Exam Objectives Notes Lesson 1 CIA or AIC: Confidentially, Integrity, Availibility Information security tasks can be classified as followingThe five functions Identify: Develop security policies and capabilities. Evaluate risks, threats, vulnerabilities and recomment security controls to mitigate them Protect: Procure/develop, install, operate and decommission IT hardware and software assets with security as an embedded requirement... » read more
Finally, we are getting to the point where can analyse risks and act accordingly. This note is about identifying risks, rate them and implement countermeasures for prevention (or not). Risk analysis Before you or your organization is able to analyse any risk, you should declare responsibilities for several actions you need to take during a... » read more
In this note, I am writing about IT security strategies and corresponding concepts. The content will show what a security strategy document contains and how it is maintained. Business strategy Before we jump into the IT security strategy, we need to learn a little more about surrounding strategies. The business strategy can be parted into... » read more
This note shows some methods to manage, display and evaluate security risks in a structured way. PDCA So first we will start with the PDCA cycle. Is a method for continuously improve processes or implement or plan new projects. P: Each process must be planned. It contains regular steps used in project planning. Also, make... » read more
This note aims to explain and provide basic understandings of internal and external security requirements. Additionally, the role of a Security Officer is described, and how they are managing and reviewing dependencies of cyber security. Requirements There are external and internal security requirements, which means that the security and obligations of your organization are dependent... » read more
These are my notes for the common frameworks in cybersecurity for managing information, assessing risks, and IT-Governance. These frameworks are all best practices and standards for small to huge organizations. It is not always required to work with those frameworks. However, to professionally manage Information it is highly recommended. They help you and your organization... » read more
The following article describes the most important laws and regulations in terms of personal data, data rights, and obligations of data holders. Those are described as an "Implementation provision" with an underlying instruction für actions for a more specific description. In general, the board of directory is lawfully required for an ordinary audit of a... » read more
Data security describes certain properties of data during its preparation deployment and processing. ConfidentialityIt must be ensured that only authorized individuals can access data and information. IntegritySaved data is required to have the integrity to ensure that no one tampered with it. Also in software development, the requirement of functions with integrity must be guaranteed... » read more