Professional Documents
Culture Documents
Definition of Security
Is a state of well-being of information and infrastructure in which the
possibility of theft, tampering and disruption of information and services is
kept low or tolerable.
Asset:
Is defined as anything that has value to the organization, its business operations and its continuity.
Assets can be of the following types
Information: Any data in whatever format e.g. Intellectual property, personal information
Physical Asset: Any physical object e.g. Desktops, Servers buildings, etc.
Software: applications used to manage, store or process information.
Threat:
Defined as any event or activity that has the potential to cause harm to the asset.
Accidental: Human error, system failure, fire, earthquakes, floods etc. The implications are that
no has voluntarily cause it, some form of mitigation should be in place.
Deliberate: As the name implies, this is intentional and can take the form of hacking, theft,
sabotage etc.
Internal: These can be from within the organization but difficult to identify and may cause
considerable damage. These can come from employees, partners with some level access
in the organization.
Vulnerability:
It is a weakness of an asset that can exploited by or more threats. Often bugs or flaw in a
software or an altogether design flaw, lack of security etc.
Impact: It is the result of an incident caused by a threat which affects an asset. In the context of
business this can be of great or the least concern depending on the value of the asset impacted.
Once that is determined steps should be taken to secure it
Risk: It is defined as the potential that a given threat will exploit vulnerability of an asset and
cause harm to the organization.
Risk = Threat*Vulnerability*Likelihood*Impact