Information security (ISec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.
The risks to these assets can be calculated by analysis of the following issues:
- Threats to your assets. These are unwanted events that could cause the deliberate or accidental loss, damage or misuse of the assets
- Vulnerabilities. How susceptible your assets are to attack
- Impact. The magnitude of the potential loss or the seriousness of the event.
Standards that are available to assist organizations implement the appropriate programmes and controls to mitigate these risks are for example BS7799/ISO 17799, Information Technology Infrastructure Library and COBIT.
Famous quotes containing the words information, security and/or management:
“I was brought up to believe that the only thing worth doing was to add to the sum of accurate information in the world.”
—Margaret Mead (1901–1978)
“It seems to me that our three basic needs, for food and security and love, are so mixed and mingled and entwined that we cannot straightly think of one without the others. So it happens that when I write of hunger, I am really writing about love and the hunger for it, and warmth and the love of it and the hunger for it ... and then the warmth and richness and fine reality of hunger satisfied ... and it is all one.”
—M.F.K. Fisher (b. 1908)
“This we take it is the grand characteristic of our age. By our skill in Mechanism, it has come to pass, that in the management of external things we excel all other ages; while in whatever respects the pure moral nature, in true dignity of soul and character, we are perhaps inferior to most civilised ages.”
—Thomas Carlyle (1795–1881)