Information Security Management

Information security (ISec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.

The risks to these assets can be calculated by analysis of the following issues:

  • Threats to your assets. These are unwanted events that could cause the deliberate or accidental loss, damage or misuse of the assets
  • Vulnerabilities. How susceptible your assets are to attack
  • Impact. The magnitude of the potential loss or the seriousness of the event.

Standards that are available to assist organizations implement the appropriate programmes and controls to mitigate these risks are for example BS7799/ISO 17799, Information Technology Infrastructure Library and COBIT.

Famous quotes containing the words information, security and/or management:

    So while it is true that children are exposed to more information and a greater variety of experiences than were children of the past, it does not follow that they automatically become more sophisticated. We always know much more than we understand, and with the torrent of information to which young people are exposed, the gap between knowing and understanding, between experience and learning, has become even greater than it was in the past.
    David Elkind (20th century)

    Those words freedom and opportunity do not mean a license to climb upwards by pushing other people down. Any paternalistic system that tries to provide for security for everyone from above only calls for an impossible task and a regimentation utterly uncongenial to the spirit of our people.
    Franklin D. Roosevelt (1882–1945)

    The management of fertility is one of the most important functions of adulthood.
    Germaine Greer (b. 1939)