Read without ads and support Scribd by becoming a Scribd Premium Reader.
See Premium Plans
1
1
January 1998
MANAGING SECURITY OF INFORMATION
CONTENTS

Paragraphs
Preface
Executive Summary

..................................................................................................
..................................................................................................
1-5
Key definitions
..................................................................................................
..................................................................................................
6
Why is Information Security Important?
..................................................................................................
..................................................................................................
7-11
What is Information Security?
..................................................................................................
..................................................................................................
12-13
What are the Principles of Information Security?
..................................................................................................
..................................................................................................
14-22
What is the Best Approach to Implement Information Security?
..................................................................................................
..................................................................................................
23-38
2
Appendix A: Information Security Policy Statement
Example
Appendix B: Acknowledgments
3
PREFACE

In a digital world, the effective management of information,
information systems and communications is of critical importance to
the success and survival of an organization. This criticality arises
from:

\u2022the increasing dependence on information and the systems and
communications that deliver the information;
\u2022the scale and cost of the current and future investments in information;
and
\u2022the potential for technologies to dramatically change organizations and
business practices, create new opportunities, and reduce costs.

Many organizations recognize the potential benefits that technology
can yield. Successful organizations, however, understand and manage
the risks associated with implementing new technologies. Executive
management needs to have an appreciation for and a basic
understanding of the risks and constraints of information technology
in order to provide effective direction and adequate controls.
This guideline is intended to assist management to implement policy
and procedures within an overall internal control framework.
Additional technical guidance may be necessary as management seeks
to implement these guidelines.
This guideline is based upon best practices recommended in selected
primary publications of the Department of Trade and Industry (United
Kingdom), the Department of Commerce (USA), the Government of
New South Wales (Australia) and the Organization for Economic
Cooperation and Development.
IFAC\u2019s Information Technology Committee would like to
acknowledge the support from the Information Systems Audit and
Control Association and to thank its various contributors who
provided valuable input for this document:
Susan M. Caldwell, ISACA
Michael P. Cangemi
Michael Donahue, PricewaterhouseCoopers
Erik Guldentops, S.W.I.F.T.
Gary I. Hardy, Arthur Andersen
John A. Kuyers
John W. Lainhart IV, PricewaterhouseCoopers

Search
Search History:
Searching...
Result 00 of 00
00 results for result for
  • p.
    • Notes
    Load more