DATA VS INFORMATION AVAILABILITY

DATA  Availability is the characteristic of

information that enables user access to
 Is any set of characters that is gathered
information without interference or
and translated for some purpose;
obstruction and in a required format.
usually analysis. If data is not put into
Like hardware failures, and system
context, it doesn’t do anything to a
upgrades.
human or computer.
ACCURACY
RAW DATA
 Information has accuracy when it is free
 A collection of facts in a raw or
from mistakes or errors and it has the
unorganized form
value that the end users expects. If
INFORMATION information contains a value different
from the user’s expectations, due to the
 Information is processed, organized and intentional or unintentional
structured data. It provides context for modification of its content, it is no
data and enables decision making. longer accurate.
 Is an asset which, like other important
business assets, has value to an AUTHENTICITY
organization and consequently needs to
 Authentication occurs when a control
be suitably protected.
provides proof that a user possesses the
WHO, WHAT, WHEN, WHERE identity that he or she claims.

 Easier to measure, visualize, and analyze CONFIDENTIALITY

data for a specific purpose.
 Ensures that only those with sufficient
INFORMATION can be: privileges may access certain
information.
 Created
 Stored INTEGRITY
 Destroyed
 Integrity is the quality or state of being
 Processed
whole, complete, and uncorrupted.
 Transmitted
threatened when it is exposed to
 Used
corruption, damage, destruction, or
 Corrupted
other disruption of its authentic state.
 Lost
 Stolen UTILITY
 Printed or written on paper
 Information has value when it serves a
 Stored electronically
particular purpose. This means that if
 Transmitted by post or using electronic
information is available, but not in a
means
format meaningful to the end user, it is
 Shown on corporate videos
not useful. Thus, the value of
 Displayed/published on web
information depends on its utility.
CRITICAL CHARACTERISTICS OF INFORMATION
POSSESION
  The possession of Information security
is the quality or state of having
ownership or control of some object or
item.

CHARACTERISTICS OF DATA QUALITY AND HIGH

QUALITY INFORMATION

 Information cannot be partial or have

details missing
 Mechanisms must be in place to ensure
that new data doesn’t contradict
existing data
 Information must come from a reliable
source of information
 Information must be distinctive and add
value to a database
 Information in a database must be
timely and up to date

KNOWLEDGE AND WISDOM

 Is information that has been processed,

analyzed and interpreted, and can be
used to make decision.

WISDOM

 Is the synthesis of information and

experience in a way that applies
knowledge to real-like situations.

DIKW PYRAMID

 Data
 Information
 Knowledge
 Wisdom

INFORMATION SECURITY

 Information security (InfoSec) is the

protection of important information
 against unauthorized access, disclosure, The Many Areas of Information Security
use, alteration or disruption.
Application security
 It helps ensure that sensitive
organizational data is available to  describes security measures at the
authorized users, remains confidential application level that aim to prevent
and maintains its integrity. data or code within the app from being
 Information security is an umbrella term stolen or hijacked.
that covers an organization's efforts to
protect information. It includes physical (Organization handling customer data, as data
IT asset security, endpoint security, breaches pose significant risks.)
data encryption, network security and Access control
more.
 is a method of guaranteeing that users
IT security are who they say they are and that they
 Is also concerned with protecting have the appropriate access to company
physical and digital IT assets and data data.
centers but does not include protection (Users by verifying various login credentials,
for the storage of paper files and other which can include usernames and passwords,
media. PINs, biometric scans, and security tokens.)
 It focuses on the technology assets
rather than the information itself. Business continuity and disaster recovery
(BCDR or BC/DR)
Cybersecurity
 is a set of processes and techniques
 Focuses on securing digital information used to help an organization recover
systems. The goal is to help protect from a disaster and continue or resume
digital data and assets from routine business operations.
cyberthreats.
(Effective because while the two processes
 While an enormous undertaking, share many steps, there are also key differences
cybersecurity has a narrow scope, as it in how organizations build, implement and test
is not concerned with protecting paper the plans.)
or analog data.
Governance, risk and compliance (GRC)
Data security
 refers to a strategy for managing an
 Is the practice of protecting digital organization's overall governance,
information from unauthorized access, enterprise risk management and
corruption or theft throughout its entire compliance with regulations.
lifecycle.
(Increases the effectiveness of people, business
 It includes the physical security of processes, decision-making, technology,
hardware and storage devices, along facilities and other important business
with administrative and access controls. elements.)
It also covers the logical security of
software applications and organizational Legal, Regulations, Investigations and
policies and procedures. Compliance
  domain addresses ethical behavior and Physical security
compliance with regulatory
 describes security measures that are
frameworks. It includes the investigative
designed to deny unauthorized access
measures and techniques that can be
to facilities, equipment and resources
used to determine if a crime has been
and to protect personnel and property
committed, and methods used to gather
from damage or harm.
evidence.
(Physical security measures complement your
(Legal establishes the
security measures in other areas, such as
frameworks, Regulations are the specific rules
personnel, information handling,
from authorities that must be
communications, and ICT.)
followed, Compliance is the process of meeting
these rules, and Investigations are formal Operations security (OPSEC)
reviews triggered by suspected misconduct to
determine if regulations have been violated and  is a process that identifies critical
what actions to take.) information to determine if friendly
actions can be observed by enemy
Security architecture and design intelligence, determines if information
obtained by adversaries could be
 looks at how information security
interpreted to be useful to them.
controls and safeguards are
implemented in IT systems in order to (prevents sensitive information from getting into
protect the Confidentiality, Integrity, the wrong hands.)
and Availability of the data that are
used, processed, and stored in those Cryptography
systems.  is the study of secure communications
(The proactive practice of embedding security techniques that allow only the sender
into the fundamental structures of IT systems, and intended recipient of a message to
policies, and processes to protect data and view its contents. ... When transmitting
systems from threats) electronic data, the most common use
of cryptography is to encrypt and
Network security decrypt email and other plain-text
messages.
 consists of the policies, processes and
practices adopted to prevent, detect (uses algorithms to obscure information so that
and monitor unauthorized access, only people with the permission and ability to
misuse, modification, or denial of a decrypt it can read it.
computer network and network-
accessible

(Network security is the protection of the

underlying networking infrastructure from
unauthorized access, misuse, or theft. It involves
creating a secure infrastructure for devices,
applications, users, and applications to work in a
secure manner.)