Information security is the collection of technologies, standards, policies and management practices that are applied to information to keep it secure.
But why is it important to secure information? And how should its security be managed? To start thinking about these questions, consider the following statements about information:
In today’s high technology environment, organisations are becoming more and more dependent on their information systems. The public is increasingly concerned about the proper use of information, particularly personal data. The threats to information systems from criminals and terrorists are increasing. Many organisations will identify information as an area of their operation that needs to be protected as part of their system of internal control.
It is vital to be worried about information security because much of the value of a business is concentrated in the value of its information. Information is, as Grant says, the basis of competitive advantage. And in the not-for-profit sector, with increased public awareness of identity theft and the power of information, it is also, as Turnbull claims, the area of an organisation’s operations that most needs control. Without information, neither businesses nor the not-for-profit sector could function. Valuing and protecting information are crucial tasks for the modern organisation.
If information were easy to value and protect, however, you would be able to buy off-the-shelf information security management solutions. There are three characteristics of information security that make this impossible.
- The collection of influences to which each organisation is exposed varies with the organisation: the information technology that it uses, its personnel, the area in which it does business, its physical location – all these have an effect on information security.
- Information security affects every structural and behavioural aspect of an organisation: a gap in a security fence can permit information to be stolen; a virally infected computer connected to an organisation’s network can destroy information; a cup of coffee spilt on a computer keyboard can prevent access to information.
- Each individual that interacts with an organisation in any way – from the potential customer browsing the website, to the managing director; from the malicious hacker, to the information security manager – will make his or her own positive or negative contribution to the information security of the organisation.
No Reviews found for this course.