ITIL Foundation Online Training - $47/mo Description: 14+ Hours, 200+ Practice Questions, Lifetime Access, 100% Online, Self-paced Click Here

10 Full ITIL Mock Exams for only $25/mo.Check if you are ready to take the ITIL Exam and crack it in the first attempt Click Here

Friday, March 16, 2012

Goals, Purpose and Objectives of Information Security Management

In the previous chapter, we learnt what the Information Security Management process is. In this chapter, let’s learn about the goals, purpose and objectives of this process.

Goal of Information Security Management

The goal of the Information Security Management process is to make sure that IT security is consistent with business security, ensuring that information security is effectively managed in all service and Service Management activities and that information resources have effective stewardship and are properly used. This includes the identification and management of information security risks.

Purpose of Information Security Management

The purpose of Information Security Management is primarily to be a focal point for the management of all activities concerned with information security. This is not just about protecting information resources today. It is about putting in place, maintaining and enforcing an effective Information Security Policy. It is about understanding how the business will develop, anticipating the risks it will face, articulating how legislation and regulation will affect security requirements and making sure that Information Security Management is able to meet these challenges of the future.

Objective of Information Security Management

The objective of Information Security Management is to ensure an effective Information Security Policy is in place and enforced through effective, documented security controls that apply not only to in-house employees, but also to suppliers and others who have business/contact with the organization. It must ensure that any security breaches are managed promptly and effectively, and that risks are identified and documented and lessons are learned accordingly.

Prev: Information Security Management Introduction

Next: Important Concepts

No comments:

Post a Comment


© 2013 by All rights reserved. No part of this blog or its contents may be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the Author.


Popular Posts