The Goals and Information Security Management Principles (ISM)

  1. Information security (ISEC) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure, or damage.
  2. Certified Information Security Manager – CISM training is a unique IT credential for IT professionals who are into designing, building and managing enterprise information management security.
  3. Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.
  4. Information security management System (ISMS) a set of policies concerned with information security management or IT-related risks.

Goals of ISM

The basic goal of ISM is to ensure adequate information security. The primary goal of information security, in turn, is to protect information assets against risks, and thus to maintain their value to the organization.

Information Security Management Principles

The Information Security Management Principles states that an organization should design, implement and maintain a coherent set of policies, processes, and systems to manage risks to its information assets, thus ensuring acceptable levels of information security risk. ISO/IEC 27001 is an ISMS standard.

Information Security, Computer Security, and Information Assurance

Information Security

The word Information security relates to the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, or destruction.

Information security (InfoSec) is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc).

Information security (ISec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure, or damage.

Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks. An information security management system (ISMS) is a set of policies concerned with information security management or IT related risks. The idioms arose primarily out of ISO 27001.

For over twenty years, information security has held confidentiality, integrity, and availability to be the core principles of information security.

IT Security

Sometimes referred to as computer security, IT Security is information security when applied to technology (most often some form of computer system). It is worthwhile to note that the computer does not necessarily mean a home desktop. A computer is any device with a processor and some memory (even a calculator). IT security specialists are almost always found in any major enterprise/establishment due to the nature and value of the data within larger businesses. They are responsible for keeping all of the technology within the company secure from malicious cyber-attacks that often attempt to breach into critical private information or gain control of the internal systems.

Information Assurance

Information Assurance is the act of ensuring that data is not lost when critical issues arise. These issues include but are not limited to natural disasters, computer/server malfunction, physical theft, or any other instance where data has the potential of being lost. Since most information is stored on computers, information assurance is typically dealt with by IT security specialists. One of the most common methods of providing information assurance is to have an off-site backup of the data in case one of the mentioned issues arise.

Similarities

The similarities between the Information Security unit, the IT Security unit, and the Information Assurance unit is they strive to protect the confidentiality, integrity, and availability of information

Differences

The difference between them lies under the areas of the way they approach the subject, the methodologies used, and the areas of concentration

Information System Management System

The governing principle behind ISMS is that an organization should design, implement and maintain a coherent set of policies, processes, and systems to manage risks to its information assets, thus ensuring acceptable levels of information security risk
.
The best known ISMS are described in ISO/IEC 27001 and ISO/IEC 27002 and related standards published jointly by ISO and IEC.

Another competing ISMS is the Information Security Forum's Standard of Good Practice (SOGP). It is more best practice-based as it comes from ISF's industry experiences.

Other frameworks such as COBIT and ITIL touch on security issues but are mainly geared toward creating a governance framework for information and IT more generally. COBIT has a companion framework Risk IT dedicated to Information security.

Information Security Services

Organizations must frequently evaluate, select, and employ a variety of Information security services in order to maintain and improve their overall Information security programs.

Information security services (e.g., IT security policy development, intrusion detection support etc) may be offered by an Information group internal to an organization, or by a growing group of vendors. 

Our Cyber Security Certifications Duration And Fees

Cyber Security Certifications typically range from a few weeks to several months, with fees varying based on program and institution.

Program NameDurationFees
Post Graduate Program in Cyber Security

Cohort Starts: 2 May, 2024

6 Months$ 3,000
Caltech Cybersecurity Bootcamp

Cohort Starts: 15 Jul, 2024

6 Months$ 8,000
Cyber Security Expert6 Months$ 2,999

Recommended Reads