Organizations implement information security for a wide range of reasons. The main objectives of Information Security are typically related to ensuring confidentiality, integrity, and availability of company information. Since Information Security covers many areas, it often involves the implementation of various types of security, including application security, infrastructure security, cryptography, incident response, vulnerability management, and disaster recovery.
It is essential for any organisation to develop the policies for better performance in terms of quality and reliability of information system, because information system belongs to the organization. The policies of organisation is to address security threats to information and implement strategies to mitigate IT security vulnerabilities, as well as defining how to recover when a network intrusion occurs. Furthermore, the policies provide guidelines to employees on what to do and what not to do.
Who is responsible for securing an organization's information? Perhaps the top-level management, Ultimately, it is not only individual employees or departments that are responsible for the security of confidential information, but also the institution itself. It is, therefore, incumbent upon top administrators, who are charged with protecting the institution's best interests, to ensure that an appropriate and effective security policy is developed and put into practice throughout the organization.
Security threats are constantly evolving, and compliance requirements are becoming increasingly complex. Organizations large and small must create a comprehensive security program to cover both challenges. Without an information security policy, it is impossible to coordinate and enforce a security program across an organization, nor is it possible to communicate security measures to third parties and external auditors.
Integrity, Confidentiality, and availability are three components to maintain the quality and reliability of Information systems. Integrity is the assurance that the information being accessed has not been altered and truly represents what is intended. Integrity. With data being the primary information asset, integrity provides the assurance that the data is accurate and reliable. .... Confidentiality determines the secrecy of the information asset. …
Information availability refers to the ability of the infrastructure to function according to business expectations during its specified time of operation. Information availability ensures that people (employees, customers, suppliers, and partners) can access information whenever they need it.
0 comments:
Post a Comment