The Objective of Information Security Management is to Manage Information Risk
- Cyber Fraud
- Business Email Compromise
- Information Theft
- Ransomware
- Denial of Service Attack
- Regulatory compliance
- Disaster
Information Risk Impacts Business Risk
- Loss of Money
- Loss of Brand Value
- Loss of Competitive Advantage
Information Risk Measures
- Thirty percent (30%) of cybercrime victims are smaller organizations
- Sixty percent (60%) of these victims are out of business within 6 months
- Eighty percent (80%) of these breaches are preventable with basic security management
Managing information risk means ensuring four things
- The confidentiality and privacy of sensitive information
- The integrity of information and data
- The availability of critical information
- The authenticity of communications
The Context of Information Security Management
Information security management augments insurance and other forms of risk transfer. It also takes place in the legal context of commercial reasonableness.
Contributed by Citadel Information Group
© Copyright 2017. Citadel Information Group. All Rights Reserved.