6. Information Security Management

manager Wed, 09/03/2014 - 16:55

Term/Theory

Definition/Point

Responsible

For management of security risks

Purpose

Align IT security with Business Security

Objectives

Ensures (CIA) confidentiality, integrity, availability of assets, information, data and IT services always matches the agreed needs of the business

Activities
  • The production, maintenance, distribution and enforcement of an information security policy and supporting security policies
  • Implement security controls supporting the information security policy and manage risks with access to services, information and systems
  • Management of all security breaches, incidents and problems associated with
  • The proactive improvement of security controls, and security risk management and the reduction of security risks
  • Integration of security aspects within all other ITSM processes