Information is the currency of the information age and in many cases is the most valuable asset possessed by an organization. Information security management is the discipline that focuses on protecting and securing these assets against the threats of natural disasters, fraud and other criminal activity, user error and system failure.
Effective information security can be defined as the 'preservation of confidentiality, integrity and availability of information.' This book describes the approach taken by many organizations to realize these objectives. It discusses how information security cannot be achieved through technological means alone, but should include factors such as the organization's approach to risk and pragmatic day-to-day business operations.
This Management Guide provides an overview of the implementation of an Information Security Management System that conforms to the requirements of ISO/IEC 27001:2005 and which uses controls derived from ISO/IEC 17799:2005.