| |
Time: 55 hours
Level: Masters
| |
| |
 Introduction Resource- Information security underpins the commercial viability and profitability of enterprises of all sizes and the effectiveness of public sector organisations. This unit begins by explaining why information...
| |
| | 1 Why is information security important?
- 1 Why is information security important? Resource
- This unit introduces you to information security and its management.
| |
| | 2 Information, information security and information security management
- 2.1 What is information? Resource
- Information comprises the meanings and interpretations that people place upon facts, or data. The value of information springs from the ways it is interpreted and applied to make products, to provide services,...
- 2.2 What is information security? Resource
- Seen in the way we have just defined it, information is a valuable asset. Information security protects information (and the facilities and systems that store, use and transmit it) from a wide range of...
- 2.3 What is information security management? Resource
- Information security management is the process by which the value of each of an organisation's information assets is assessed and, if appropriate, protected on an ongoing basis. The information an organisation...
| |
| | 3 Information security imperatives and incentives
- 3.1 Introduction Resource
- The design of a successful information security policy and strategy for any organisation requires an assessment of a number of key factors. These factors can be categorised as either imperatives or incentives....
- 3.2 Imperatives Resource
- Imperatives generally arise from three sources:
- 3.3 Incentives Resource
- Reread the short section entitled ‘Benefits of an information security management system’ at the end of Chapter 1 of IT Governance: A Manager's Guide to Data Security & BS 7799/ISO 177799 (the Set Book)....
| |
| |
- 4.1 Introduction Resource
- Section 2 explained that information is an important asset to an organisation. In this section you will study, in some detail, the characteristics of information assets that make them valuable, and so...
- 4.2 Information in an e-business age Resource
- Sharing information in business is itself a risky business. The information that is exchanged between b2b partners, for instance, may include order information, customer details and strategic documents....
- 4.3 Scarcity and shareability Resource
- Modern business theory now views an organisation's intangible, rather than its tangible, assets as the reservoir of much of its value. Even a not-for-profit organisation requires information to be shared...
| |
| | 5 Planning an information security management system
- 5.1 Introduction Resource
- In this section you will study the process demanded by the British Standard on Information Security Management for planning an information security management system (ISMS). We present ISMS development...
- 5.2 The Standard's approach to planning an ISMS Resource
- The Standard describes the planning of an ISMS, which it refers to as the ‘Plan activity’, as follows.
- 5.3 Setting up an ISMS Resource
- Clause 4.1 of Part 1 of the Standard describes the processes and personnel required to support an ISMS under development or in operation. Chapter 4 of IT Governance: A Manager's Guide to Data Security...
- 5.4 ISMS documentation Resource
- In this subsection we shall consider Stages 1, 2 and 8 of the ISMS documentation task. Stage 3 is considered in Section 6. We shall not discuss Stage 9 in this unit.
| |
| | 6 Risk assessment and asset identification
- 6.1 Introduction Resource
- Section 5 discussed the ISMS planning and documentation process in general and also went into the details of Stages 1, 2 and 8 of the ISMS documentation task. In this section, we shall discuss Stage 3...
- 6.2 A systematic approach to risk assessment Resource
- In Section 4 of this unit you learned of the immense value of information to modern organisations. However, without a storage medium of some kind – paper, a hard disk, a white board, a human memory – information...
- 6.3 Asset identification Resource
- You have now completed your study of the ISMS documentation task in the ISMS planning process. In this subsection we study the asset identification task.
| |
| |
- 7 The PDCA cycle Resource
- In Section 5 you were introduced to the nine-stage ISMS planning process advocated by the Standard. You have also, in Sections 5 and 6, looked in some detail at some of these stages – those comprising...
| |
| |
- 8 Summary Resource
- This unit has discussed the importance of information assets to any modern organisation and has made the case for information security management. It has introduced you to extracts from the British Standard...
| |
| | References and Acknowledgements | |
OPML Feed |
Contact OpenLearn |
Privacy |
Copyright |
Accessibility
Share on Facebook
Save to Del.icio.us
Stumble it!
Add to Onlywire
