Information Technology Reference
In-Depth Information
. The. purpose. of. information. security. is. to. identify.
the. threats. against,. the. risks. and. the. associated.
potential.damage.to,.and.the.safeguarding.of.infor-
mation.assets.
Information Security Policy:. An. organizational. docu-
ment. usually. ratiied. by. senior. management. and.
distributed. throughout. an. organization. to. anyone.
with.access.rights.to.the.organization's.IT.systems.or.
information.resources.
. . The.information.security.policy.aims.to.reduce.the.
risk. of,. and. minimize. the. effect. (or. cost). of,. security.
incidents..It.establishes.the.ground.rules.under.which.
the. organization. should. operate. its. information. sys-
tems..The.formation.of.the.information.security.policy.
will.be.driven.by.many.factors,.a.key.one.of.which.is.
risk.. How. much. risk. is. the. organization. willing. and.
able.to.take?
. . The. individual. information. security. policies. should.
each.be.observed.by.personnel.and.contractors..Some.
policies.will.be.observed.only.by.persons.with.a.spe-
ciic.job.function.(e.g.,.the.system.administrator);.other.
policies.will.be.complied.with.by.all.members.of.staff.
. . Compliance. with. the. organization's. information.
security.policy.should.be.incorporated.with.both.the.
terms. and. conditions. of. employment. and. also. their.
job.description.
Information Systems:. The.computer.systems.and.informa-
tion. sources. used. by. an. organization. to. support. its.
day-to-day.operations.
Information User:. The. person. responsible. for. viewing/
amending/updating. the. content. of. the. information.
assets..This.can.be.any.user.of.the.information.in.the.
inventory.created.by.the.information.owner.
Integrity:. The.condition.of.data.or.a.system,.which.is.that.it.
remains.intact,.unaltered,.and.hence.reliable.
Internet:. The.system.made.up.of.computers.in.more.than.
100. countries. covering. commercial,. academic,. and.
