This webpage contains introductory information about cybersecurity principles, concepts, policies, standards, and frameworks.
The CIA Triad
Information Security is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. The core pillars of information security are Confidentiality, Integrity, and Availability. These three elements form the basis in developing information security policies within an organization.
- Confidentiality: the characteristic of information that is not made available or disclosed to unauthorized individuals, entities, or processes.
- Integrity: the characteristic of information that is accurate and complete throughout the data life cycle.
- Availability: the characteristic of information that is where it should be when it should be there so it can be processed and transmitted when needed.
NIST Cybersecurity Framework
The NIST Cybersecurity Framework is used to assess and mature cybersecurity programs and capabilities to prevent, detect, and respond to cyber incidents.
- Identify: Develop an organizational understanding to manage cybersecurity risk to people, processes, and technology.
- Protect: Develop and implement appropriate safeguards to ensure delivery of critical services.
- Detect: Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
- Respond: Develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
- Recover: Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
Threats, Vulnerabilities, and Risks
We protect the State of Montana's assets from threats by minimizing risks and mitigating vulnerabilities.
- Asset: Assets are the people, processes, and technology that need to be protected so the business can meet its objectives.
- Threat: Threats are the things we protect against, they can exploit a vulnerability to damage or destroy an asset.
- Vulnerability: Vulnerabilities are the weaknesses that are exploited by threats to harm an organization's assets.
- Risk: A Risk is the total loss of an asset if a threat successfully exploited a vulnerability.