Information security management

This article does not cite any sources. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Information security management" – news · newspapers · books · scholar · JSTOR (December 2008) (Learn how and when to remove this message)

Information security (InfoSec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage.

Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.

The risks to these assets can be calculated by analysis of the following issues:

• Threats to your assets: These are unwanted events that could cause the deliberate or accidental loss, damage or misuse of the assets
• Vulnerabilities: How susceptible your assets are to attack
• Impact: The magnitude of the potential loss or the seriousness of the event.

Standards that are available to assist organizations implement the appropriate programmes and controls to mitigate these risks are for example BS7799/ISO 27000, Information Technology Infrastructure Library, O-ISM3 and COBIT.

• Certified Information Systems Security Professional
• Chief information security officer
• Information Security Department
• ISO/IEC 27001
• Security Information Management
• Information security management system

• ISACA
• The Open Group