Today we've revised some of the main concepts in the domain "Information Security and Risk Management".
In a nutshell, preserving CIA of information assets is the core focus of information security, while risk management focuses on the ways to maintain this core focus. Security management is based on robust and established practices. Controls are necessary to establish and maintain security, and international standards and guidelines are available to be used as a best practice specification for a suitable control environment. Finally, we've observed that asset classification and the related controls are important to establish suitable confidentiality, integrity, and availability levels for the assets and to establish necessary controls.
Tomorrow we'll focus on the importance of training and awareness and its role in information security management. We'll also focus our attention on some of the important concepts in risk management practices that are prevalent in the industry.