Information Security Management

Information security (ISec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.

The risks to these assets can be calculated by analysis of the following issues:

  • Threats to your assets. These are unwanted events that could cause the deliberate or accidental loss, damage or misuse of the assets
  • Vulnerabilities. How susceptible your assets are to attack
  • Impact. The magnitude of the potential loss or the seriousness of the event.

Standards that are available to assist organizations implement the appropriate programmes and controls to mitigate these risks are for example BS7799/ISO 17799, Information Technology Infrastructure Library and COBIT.

Famous quotes containing the words information, security and/or management:

    We hear a great deal of lamentation these days about writers having all taken themselves to the colleges and universities where they live decorously instead of going out and getting firsthand information about life. The fact is that anybody who has survived his childhood has enough information about life to last him the rest of his days.
    Flannery O’Connor (1925–1964)

    The horror of class stratification, racism, and prejudice is that some people begin to believe that the security of their families and communities depends on the oppression of others, that for some to have good lives there must be others whose lives are truncated and brutal.
    Dorothy Allison (b. 1949)

    The Management Area of Cherokee
    National Forest, interested in fish,
    Has mapped Tellico and Bald Rivers
    And North River, with the tributaries
    Brookshire Branch and Sugar Cove Creed:
    A fishy map for facile fishery....
    Allen Tate (1899–1979)