What is Information Security Management?
Information in this present day and age is a valued asset, and this statement holds true to organizations and companies as well. Information may come in various forms such as printed, written, or in digital form (BSI).
Like its physical asset, information is also an important asset to an organization. If the organization’s information is compromised, the impact shall be very significant to the company and may even at times, lead to the organization’s demise.
Information Security Management is the process of evaluating the value of each information asset of an organization and protecting them. Since information can come in various forms as discussed earlier, in order to protect the information, which preserves the information’s value, the onus is on the organization to protect the media in which the information is contained. The Information Security Management System is established through accessing the organization’s systems, technologies and medias, which are used for information assets and their vulnerability, the costs or repercussions of security breaches and the implementation of countermeasures and strategies for threats (The Open University).
Information Security Management’s goal is to achieve the three goals of information system security, namely, confidentiality, integrity and availability of information.
I’m an SME; do I need Information Security Management?
SME is a small or medium sized enterprise. In Singapore, SME is defined as a company whose annual sales turnover is not more than S$100 million or having an employment size of not more than 200 workers (Spring Singapore). SMEs make up 99.3% of total enterprises in Singapore. This means that the economy in Singapore is propelled by SMEs (Spring SIngapore). They also contribute to the nation’s economy, where 7 out of every 10 workers are employed by SMEs, and they contribute over 50% towards the National GDP...