Understand the security concepts of information assurance.

Domain 1 – Security Principles

Welcome to Domain 1: Security Principles!

This domain is crucial, as it forms the foundation for all our topics. A quarter of the exam questions will be based on this domain, making it the most significant area to focus on.

In this lesson, we’ll start by understanding the differences between three key terms:

  1. Information Security;
  2. Information Technology Security;
  3. And Cybersecurity;

Once we’ve grasped these concepts, we’ll dive into the importance of the CIA Triad (Confidentiality, Integrity, and Availability) in security. So, let’s get started!

In this Domain 1: Security Principles section, we’ll delve deeper into some essential topics.

Firstly, we’ll explore the importance of ensuring:

  1. Privacy Protection;
  2. Honesty;
  3. And Accessibility;

We’ll then dive into the risk management model, focusing on the concept of ‘privacy’. Our next stop will be to understand the various types and categories of access control, after which we’ll talk about the moral standards upheld by our organisation.

Furthermore, it’s crucial to differentiate between ‘management’ and ‘governance’. We’ll clarify this distinction to ensure you have a solid grasp of it.

Lastly, we’ll navigate through some vital laws and international treaties. This will set the stage for our exploration into the governance of organisational information security.

Information Security protects information from unauthorised access, use, disclosure, disruption, modification, or destruction. This term is broad and encompasses various forms of information, be it digital, print, or other formats.

IT Security, on the other hand, is more specific. It’s about safeguarding information systems from any interference due to unauthorised access or damage to the hardware, software, or information they contain.

Lastly, Cybersecurity protects digital data and systems from cyber threats, such as hackers, malware, and phishing attacks. It’s a specialised area within IT security that deals with threats originating from the Internet.

Scroll to Top