Questions On Information Security Program

1951 Words8 Pages
1.0 INTRODUCTION
1.1 Information Security Program
This is a framework that keeps an organization at a desired security level by assessing the risks that are faced, deciding how an organization will mitigate them and also planning on how to keep security practices up-to-date. Protection of data all boils down to C.I.A which stands for confidentiality, integrity and availability respectively. Confidentiality can be defined as data and information can only be accessed by authorized personnel. Integrity is the aspect of data being valid or not corrupt. Availability can be defined as only authorized personnel can access information without any interference. Failure to protect the three characteristics of information may lead to customer mistrust, business losses or even bad image of the company.
For an organization like a bank, data management is a key element because it holds data related to financial information and crucial customer credentials. A failure to safeguard data may lead to customer’s credit card number being stolen or even loss of client confidence in the organization. A security program helps a business to take steps to mitigate risk of losing data and also has a well documented life cycle for managing security of information and technology in the organization. The Information Security Program and security standards are not intended to prevent, prohibit, or inhibit the sanctioned use of information assets as required to an organization’s core mission and also
Get Access