Search in ISMS Guides


Tuesday, September 25, 2007

Information Security Ebook: Protecting Your Business Assets

Type : Pdf File
Page : 11 Page
Source :

Read This Ebook

The information created, used, stored and transmitted by your organisation forms one of its most important assets. This document shows how you can use good practice to protect this information from being maliciously or unintentionally changed (integrity); make it available when and where needed (availability); and ensure that only those with a legitimate right can access it (confidentiality).

This document should be regarded as a starting point for developing organisation-specific controls and guidance for the classification and protection of information assets. Not all the guidance provided in this document may be applicable to an organisation's specific needs. It is therefore important to understand the organisation's business requirements and to apply this guidance appropriately. The document provides general guidance only and, if fully
implemented, can only reduce, not eliminate, your vulnerability.
Organisations which regularly handle UK government protectively-marked information must continue to follow the procedures agreed with the appropriate UK security authorities. However, this guidance has been developed in conjunction with them, and similar security procedures can therefore be applied to commercial and protectively-marked information. Who this document is for: those responsible for initiating, implementing or maintaining information security in their organisation as well as those who use and process their organisation's information.

For the purposes of this booklet the following definitions apply:
- Information Security
Information security involves the preservation of confidentiality, integrity and availability of information (reference ISO/IEC 17799:2000).
- Risk assessment
Risk assessment is the overall process of risk identification, risk analysis and risk evaluation (ISO Guide 73:2002).
- Risk management
Risk management typically includes risk assessment, risk treatment, risk acceptance and risk communication (exchange or sharing of information about risk between the decisionmaker and other stakeholders) (ISO Guide 73:2002).