Information Security Management Principles Part I

Information Security Management Principles
...

Eshna

Published on January 27, 2012


  • 2601 Views

The Goals and Principles of Information Security Management (ISM)

Related Concepts

1. Information security (ISEC) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage.
2. Certified Information Security Manager –CISM training is a unique IT credential for IT professionals who are into designing, building and managing the enterprise information management security.
3. Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.
4. Information security management System (ISMS) a set of policies concerned with information security management or IT related risks.

Goals of ISM

The basic goal of ISM is to ensure adequate information security. The primary goal of information security, in turn, is to protect information assets against risks, and thus to maintain their value to the organization.

Principles of ISM

The Principle of ISM states that an organization should design, implement and maintain a coherent set of policies, processes and systems to manage risks to its information assets, thus ensuring acceptable levels of information security risk. ISO/IEC 27001 is an ISMS standard.

Information Security, Computer Security and Information Assurance

Information Security

The word Information security relates to the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
Information security (InfoSec) is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc).
Information security (ISec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks. An information security management system (ISMS) is a set of policies concerned with information security management or IT related risks. The idioms arose primarily out of ISO 27001.

For over twenty years, information security has held confidentiality, integrity and availability to be the core principles of information security.

IT Security

Sometimes referred to as computer security, IT Security is information security when applied to technology (most often some form of computer system). It is worthwhile to note that the computer does not necessarily mean a home desktop. A computer is any device with a processor and some memory (even a calculator). IT security specialists are almost always found in any major enterprise/establishment due to the nature and value of the data within larger businesses. They are responsible for keeping all of the technology within the company secure from malicious cyber attacks that often attempt to breach into critical private information or gain control of the internal systems.

Information Assurance

Information Assurance is the act of ensuring that data is not lost when critical issues arise. These issues include but are not limited to natural disasters, computer/server malfunction, physical theft, or any other instance where data has the potential of being lost. Since most information is stored on computers, information assurance is typically dealt with by IT security specialists. One of the most common methods of providing information assurance is to have an off-site backup of the data in case one of the mentioned issues arise.

Similarities

The similarities between the Information Security unit, the IT Security unit and the Information Assurance unit is they strive to protect the confidentiality, integrity and availability of information

Differences

The difference between them lies under the areas of the way they approach to the subject, the methodologies used, and the areas of concentration

Information System Management System

The governing principle behind ISMS is that an organization should design, implement and maintain a coherent set of policies, processes and systems to manage risks to its information assets, thus ensuring acceptable levels of information security risk
.
The best known ISMS are described in ISO/IEC 27001 and ISO/IEC 27002 and related standards published jointly by ISO and IEC.

Another competing ISMS is Information Security Forum's Standard of Good Practice (SOGP). It is more best practice-based as it comes from ISF's industry experiences.

Other frameworks such as COBIT and ITIL touch on security issues, but are mainly geared toward creating a governance framework for information and IT more generally. COBIT has a companion framework Risk IT dedicated to Information security.

Information Security Services

Organizations must frequently evaluate, select, and employ a variety of Information security services in order to maintain and improve their overall Information security programs.

Information security services (e.g., IT security policy development, intrusion detection support etc) may be offered by an Information group internal to an organization, or by a growing group of vendors.

 



We provide CISSP training in the following cities:             
 

PHILADELPHIA SEATTLE LAS VEGAS
ARLINGTON CALGARY SALT LAKE CITY
SACRAMENTO BALTIMORE RIYADH
TAMPA PORTLAND SAN DIEGO
WASHINGTON NEW YORK CITY ATLANTA


Happy learning! We wish you good luck in your "CISM Training Program" journey!
 

About the Author

Eshna is a writer at Simplilearn. She has done Masters in Journalism and Mass Communication and is a Gold Medalist in the same. A voracious reader, she has penned several articles in leading national newspapers like TOI, HT and The Telegraph. She loves traveling and photography.


{{detail.h1_tag}}

{{detail.display_name}}
... ...

{{author.author_name}}

{{detail.full_name}}

Published on {{detail.created_at| date}} {{detail.duration}}

  • {{detail.date}}
  • Views {{detail.downloads}}
  • {{detail.time}} {{detail.time_zone_code}}

Registrants:{{detail.downloads}}

Downloaded:{{detail.downloads}}

About the On-Demand Webinar

About the Webinar

Hosted By

...

{{author.author_name}}

{{author.author_name}}

{{author.about_author}}

About the E-book

View On-Demand Webinar

Register Now!

First Name*
Last Name*
Email*
Company*
Phone Number*

View On-Demand Webinar

Register Now!

Webinar Expired

Download the Ebook

Email
{{ queryPhoneCode }}
Phone Number {{ detail.getCourseAgree?'*':'(optional)'}}

Show full article video

About the Author

{{detail.author_biography}}

About the Author

{{author.about_author}}