18 INFORMATION SECURITY MANAGEMENT AND ACCESS MANAGEMENT

INTRODUCTION AND SCOPE

The security of data and information is of vital importance to any organisation and it is therefore a business decision as to what information should be protected and to what level. The business’s approach to the protection and use of data should be contained in a security policy to which everyone in the organisation should have access and the contents of which everyone should be aware. The system in place to enforce the security policy and ensure that the business’s IT security objectives are met is known as the information security management system (ISMS). Information security management supports corporate governance by ensuring that information security risks ...

Get IT Service Management, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.