CHAPTER 6: SECURITY AND DATA PRIVACY
Overview
There is increasing awareness in the media and elsewhere of cyber terrorism and cyber crime. These are very real risks. Less publicised are the internal risks of data loss – through deliberate action or simple carelessness/lack of understanding of the risks. I like ISACA’s definition of information security. It defines information security as something that:
“Ensures that within the enterprise, information is protected against disclosure to unauthorised users (confidentiality), improper modification (integrity) and non-access when required (availability).”
This definition clearly makes it the responsibility of the organisation to protect its information, in the same way as it would any other asset ...
Get Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.