Information Security

and
Management
Introduction to Information Security
What is Information?

What is “information”? How does information

differ from data?

“Information is data endowed with relevance and purpose.

Converting data into information thus requires knowledge.
Knowledge by definition is specialized.”(Blyth and Kovacich, p.17)

And what characteristics should information possess to be useful? It

should be: accurate, timely, complete, verifiable, consistent, available.
 What is Information?

According to Raggad, the following are all distinct conceptual

resources:
Noise: raw facts with an unknown coding system Data: raw
facts with a known coding system
Information: processed data
Knowledge: accepted facts, principles, or rules of thumb that
are useful for specific domains. Knowledge can be the result of
inferences and implications produced from simple information
facts.
 What is Information Security?

• The protection of information and its critical elements,

including systems and hardware that use, store, and
transmit that information
• Information security is the application of measures to
ensure the safety and privacy of data by managing its
storage and distribution. Information security has both
technical and social implications.
• Information security system is the process of protecting
the data from unauthorized access, disclosure,
destruction or disruption.
People who use or interact with the Information
“Who we are”

• Share Holders/Owners
• Management
• Employees
• Business Partners
• Service providers
• Contractors
• Customers/Clients
• Regulators
 Process
“What we do”

• Helpdesk/Service management
• Incident Reporting and Management
• Change Requests process
• Request fulfillment
• Access management
• Identity management
• Service Level/Third-party Services Management
• Procurement process
 Technology
“What we use to improve what we do”
Application software: Access devices:
• Finance and assets systems – Accounting • Desktop computers
packages, Inventory management, HR
• Laptops
systems, Assessment and reporting systems
• Digital cameras
• Software as a service (Sass)
• Printers
• Scanners
Physical Security components:
• Photocopier
• CCTV Cameras
• Clock in systems/Biometrics
• Environmental management Systems:
Humidity Control, Ventilation, Air
Conditioning, Fire Control systems
• Electricity/Power backup
 Information Security

1. Protects information from a range of threats

2. Ensures business continuity
3. Minimizes financial loss
4. Optimizes return on investments
5. Increases business opportunities
 ISO 27002:2005 defines Information Security as the
preservation of:

Confidentiality: assurance that information is not disclosed to

unauthorized persons;
Integrity: protection against unauthorized modification or
destruction of information;
Availability: timely, reliable access to data and information
services for authorized users;
Elements of Information Security
 Security breaches lead to…

• Reputation loss
• Financial loss
• Intellectual property loss
• Legislative Breaches leading to legal actions (Cyber
Law)
• Loss of customer confidence
• Business interruption costs