Information security (InfoSec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage.
Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.
The risks to these assets can be calculated by analysis of the following issues:
- Threats to your assets: These are unwanted events that could cause the deliberate or accidental loss, damage or misuse of the assets
- Vulnerabilities: How susceptible your assets are to attack
- Impact: The magnitude of the potential loss or the seriousness of the event.
Information Security Management always correlates to the implementation of an Information Security Management Systems (ISMS). Any kind of management within an organization, which deals with security-related issues should incorporate an Information Security Management System (ISMS) in order to secure business information and to maintain the information environment. Organisations which adapt the holistic approach of management information security obtain an advantage due to the fact that (ISMS) assure the trustworthiness of an organization's information security arrangement by other organizations.
Factors to establish Information Security Management System (ISMS):
o Policies o Standards o Guidelines o Codes-of-practice o Human issues o Ethical issues o Technological issues
These processes are required to be implemented and addressed in ISMS to manage Information Technology security. It is significant to improve strategies within ISMS steadily. Activities such as defining the information security needs, measuring the results and implementing the strategies could be implemented actions to ensure the maintenance. Information Technology security (IT) are specified by the IOS 7498-2 standard. (ISO 2002)
Five aspects of Information Technology (IT):
- Security service of identification and authentication
- Authorisation
- Confidentiality
- Integrity
- Non-repudiation
Nowadays Information Management System is no longer solely a technical aspect it is also a very significant tool for the management level. There are various approaches possible such as from the human side in terms of security training, ethics and other human-related issues.
Standards that are available to assist organizations to implement the appropriate programmes and controls to mitigate these risks are for example ISO 27000, Information Technology Infrastructure Library, O-ISM3 and COBIT.
Video Information security management
See also
- Certified Information Systems Security Professional
- Chief information security officer
- Information Security Department
- ISO/IEC 27001
- Security information management
Maps Information security management
References
- ELOFF, Jan; ELOFF, Mariki. "Information Security Management - A New Paradigm", Proceedings of SAICSIT 2003,South Africa, Pages 130 -136. Retrieved on 2003.
External links
- ISACA
- The Open Group
Source of the article : Wikipedia