In today’s business world information is a valuable commodity and such needs to be protected. It affects all aspects of today’s businesses from top management right down to operational level. In order to avoid loss or damage to this valuable resource, companies need to be serious about protecting their information. This protection is typically implemented in the form of various security controls. However, it is very difficult to know exactly which controls would be required in order to guarantee a certain acceptable minimum level of security. Furthermore, managing these controls to see that they are always up to date and implemented uniformly throughout the organization is a constant headache to organizations.
There exist several internationally accepted standards and codes of practice to assist organizations in the implementation and management of an organizational information security strategy.
These standards and codes of practice provide organizations with guidelines specifying how the problem of managing information security should be approached. One of the key controls identified by all the major IT Security standards published to date is the introduction of a corporate information security awareness program. The purpose of such a program is to educate the users about Information Security or, more specifically, to educate users about the individual roles they play in the effectiveness of one type of control, namely, operational controls.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment