Information Security Management
Information is an asset that, like other important business assets, is essential to an organization’s business and consequently needs to be suitably protected. This is especially important in the increasingly interconnected business environment. As a result of this increasing interconnectivity, information is now exposed to a growing number and a wider variety of threats and vulnerabilities (see also OECD Guidelines for the Security of Information Systems and Networks).
Information security (ISec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.
Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities.
Information security is achieved by implementing a suitable set of controls, including policies, processes, procedures, organizational structures and software and hardware functions. These controls need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure that the specific security and business objectives of the organization are met such as online banking security. This should be done in conjunction with other business management processes.
ISO/IEC 27001 Information Security Management System (ISMS) is the only internationally recognised standard for information security management. Since its inception in 1999 (as BS 7799-2), there has been a 20-fold increase in ISMS certification worldwide, notably in Asia and US. Despite the increasing certification rate, the same cannot be said for the understanding of the fundamentals of ISMS. In fact, a large number of organisations still do not derive the most benefits from ISMS implementation, apart from getting the ISMS certificate, it helps promote understanding of the fundamentals of ISMS and understanding the process of getting the GLBA compliance and there so as to derive the greatest business benefits from its adoption.
