.
  • classification of information
  • Security Organization
  • Security training

Security controls:

Security controls can be categorized into three groups:

Administrative controls that include:

  • Develop and publish policies, standards, procedures and guidelines.
  • Show employees
  • Guiding Security Awareness Training
  • Implementation of change control methods.

Technical and logical controls that include:

  • Implementation and maintenance of access control mechanisms.
  • Password and resource management
  • Identification and authentication method
  • Security devices and
  • Configuring Infrastructure.

Physical controls include:

  • Personal access control to various facilities and offices
  • Lock systems and remove floppy or unnecessary CD-ROMs
  • Protecting the factory environment
  • Supervision for penetration and
  • Environmental control

Security elements:

Vulnerability:

  • This is the weakness of the software, hardware, or procedure that may be provided to an attacker by the open source for someone who seeks to enter a computer or network and have unauthorized access to resources in the environment.
  • A vulnerability indicates a lack or weakness of protection that can be exploited.
  • For example: a service running on a server, unwanted applications or operating system software, access to unlimited modem dialing, open ports in the firewall, physical insecurity, etc.

 

Threat:

  • Any potential risk to information or systems.
  • The threat is a possibility that someone (individual, S / W) identifies and exploits the vulnerability.
  • An institution that uses vulnerability is known as a threat factor. For example: A threat agent can be an intruder to access the network through a port in the firewall

 

Risk:

  • The risk of this is likely to be a threat factor from the vulnerability and business-related impacts.
  • Reduce vulnerability and / or reduce risk
  • For example: If the firewall has multiple open ports, it is more likely that an attacker will use one to access the network in an unauthorized manner.

 

Exposure:

  • Exposure to an instance of exposure to damage from the threat agent.
  • The vulnerability of an organization is subject to potential damage.
  • For example: If password management is weak and password rules are not mandatory, the company is subject to the possibility of having user passwords used in an unauthorized manner.

 

Coping or Protection:

  • This is a S / W or h / w program or setting, or a method that reduces the risk.
  • For example: strong password management, a security guard, an access control mechanism in an operating system, implementation of basic input / output systems (BIOS) and security awareness training.

 

Relationship between security elements:

  • For example: If a company has anti-virus software, but it does not keep the virus up to date, it’s a vulnerability. The company is vulnerable to virus attacks.
  • The threat is that a virus will appear in the environment and disrupt production.
  • The risk of developing and controlling the virus in the environment is risk.
  • If a virus infiltrates the environment, the vulnerability is exploited and the company is exposed.
  • Mutual actions in this situation are update signs and installation of antivirus software on computers.
  • Threat to threats leads to vulnerability

It can damage assets and cause exposure through protection.

Security controls:

Security controls can be categorized into three groups:

Administrative controls that include:

  • Develop and publish policies, standards, procedures and guidelines.
  • Show employees
  • Guiding Security Awareness Training
  • Implementation of change control methods.

Technical and logical controls that include:

  • Implementation and maintenance of access control mechanisms.
  • Password and resource management
  • Identification and authentication method
  • Security devices and
  • Configuring Infrastructure.

Physical controls include:

  • Personal access control to various facilities and offices
  • Lock systems and remove floppy or unnecessary CD-ROMs
  • Protecting the factory environment
  • Supervision for penetration and
  • Environmental control

Security elements:

Vulnerability:

  • This is the weakness of the software, hardware, or procedure that may be provided to an attacker by the open source for someone who seeks to enter a computer or network and have unauthorized access to resources in the environment.
  • A vulnerability indicates a lack or weakness of protection that can be exploited.
  • For example: a service running on a server, unwanted applications or operating system software, access to unlimited modem dialing, open ports in the firewall, physical insecurity, etc.

 

Threat:

  • Any potential risk to information or systems.
  • The threat is a possibility that someone (individual, S / W) identifies and exploits the vulnerability.
  • An institution that uses vulnerability is known as a threat factor. For example: A threat agent can be an intruder to access the network through a port in the firewall

 

Risk:

  • The risk of this is likely to be a threat factor from the vulnerability and business-related impacts.
  • Reduce vulnerability and / or reduce risk
  • For example: If the firewall has multiple open ports, it is more likely that an attacker will use one to access the network in an unauthorized manner.

 

Exposure:

  • Exposure to an instance of exposure to damage from the threat agent.
  • The vulnerability of an organization is subject to potential damage.
  • For example: If password management is weak and password rules are not mandatory, the company is subject to the possibility of having user passwords used in an unauthorized manner.

 

Coping or Protection:

  • This is a S / W or h / w program or setting, or a method that reduces the risk.
  • For example: strong password management, a security guard, an access control mechanism in an operating system, implementation of basic input / output systems (BIOS) and security awareness training.

 

Relationship between security elements:

  • For example: If a company has anti-virus software, but it does not keep the virus up to date, it’s a vulnerability. The company is vulnerable to virus attacks.
  • The threat is that a virus will appear in the environment and disrupt production.
  • The risk of developing and controlling the virus in the environment is risk.
  • If a virus infiltrates the environment, the vulnerability is exploited and the company is exposed.
  • Mutual actions in this situation are update signs and installation of antivirus software on computers.
  • Threat to threats leads to vulnerability

It can damage assets and cause exposure through protection.

  • Security controls:Security controls can be categorized into three groups:

    Administrative controls that include:

    • Develop and publish policies, standards, procedures and guidelines.
    • Show employees
    • Guiding Security Awareness Training
    • Implementation of change control methods.

    Technical and logical controls that include:

    • Implementation and maintenance of access control mechanisms.
    • Password and resource management
    • Identification and authentication method
    • Security devices and
    • Configuring Infrastructure.

    Physical controls include:

    • Personal access control to various facilities and offices
    • Lock systems and remove floppy or unnecessary CD-ROMs
    • Protecting the factory environment
    • Supervision for penetration and
    • Environmental control

    Security elements:

    Vulnerability:

    • This is the weakness of the software, hardware, or procedure that may be provided to an attacker by the open source for someone who seeks to enter a computer or network and have unauthorized access to resources in the environment.
    • A vulnerability indicates a lack or weakness of protection that can be exploited.
    • For example: a service running on a server, unwanted applications or operating system software, access to unlimited modem dialing, open ports in the firewall, physical insecurity, etc.

     

    Threat:

    • Any potential risk to information or systems.
    • The threat is a possibility that someone (individual, S / W) identifies and exploits the vulnerability.
    • An institution that uses vulnerability is known as a threat factor. For example: A threat agent can be an intruder to access the network through a port in the firewall

     

    Risk:

    • The risk of this is likely to be a threat factor from the vulnerability and business-related impacts.
    • Reduce vulnerability and / or reduce risk
    • For example: If the firewall has multiple open ports, it is more likely that an attacker will use one to access the network in an unauthorized manner.

     

    Exposure:

    • Exposure to an instance of exposure to damage from the threat agent.
    • The vulnerability of an organization is subject to potential damage.
    • For example: If password management is weak and password rules are not mandatory, the company is subject to the possibility of having user passwords used in an unauthorized manner.

     

    Coping or Protection:

    • This is a S / W or h / w program or setting, or a method that reduces the risk.
    • For example: strong password management, a security guard, an access control mechanism in an operating system, implementation of basic input / output systems (BIOS) and security awareness training.

     

    Relationship between security elements:

    • For example: If a company has anti-virus software, but it does not keep the virus up to date, it’s a vulnerability. The company is vulnerable to virus attacks.
    • The threat is that a virus will appear in the environment and disrupt production.
    • The risk of developing and controlling the virus in the environment is risk.
    • If a virus infiltrates the environment, the vulnerability is exploited and the company is exposed.
    • Mutual actions in this situation are update signs and installation of antivirus software on computers.
    • Threat to threats leads to vulnerability

    It can damage assets and cause exposure through protection.