NEED FOR SECURITY
The purpose of information security management is to ensure business continuity and reduce business damage by preventing and minimizing the impact of security incidents. The Audit Commission Update report (1998) shows that fraud or cases of IT abuse often occur due to the absence of basic controls, with one half of all detected frauds found by accident. An Information Security Management System (ISMS) enables information to be shared, whilst ensuring the protection of information and computing assets.
At the most practical level, securing the information on your computer means:
ü Ensuring that your information remains confidential and only those who should access that information, can.
ü Knowing that no one has been able to change your information, so you can depend on its accuracy (information integrity).
ü Making sure that your information is available when you need it (by making back-up copies and, if appropriate, storing the back-up copies off-site).
BUSINESS NEEDS FIRST
Information security performs four important functions for an organization:
a. Protects the organization’s ability to function
b. Enables the safe operation of applications implemented on the organization’s IT systems.
c. Protects the data the organization collects and uses.
d. Safeguards the technology assets in use at the organization.
7.4 Protecting the functionality of an organization
ü Decision makers in organizations must set policy and operate their organizations in compliance with the complex, shifting legislation that controls the use of technology.
Enabling the safe operation of applications
Organizations are under immense pressure to acquire and operate integrated, efficient, and capable applications
ü The modern organization needs to create an environment that safeguards applications using the organization’s IT systems, particularly those applications that serve as important elements of the infrastructure of the organization.
Protecting data that organizations collect & use
ü Protecting data in motion
ü Protecting data at rest
ü Both are critical aspects of information security.
ü The value of data motivates attackers to seal, sabotage, or corrupt it.
It is essential for the protection of integrity and value of the organization’s data
Safeguarding Technology assets in organizations
Must add secure infrastructure services based on the size and scope of the enterprise.
Organizational growth could lead to the need for public key infrastructure, PKI, an integrated system of software, encryption methodologies.