Professional Documents
Culture Documents
INFS1701 3617 T1 2023 LecW7 v2
INFS1701 3617 T1 2023 LecW7 v2
INFS1701 3617 T1 2023 LecW7 v2
Copyright Notice
3
Copyright
• There are some file-sharing websites that specialise in buying and selling academic work to
and from university students.
• If you upload your original work to these websites, and if another student downloads
and presents it as their own either wholly or partially, you might be found guilty of collusion —
even years after graduation.
• These file-sharing websites may also accept purchase of course materials, such as copies
of lecture slides and tutorial handouts. By law, the copyright on course materials, developed by
UNSW staff in the course of their employment, belongs to UNSW. It constitutes copyright
infringement, if not academic misconduct, to trade these materials.
4
Country
Acknowledgement of Country
1. Recap of CIA
3. Incident Response
6
7
Information system-related
security risks are those risks that
arise from the loss of
confidentiality, integrity, or
availability of information or
information systems and reflect
the potential adverse impacts
Confidentiality, Integrity and Availability (CIA)
Vulnerability
Threat Actor
(i.e., the target)
Controls
Threat Threat Action
Consequences (i.e., an attack)
15
https://csrc.nist.gov/CSRC/media/Publications/sp/800-53/rev-
5/final/documents/csf-pf-to-sp800-53r5-mappings.xlsx
NIST SP 800-53 Rev. 5
Source: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
Source: https://www.itgovernanceusa.com/iso27002
Categories of Security Controls
Mapping of NIST SP 800-53, Revision 5, Security and Privacy Controls for Information
Systems and Organisations to ISO/IEC 27001:2013, Information technology–Security
techniques–Information security management systems–Requirement
https://csrc.nist.gov/CSRC/media/Publications/sp/800-53/rev-
5/final/documents/sp800-53r5-to-iso-27001-mapping.docx
22
Source: petcare.com.au
Reference
NIST Special Publication 800-53 Rev. 5 Security and Privacy Controls for Information Systems and Organizations
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
The ISO 27002 Standard - Code of practice for information security controls
https://www.itgovernanceusa.com/iso27002
24