32 Copyright Goodheart-Willcox Co., Inc. • Pretests and posttests • Vocabulary terms with e-flash cards and matching activities • Self-assessment While studying, look for the activity icon for: Information Security Fundamentals Chapter 2 In Chapter 1, you learned that information assurance is the comprehensive approach to protecting data and assets. There are several core principles that professionals apply to decisions and solutions in order to meet these goals. Secu- rity professionals must analyze all areas of a business to protect against secu- rity threats. This chapter explains how a business can be divided into security domains. Each domain has specifi c security situations. Differences between vulnerabilities and threats are also explored. A signifi - cant threat to data and systems comes from malware. There are many variants to malware. It is important to understand the specifi c threats posed by the different software threats. “Human hacking” is also discussed. This security hack exploits vulnerabilities people unwittingly expose primarily through interactions with people, social media, and websites. Another essential responsibility of security administrators is being aware of governmental and industry regulations. These regulations must be followed in order to protect data confi dentiality and integrity. Chapter Preview Section 2.1 Security Principles Section 2.2 Vulnerabilities and Threats Section 2.3 Legal Requirements