Information security (ISec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.
The risks to these assets can be calculated by analysis of the following issues:
- Threats to your assets. These are unwanted events that could cause the deliberate or accidental loss, damage or misuse of the assets
- Vulnerabilities. How susceptible your assets are to attack
- Impact. The magnitude of the potential loss or the seriousness of the event.
Standards that are available to assist organizations implement the appropriate programmes and controls to mitigate these risks are for example BS7799/ISO 17799, Information Technology Infrastructure Library and COBIT.
Famous quotes containing the words information, security and/or management:
“Many more children observe attitudes, values and ways different from or in conflict with those of their families, social networks, and institutions. Yet today’s young people are no more mature or capable of handling the increased conflicting and often stimulating information they receive than were young people of the past, who received the information and had more adult control of and advice about the information they did receive.”
—James P. Comer (20th century)
“There is one safeguard known generally to the wise, which is an advantage and security to all, but especially to democracies as against despots. What is it? Distrust.”
—Demosthenes (c. 384–322 B.C.)
“The Management Area of Cherokee
National Forest, interested in fish,
Has mapped Tellico and Bald Rivers
And North River, with the tributaries
Brookshire Branch and Sugar Cove Creed:
A fishy map for facile fishery....”
—Allen Tate (1899–1979)