Information security (ISec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.
The risks to these assets can be calculated by analysis of the following issues:
- Threats to your assets. These are unwanted events that could cause the deliberate or accidental loss, damage or misuse of the assets
- Vulnerabilities. How susceptible your assets are to attack
- Impact. The magnitude of the potential loss or the seriousness of the event.
Standards that are available to assist organizations implement the appropriate programmes and controls to mitigate these risks are for example BS7799/ISO 17799, Information Technology Infrastructure Library and COBIT.
Famous quotes containing the words information, security and/or management:
“The information links are like nerves that pervade and help to animate the human organism. The sensors and monitors are analogous to the human senses that put us in touch with the world. Data bases correspond to memory; the information processors perform the function of human reasoning and comprehension. Once the postmodern infrastructure is reasonably integrated, it will greatly exceed human intelligence in reach, acuity, capacity, and precision.”
—Albert Borgman, U.S. educator, author. Crossing the Postmodern Divide, ch. 4, University of Chicago Press (1992)
“I think the girl who is able to earn her own living and pay her own way should be as happy as anybody on earth. The sense of independence and security is very sweet.”
—Susan B. Anthony (18201906)
“People have described me as a management bishop but I say to my critics, Jesus was a management expert too.”
—George Carey (b. 1935)