Section 1.1 Managing Risk

1
commons.wikimedia.org/wiki/File:Database-locked.svg
2
creativecommons.org/licenses/by-sa/3.0
Information security ( infosec) is largely the practice of preventing unauthorized access to data. Unauthorized access is when an actor gains access to data that they do not have the permissions to access. The system is often used in an unintended manner to provide such access. Data has become an increasingly valuable asset and the risks of others having access to data are incredibly high. Because of this, information security typically falls under the risk-management plan of a company and its importance cannot be understated. This is evidenced by the fact that information technology’s (IT) typical role in a company has migrated from a basic service provider to directorships with a seat at the highest decision making table. This is directly due to the fact that IT assets have become the most valuable things many companies own. Guarding these assets and managing the inherent risk of their loss is the job of information security professionals.
Malicious software, also referred to as malware, is often employed to help an attacker gain access to a system. Many types of malicious software exist, but the common thread is that they perform actions that cause harm to a computer system or network. In the case of many attacks, system failure may occur either as an intended (as is the case in Denial of Service (DoS) attacks) or unintended consequence. This means the system will no longer be able to perform its intended purpose. System failure is a serious risk that needs to be managed.
You have attempted 1 of 1 activities on this page.