When we talk about IT security, we have to ensure that all the following 4 areas are well covered and non are missed out:
- Availability - information must be available and usable when required, and the systems that provide it can appropriate resist attacks and recover from or prevent failures.
- Confidentiality - information must only observed by or disclosed to those who have the right to know, and well protected against unauthorized access and use.
- Integrity - information must be complete, accurate and protected against unauthorized modification.
- Authenticity - business transactions, as well as information exchanges between enterprises, or with partners, can be trusted
Information Security Management must consider the following 4 perspectives:
- Organizational – well defined security policies and staff awareness of these
- Procedural – well defined procedures used to control security
- Physical – controls used to protect any physical sites against security incidents
- Technical – controls used to protect the IT infrastructure against security incidents