Chapter 1. Information Security Essentials

OBJECTIVES

This chapter covers the following TruSecure-specified objectives for The Internet Certified Security Associate (TICSA) exam:

Define, specify, or identify examples of Essential Security Practices.

• The purpose of this objective is to understand the basic foundations of information security and how they can be applied to your organization.

Identify or explain examples of risk management fundamentals and the basic tenets of security.

• The purpose of this objective is to understand security risks, how to identify them, and the various methods of managing risks.

Identify the basic security issues associated with system/network design and configuration.

• The purpose of this objective is to understand what is involved in the integration of security controls in network and system designs.

Identify, specify, or describe good host- and network-based security fundamentals.

• The purpose of this objective is to explore the differences between host- and network-based security controls and how to implement “best security practices.”

OUTLINE

Introduction 15

Understanding the Need for Security Controls 15

Data Protection 19

Basic Security Threats and Principles 20

Controlling Access to Data 21

Comparing Computer and Network Security 22

Where Attacks Can Come From 22

The Motivation Behind These Attacks 23

Security Attack Categories 23

Assessing and Valuing Security 24

Identifying the Elements of Security 25

Understanding Security Trade-Offs and Drawbacks 28

STUDY STRATEGIES

• TruSecure's TICSA certification is an entry-level security credential--keep this in mind when reviewing the material in this book and preparing for your test. You'll be expected to know basic information about a wide variety of security topics. Don't obsess over advanced topics such as the inner workings of cryptographic algorithms or the niceties of computer law. These are covered by more advanced certifications, such as the CISSP credential.