IT Examiner School eBook May 2025

Information Security Framework & Risk Assessment

Internal Use Only

Information Security/Risk Assessment Learning Objectives

Principles of Information Security • Foundational concepts of Confidentiality, Integrity, and Availability (CIA), along with key terms that are essential for understanding information security. Information Security Program Frameworks • Covering NIST CSF, ISO/IEC 27001, and CIS Controls Information Security Program • Overview of policies, procedures, and technologies for protecting information assets. Risk Assessment • Highlighting its role in identifying risks and guiding security controls. GLBA Requirements • Explanation of the Safeguards Rule, Privacy Rule, and Pretexting Provisions.