GoogleCybersecurityCertificate
This section introduces specific frameworks and controls used to minimize risks and protect users.
The CIA Triad
A foundational model for considering risk when establishing systems and security policies.
- Confidentiality: Only authorized users can access data. This is ensured through strict access controls.
- Integrity: Data is correct, authentic, and reliable. Encryption helps maintain integrity.
- Availability: Authorized users can access data when needed.
Asset
An item of value to an organization, determined by its associated cost. High-value assets (e.g., applications storing sensitive data) require tighter security controls than low-value assets (e.g., a public news website).
NIST Cybersecurity Framework (NIST CSF)
A voluntary framework from the National Institute of Standards and Technology (NIST) consisting of standards, guidelines, and best practices for managing cybersecurity risk. Security teams use it as a baseline for managing short and long-term risk. It’s crucial for mitigating risks and protecting organizational assets from threat actors, including insider threats (e.g., disgruntled employees). A diverse security team is important for understanding the motivations of various threat actors.