Information Security Management dates back to the dawn of time. Cryptology, or the science keeping information confidential, is as old as civilisation itself and has occupied some of the most brilliant minds in the history of mathematics, especially (unfortunately) in times of war.
However, since the advent of today's ubiquitous communications networks, and the Internet in particular, the problems associated with information security have worsened considerably and affect almost all of us. Put up your hand if your computer has never been infected by a virus, or you have never been sent spam, received unwanted telesales calls, had your personal data compromised, or worse, had your credit card number stolen.
Information is an integral part of any business and managing it correctly rests on three basic pillars:
- Confidentiality: the information must only be accessible to its predefined recipients.
- Integrity: the information must be correct and complete.
- Availability: the information must be accessible when it is needed.
Security Management must, therefore, ensure that the information is correct and complete, that it is always available for business purposes and that it is only used by the people who are authorised to do so.
The interactions and functionalities of Security Management are briefly summarised in the following interactive graphic: