The Goals and Information Security Management Principles (ISM)
Related Concepts
- Information security (ISEC) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure, or damage.
- Certified Information Security Manager – CISM training is a unique IT credential for IT professionals who are into designing, building and managing enterprise information management security.
- Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.
- Information security management System (ISMS) a set of policies concerned with information security management or IT-related risks.
Goals of ISM
The basic goal of ISM is to ensure adequate information security. The primary goal of information security, in turn, is to protect information assets against risks, and thus to maintain their value to the organization.
Information Security Management Principles
The Information Security Management Principles states that an organization should design, implement and maintain a coherent set of policies, processes, and systems to manage risks to its information assets, thus ensuring acceptable levels of information security risk. ISO/IEC 27001 is an ISMS standard.
Information Security, Computer Security, and Information Assurance
Information Security
The word Information security relates to the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, or destruction.
Information security (InfoSec) is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc).
Information security (ISec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure, or damage.
Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks. An information security management system (ISMS) is a set of policies concerned with information security management or IT related risks. The idioms arose primarily out of ISO 27001.
For over twenty years, information security has held confidentiality, integrity, and availability to be the core principles of information security.
IT Security
Information Assurance
Similarities
Differences
Information System Management System
.
The best known ISMS are described in ISO/IEC 27001 and ISO/IEC 27002 and related standards published jointly by ISO and IEC.
Another competing ISMS is the Information Security Forum's Standard of Good Practice (SOGP). It is more best practice-based as it comes from ISF's industry experiences.
Other frameworks such as COBIT and ITIL touch on security issues but are mainly geared toward creating a governance framework for information and IT more generally. COBIT has a companion framework Risk IT dedicated to Information security.
Information Security Services
Information security services (e.g., IT security policy development, intrusion detection support etc) may be offered by an Information group internal to an organization, or by a growing group of vendors.