Contents:
Information security management………………………………………………………………………..2
Security can not be achieved by technology alone……………………………………………….3
Business continuity plan………………………………………………………............…………….…….7
Responding and Managing an incident…………………………..……………………......….……..8
Task 1
1. What is Information Security Management?
Definitions
Information security: Preservation of confidentiality, integrity and availability of information.
Management system: Coordinated activities to direct and control an organisation.
Information Security Management System (ISMS): Coordinated activities to direct and control the preservation of confidentiality, integrity, and availability of information
History and Background
Concept
ISM is an example of applying the management system conceptual model to the discipline of Information Security. Unique attributes to this instance of a management system include:
Risk management applied to information and based upon metrics of confidentiality, integrity, and availability
TQM applied to information security processes and based upon metrics of efficiency and effectiveness.
A monitoring and reporting model based upon abstraction layers that filter and aggregate operational details for management presentation.
A structured approach towards integrating people, process, and technology to furnish enterprise information security services.
An extensible framework from which to manage information security compliance.
{draw:frame} (Carlson, 2009)
2. Who Participates in ISM
Many companies make the mistake of placing the entire responsibility for creating, maintaining, and carrying ISM squarely on the shoulders of its IT pros. While IT should obviously play an integral role in the ISM process, organisations shouldn't expect the IT department to serve as the sole caretaker of their security management plans.
ISM transcends an organisation from the...