We use information security processes as a means of protecting information and information systems from unauthorized access, use, disclosure, disruption, modification and destruction.
Information Security Management required input from:- Business strategy and plans
- Security policies or guidelines
- Risk Analysis
- Change Management information
With an increasing amount of data stored electronically, businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most information these days is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Organisations such as military, governments, financial institutions and hospitals hold a wealth of information which must be protected.
Should confidential information about customers or finances fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business
The focus on information security varies from organisation to organisation; some companies have extremely strong information security plans. Other customers are challenged with coming up with a program. ITIL covers only a part of the information security scene. In any case, you would follow the
ISO 20701 standards. Governmental departments such as The Ministry of Defence will certainly have their own standards, which are extremely very well documented and very rigorous. We cover some elements of security during the Service Design phase. Information Security may consist of vulnerability scanning, particular standards for services, hardening of desktops and servers among others.
Information Security Management aims to deliver:- Information Security Management Policy
- Security Management Information System (SMIS)
- Security controls
- Security reports and audits
See also:- Information Security Management System (ISMS)
- Plan-Do-Check-Act (PDCA)