Search in ISMS Guides


Sunday, July 29, 2007

0.2 Why information security is needed ?

Information and the supporting processes, systems, and networks are important business assets.
Defining, achieving, maintaining, and improving information security may be essential to maintain
competitive edge, cash flow, profitability, legal compliance, and commercial image.
Organizations and their information systems and networks are faced with security threats from a wide
range of sources, including computer-assisted fraud, espionage, sabotage, vandalism, fire or flood.
Causes of damage such as malicious code, computer hacking, and denial of service attacks have
become more common, more ambitious, and increasingly sophisticated.
Information security is important to both public and private sector businesses, and to protect critical
infrastructures. In both sectors, information security will function as an enabler, e.g. to achieve egovernment
or e-business, and to avoid or reduce relevant risks. The interconnection of public and
private networks and the sharing of information resources increase the difficulty of achieving access
control. The trend to distributed computing has also weakened the effectiveness of central, specialist
Many information systems have not been designed to be secure. The security that can be achieved
through technical means is limited, and should be supported by appropriate management and
procedures. Identifying which controls should be in place requires careful planning and attention to
detail. Information security management requires, as a minimum, participation by all employees in the
organization. It may also require participation from shareholders, suppliers, third parties, customers or
other external parties. Specialist advice from outside organizations may also be needed.

No comments: