Principles of Information Security, Fifth Edition - Chapter 2 PDF
Document Details
Uploaded by Deleted User
Tags
Related
Summary
This document is a chapter from a textbook on information security titled "Principles of Information Security, Fifth Edition". It focuses on the need for security within an organization, covering topics such as organizational business needs, protecting data, enabling application operations and safeguarding technology assets.
Full Transcript
# Principles of Information Security, Fifth Edition ## Chapter 2 The Need for Security ### Lesson 1 - Introduction - Upon completion of this material, you should be able to: - Discuss the organizational business need for information security ### Introduction - The primary mission of an...
# Principles of Information Security, Fifth Edition ## Chapter 2 The Need for Security ### Lesson 1 - Introduction - Upon completion of this material, you should be able to: - Discuss the organizational business need for information security ### Introduction - The primary mission of an information security program is to ensure information assets—information and the systems that house them—remain safe and useful. - If no threats existed, resources could be used exclusively to improve systems that contain, use, and transmit information. - Threat of attacks on information systems is a constant concern. ### Business Needs First - Information security performs four important functions for an organization: - Protecting the organization's ability to function - Protecting the data and information the organization collects and uses - Enabling the safe operation of applications running on the organization's IT systems - Safeguarding the organization's technology assets ### Protecting the Functionality of an Organization - Management (general and IT) is responsible for facilitating security program. - Implementing information security has more to do with management than technology. - Communities of interest should address information security in terms of business impact and cost of business interruption. ### Protecting Data That Organizations Collect and Use - Without data, an organization loses its record of transactions and ability to deliver value to customers. - Protecting data in transmission, in processing, and at rest (storage) is a critical aspect of information security. ### Enabling the Safe Operation of Applications - Organization needs environments that safeguard applications using IT systems. - Management must continue to oversee infrastructure once in place—not relegate to IT department. ### Safeguarding Technology Assets in Organizations - Organizations must employ secure infrastructure hardware appropriate to the size and scope of the enterprise. - Additional security services may be needed as the organization grows. - More robust solutions should replace security programs the organization has outgrown.
