Information Security Management
- Category: ITIL
- Published: Monday, 15 June 2015 17:34
- Written by Stephen Booth
- Hits: 1084
Information security management is concerned with the integrity, accountability, confidentiality, compliance and availability of information in information systems. The process ensures that the information security controls are correctly designed/selected and implemented then operated in accordance with the correct checks and processes.
Information security links to corporate governance and the Business Security Policy to implement, maintain and enforce the Information Security Policy for the organisation.
Staff involved in delivering information security management will carry out risk assessments and security control reviews to identify potential problems and recommend solutions or mitigations to control those problems. Where incidents occur they may carry out forensic investigations to identify how the incident came to happen, who was responsible and how to prevent re-occurrence.