Caution :- this is only for education purpose only,this artical is only to learn how the hackers being hackers.
Information Assurance (IA)
Information Assurance, in short, known as IA, depends upon the components that are Integrity, Availability, Confidentiality, and Authenticity. With the combination of these components, assurance of information and information systems are ensured and protected during the processes, usage, storage, and communication. These components are defined earlier in this chapter.
Apart from these components, some methods and processes also help in the achievement of information assurance such as: –
- Policies and Processes.
- Network Authentication.
- User Authentication.
- Network Vulnerabilities.
- Identifying problems and resources.
- Implementation of a plan for identified requirements.
- Application of information assurance control.
Information Security Management Program
Information Security Management programs are the programs that are specially designed to focus on reducing the risk and vulnerabilities towards information security environment to train the organization and users to work in the less vulnerable state. The Information Security Management is a combined management solution to achieve the required level of information security using well-defined security policies, processes of classification, reporting, and management and standards. The diagram on the next page shows the EC-Council defined Information Security Management Framework: –
Threat Modeling
Threat Modeling is the process or approach to identify, diagnose, and assist the threats and vulnerabilities of the system. It is an approach to risk management which dedicatedly focuses on analyzing the system security and application security against security objectives. This identification of threats and risks helps to focus and take action on an event to achieve the goals. Capturing data of an organization, implementing identification and assessment processes over the captured information to analyze the information that can impact the security of an application. Application overview includes the identification process of an application to determine the trust boundaries and data flow. Decomposition of an application and identification of a threat helped to a detailed review of threats, identification of threat that is breaching the security control. This identification and detailed review of every aspect expose the vulnerabilities and weaknesses of the information security environment.
Enterprise Information Security Architecture (EISA)
Enterprise Information Security Architecture is the combination of requirements and processes that help in determination, investigation, monitoring the structure of behavior of information system. The following are the goals of EISA: –
Network Security Zoning
Managing, deploying an architecture of an organization in different security zones is called Network Security Zoning. These security zones are the set of network devices having a specific security level. Different security zones may have a similar or different security level. Defining different security zones with their security levels helps in monitoring and controlling of inbound and outbound traffic across the network.
Information Security Policies
Information Security Policies are the fundamental and the most dependent component of the information security infrastructure. Fundamental security requirements, conditions, rules are configured to be enforced in an information security policy to secure the organization’s resources. These policies cover the outlines of management, administration and security requirements within an information security architecture.
The basic goals and objectives of the Information Security Policies are: –
- Cover Security requirements and conditions of the organization Protect organizations resources
- Eliminate legal liabilities Minimize the wastage of resources
- Prevent against unauthorized access / modification etc. Minimize the risk
- Information Assurance
Thanks for read this topic and please continue reading.
TechTransFor 
One thought on “Information Security Controls”