INTRODUCTION

In today’s information economy, the development, exploitation and protection of information assets are key to the long-term competitiveness and survival of corporations and entire economies. The protection of information assets – information security – is therefore overtaking physical asset protection as a fundamental corporate governance responsibility. Information security management, defined as ‘the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities’,1 is becoming a critical corporate discipline, alongside marketing, sales, HR and financial management.

A key corporate governance objective is to ensure ...

Get Information Security Risk Management for ISO27001/ISO27002 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.