Information Security Management
- Information Security Management
Information security (ISec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage.
Information security management (ISM) are controls that the organizations needs to implement to ensure that it is sensibly managing these risks.
The risks to these assets can be calculated by analysis the following issues:
* "Threats to your assets". These are unwanted events that could cause the deliberate or accidental loss, damage or misuse of the assets
* "Vulnerabilities". How susceptible your assets are to attack
* "Impact". The magnitude of the potential loss or the seriousness of the event.
Standards that are available to assist organizations implement the appropriate programmes and controls to mitigate these risks are for example BS7799/ISO 17799, Information Technology Infrastructure Library and COBIT.
See also
* Certified Information Security Manager
* Certified Information Systems Security Professional
* Chief information security officer
* Information Security Department
* Security Information Management
* Information security management system
External links
* [http://www.isaca.org/ ISACA]
Wikimedia Foundation.
2010.
Look at other dictionaries:
Information security management system — An Information Security Management System (ISMS) is, as the name suggests, a set of policies concerned with information security management. The idiom arises primarily out of ISO/IEC 27001.The key concept of ISMS is for an organization to design … Wikipedia
Information security management system — Système de gestion de la sécurité de l information Un système de gestion de la sécurité de l information (en anglais : Information security management system, ou ISMS) est, comme son nom le suggère, un système de gestion concernant la… … Wikipédia en Français
Information Security Management System — Das Information Security Management System (ISMS, engl. für „Managementsystem für Informationssicherheit“) ist eine Aufstellung von Verfahren und Regeln innerhalb eines Unternehmens, welche dazu dienen, die Informationssicherheit dauerhaft zu… … Deutsch Wikipedia
Federal Information Security Management Act of 2002 — The Federal Information Security Management Act of 2002 ( FISMA , usc|44|3541, et seq. ) is a United States federal law enacted in 2002 as Title III of the E Government Act of 2002 (USPL|107|347, USStat|116|2899). The act was meant to bolster… … Wikipedia
Information Quality Management — is an information technology (IT) management discipline, which encompasses the COBIT Information Criteria of efficiency, effectiveness, confidentiality, integrity, availability, compliance, and reliability. The idea is for companies to have the… … Wikipedia
Information security — Components: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information Systems are decomposed in three main portions, hardware, software and communications with the purpose to identify and apply information security… … Wikipedia
Information security professionalism — is the set of knowledge that people working in Information security and similar fields (Information Assurance and Computer security) should have and eventually demonstrate through certifications from well respected organizations. It also… … Wikipedia
Information Security Governance — Information Security Governance, Information Security Governance or ISG, is a subset discipline of Corporate Governance focused on information Security systems and their performance and risk management. Applicable Frameworks *… … Wikipedia
Information Rights Management — Information Rights Management(IRM) is a term that applies to a technology which protects sensitive information from unauthorised access. It is sometimes referred to as E DRM, Enterprise Digital Rights Management. This can cause confusion because… … Wikipedia
Information Security Department — The Information Security Department is a department in the Israel Defense Forces Directorate of Military Intelligence, responsible for preventing classified information from being compromised by unauthorized elements. It was formerly known as the … Wikipedia