Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized/inappropriate access to data, or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g. electronic or physical, tangible or intangible. Information security's primary focus is the balanced protection of the confidentiality, integrity, and availability of data while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a structured risk management process that involves:
The National Communications System (NCS) was an office within the United States Department of Homeland Security charged with enabling national security and emergency preparedness communications using the national telecommunications system. The NCS was disbanded by Executive Order 13618 on July 6, 2012.
The North American Electric Reliability Corporation (NERC) is a nonprofit corporation based in Atlanta, Georgia, and formed on March 28, 2006, as the successor to the North American Electric Reliability Council. The original NERC was formed on June 1, 1968, by the electric utility industry to promote the reliability and adequacy of bulk power transmission in the electric utility systems of North America. NERC's mission states that it is to "ensure the reliability of the North American bulk power system."
InfraGard is a non-profit organization serving as a public-private partnership between U.S. businesses and the Federal Bureau of Investigation. The organization is an information sharing and analysis effort serving the interests, and combining the knowledge base of, a wide range of private sector and government members. InfraGard is an association of individuals that facilitates information sharing and intelligence between businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to prevent hostile acts against the United States. InfraGard's mutual nondisclosure agreements among its members (individuals) and the FBI promotes trusted discussions of vulnerabilities and solutions that companies and individuals may be hesitant to place in the public domain and provide access to additional threat information from the FBI.
The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. Formed from the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System, NCSD opened on June 6, 2003. The NCSD mission is to collaborate with the private sector, government, military, and intelligence stakeholders to conduct risk assessments and mitigate vulnerabilities and threats to information technology assets and activities affecting the operation of the civilian government and private sector critical cyber infrastructures. NCSD also provides cyber threat and vulnerability analysis, early warning, and incident response assistance for public and private sector constituents. NCSD carries out the majority of DHS’ responsibilities under the Comprehensive National Cybersecurity Initiative. The FY 2011 budget request for NCSD is $378.744 million and includes 342 federal positions. The current director of the NCSD is John Streufert, former chief information security officer (CISO) for the United States Department of State, who assumed the position in January 2012.
A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. There are numerous measures available to prevent cyberattacks.
The National Infrastructure Protection Plan (NIPP) is a document called for by Homeland Security Presidential Directive 7, which aims to unify Critical Infrastructure and Key Resource (CIKR) protection efforts across the country. The latest version of the plan was produced in 2013 The NIPP's goals are to protect critical infrastructure and key resources and ensure resiliency. It is generally considered unwieldy and not an actual plan to be carried out in an emergency, but it is useful as a mechanism for developing coordination between government and the private sector. The NIPP is based on the model laid out in the 1998 Presidential Decision Directive-63, which identified critical sectors of the economy and tasked relevant government agencies to work with them on sharing information and on strengthening responses to attack.
Critical infrastructure protection (CIP) is a concept that relates to the preparedness and response to serious incidents that involve the critical infrastructure of a region or nation.
Information technology risk, IT risk, IT-related risk, or cyber risk is any risk related to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.
Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services, or to make payment to another account which is controlled by a criminal. The Payment Card Industry Data Security Standard is the data security standard created to help businesses process card payments securely and reduce card fraud.
The National Cybersecurity Center (NCC) is a national-level nonprofit organization located in Colorado Springs, Colorado providing collaborative cybersecurity knowledge and services to the nation.
Presidential Decision Directive 62 (PDD-62), titled Combating Terrorism, was a Presidential Decision Directive (PDD), signed on May 22, 1998 by President Bill Clinton. It identified the fight against terrorism a top national security priority.
The Department of Defense Cyber Crime Center (DC3) is designated as a Federal Cyber Center by National Security Presidential Directive 54/Homeland Security Presidential Directive 23, as a Department of Defense (DoD) center of excellence for Digital and Multimedia (D/MM) forensics by DoD Directive 5505.13E, and serves as the operational focal point for the Defense Industrial Base (DIB) Cybersecurity program. DC3 operates as a Field Operating Agency (FOA) under the Inspector General of the Department of the Air Force.
An Internet kill switch is a countermeasure concept of activating a single shut off mechanism for all Internet traffic.
The National Cybersecurity and Critical Infrastructure Protection Act of 2013 is a bill that would amend the Homeland Security Act of 2002 to require the Secretary of the Department of Homeland Security (DHS) to conduct cybersecurity activities on behalf of the federal government and would codify the role of DHS in preventing and responding to cybersecurity incidents involving the Information Technology (IT) systems of federal civilian agencies and critical infrastructure in the United States.
Financial technology is the technology and innovation that aims to compete with traditional financial methods in the delivery of financial services. It is an emerging industry that uses technology to improve activities in finance. The use of smartphones for mobile banking, investing, borrowing services, and cryptocurrency are examples of technologies aiming to make financial services more accessible to the general public. Financial technology companies consist of both startups and established financial institutions and technology companies trying to replace or enhance the usage of financial services provided by existing financial companies.
An Information Sharing and Analysis Center or (ISAC) is a nonprofit organization that provides a central resource for gathering information on cyber threats to critical infrastructure and providing two-way sharing of information between the private and public sector.
The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), also known as the New Jersey Office of Homeland Security and Preparedness' (NJOHSP) Division of Cybersecurity, is the first American state-level information sharing and analysis organization in the United States that exchanges cyber threat intelligence and conducts incident response for governments, businesses, and citizens in New Jersey. Located at NJ’s Regional Operations and Intelligence Center (ROIC), and acting in a cyber fusion center capacity the NJCCIC is composed of staff from NJOHSP, the NJ Office of Information Technology, and the NJ State Police. The NJCCIC's nomenclature is derived from its federal counterpart, the National Cybersecurity and Communications Integration Center, which encompasses the U.S. Department of Homeland Security's Computer Emergency Readiness Team (US-CERT).
Intelligence Community Directive 301 is a United States Intelligence Community Directive issued in 2006 to push emphasis on making open source intelligence the source of first resort among the intelligence community. The 9/11 terrorist attacks drove this directive forward as there was a call for many intelligence disciplines to work collectively on assessing and predicting threats to the United States. Intelligence Community Directive 301 outlined responsibilities and established policies on the intelligence community regarding open source intelligence activities.
The Center for Internet Security (CIS) is a 501(c)(3) nonprofit organization, formed in October, 2000. Its mission is to make the connected world a safer place by developing, validating, and promoting timely best practice solutions that help people, businesses, and governments protect themselves against pervasive cyber threats. The organization is headquartered in East Greenbush, New York, with members including large corporations, government agencies, and academic institutions.
