Information security (ISec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.
The risks to these assets can be calculated by analysis of the following issues:
- Threats to your assets. These are unwanted events that could cause the deliberate or accidental loss, damage or misuse of the assets
- Vulnerabilities. How susceptible your assets are to attack
- Impact. The magnitude of the potential loss or the seriousness of the event.
Standards that are available to assist organizations implement the appropriate programmes and controls to mitigate these risks are for example BS7799/ISO 17799, Information Technology Infrastructure Library and COBIT.
Famous quotes containing the words information, security and/or management:
“Rejecting all organs of information ... but my senses, I rid myself of the Pyrrhonisms with which an indulgence in speculations hyperphysical and antiphysical so uselessly occupy and disquiet the mind.”
—Thomas Jefferson (1743–1826)
“When kindness has left people, even for a few moments, we become afraid of them as if their reason had left them. When it has left a place where we have always found it, it is like shipwreck; we drop from security into something malevolent and bottomless.”
—Willa Cather (1876–1947)
“No officer should be required or permitted to take part in the management of political organizations, caucuses, conventions, or election campaigns. Their right to vote and to express their views on public questions, either orally or through the press, is not denied, provided it does not interfere with the discharge of their official duties. No assessment for political purposes on officers or subordinates should be allowed.”
—Rutherford Birchard Hayes (1822–1893)