NEED FOR SECURITY
The purpose of information security management is to ensure
business continuity and reduce business damage by preventing and minimizing the
impact of security incidents. The Audit Commission Update report (1998) shows
that fraud or cases of IT abuse often occur due to the absence of basic
controls, with one half of all detected frauds found by accident. An
Information Security Management System (ISMS) enables information to be shared,
whilst ensuring the protection of information and computing assets.
At the most practical level, securing the information on your
computer means:
ü Ensuring that your information remains confidential and only
those who should access that
information, can.
ü Knowing that no one has been able to change your information, so
you can depend on its accuracy (information integrity).
ü Making sure that your information is available when you need it
(by making back-up copies and, if appropriate, storing the back-up copies
off-site).
BUSINESS NEEDS FIRST
Information
security performs four important functions for an organization:
a.
Protects the organization’s ability to function
b.
Enables the safe operation of applications
implemented on the organization’s IT systems.
c.
Protects the data the organization collects and
uses.
d.
Safeguards the technology assets in use at the
organization.
7.4
Protecting
the functionality of an organization
ü Decision
makers in organizations must set policy and operate their organizations in
compliance with the complex, shifting legislation that controls the use of
technology.
Enabling the safe operation of applications
Organizations
are under immense pressure to acquire and operate integrated, efficient, and
capable applications
ü The modern
organization needs to create an environment that safeguards applications using
the organization’s IT systems, particularly those applications that serve as
important elements of the infrastructure of the organization.
Protecting data that organizations collect &
use
ü Protecting
data in motion
ü Protecting
data at rest
ü Both are
critical aspects of information security.
ü The value of data motivates attackers to seal, sabotage, or corrupt it.
It is
essential for the protection of integrity and value of the organization’s data
Safeguarding
Technology assets in organizations
Must add
secure infrastructure services based on the size and scope of the enterprise.
Organizational
growth could lead to the need for public
key infrastructure, PKI, an integrated system of software, encryption
methodologies.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.