Information security involves protecting information from diverse threats for the purpose of ensuring continuity of operation, minimizing damages and maximizing results. Information security can be seen as a means of protecting:
- Confidentiality, i.e. assurance that information is accessible only to authorised persons. Sensitive information must be protected from unauthorised publication, access or interception.
- Integrity, i.e. maintaining the accuracy and completeness of information and processes. Ensuring that information is correct and undamaged and that software functions correctly.
- Availability, i.e. ensuring that information and services are available to authorised users when needed.
Information security also involves the preservation of other characteristics, such as information traceability, reliability, irrefutability and responsibility.
Information is a valuable asset and therefore needs appropriate protection. Information comes in various formats, e.g. printed or written on paper, stored electronically, published on film or revealed in conversation. Information should always be protected in an appropriate manner, irrespective of the means by which such information is utilised or stored.
Implementing Standards on Information Security
Implementing standards on information security helps ensure all of the key aspects above through the audit and review of the working arrangements of the company or institution in question.
The scope of international security standards ISO/IEC 27002 (ISO/IEC 17799) and ISO/IEC 27001 is not limited to the information systems themselves, but also addresses all work and equipment related thereto. Consequently, users' handling of information and systems must be defined and operating procedures drawn up.
It is vital that business entities register their procedures and organisation in a separate manual - an organisational manual. Ideally, such manuals should be comprehensive, incorporating points of emphasis such as quality issues, information security and environmental security. In this way, a comprehensive view of the business, incorporating all activities, can be obtained.
The organisational manual contains, among other things, company policy, work procedures and processes. This is why Risk Management Studio® offers a framework for procedures, processes and policies in the software, for your information security.
