Search in ISMS Guides


Sunday, July 29, 2007

0.1 What is information security ?

Information is an asset that, like other important business assets, is essential to an organization’s
business and consequently needs to be suitably protected. This is especially important in the
increasingly interconnected business environment. As a result of this increasing interconnectivity,
information is now exposed to a growing number and a wider variety of threats and vulnerabilities
(see also OECD Guidelines for the Security of Information Systems and Networks).
Information can exist in many forms. It can be printed or written on paper, stored electronically,
transmitted by post or by using electronic means, shown on films, or spoken in conversation.
Whatever form the information takes, or means by which it is shared or stored, it should always be
appropriately protected.
Information security is the protection of information from a wide range of threats in order to ensure
business continuity, minimize business risk, and maximize return on investments and business
Information security is achieved by implementing a suitable set of controls, including policies,
processes, procedures, organizational structures and software and hardware functions. These controls
need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure
that the specific security and business objectives of the organization are met. This should be done in
conjunction with other business management processes.

No comments: