Professional Documents
Culture Documents
Information security is about protecting the information assets of your organization from potential loss, damage, destruction or theft. Information assets cover more than you might think and include: G information held or maintained by your organization, G information systems and equipment used to process and store that information, G software applications used to access or manipulate information, G information hardware (such as telephones and computers), G information management (such as the procedures for handling information).
In this section, well look at each of these in turn and suggest some ways of promoting information security.
Easy i Limited
The three main concerns with regard to protecting these assets are: G confidentiality of information, G integrity of information, G availability of information.
Confidentiality
Information security is about ensuring that information is accessible only to those authorized to have it.
Importance of confidentiality
Organizations use and maintain a lot of sensitive information, such as information about: G customers, G staff, G business plans, G financial performance. The consequences can be very serious if this information gets into the wrong hands or is disclosed when it shouldnt be. Keeping such information confidential is vital.
Locked screensavers - to prevent unauthorized access to confidential computer data. Clear desk policy - so sensitive or confidential material is not left in view on unattended desks. Secure storage facilities - where confidential information can be locked away. A clear confidentiality policy - making confidentiality a contractual requirement for all staff.
Easy i Limited
Integrity
Information security is about safeguarding the accuracy and completeness of information and protecting the systems used to process it.
Protecting the integrity of information and information systems to minimize the risk of damage is therefore a high priority for all organizations.
Easy i Limited
Damaged information is obviously unreliable and of limited value when it comes to making decisions for the business or responding to customers needs.
Availability
Information security is about ensuring authorized users have access to information and associated assets when required.
Easy i Limited
Thats why its so important to maintain and protect the availability of information and other resources.