About Information Security
A company's assets consist of many different elements which combined make the company capable of achieving its goals, meet its obligations and maintain its day-to-day operations. Whether those assets consist of processes, information, employees, IT systems, building or infrastructure, the management must ensure that they are adequately protected.
The company's management must take responsibility in the case of a security breach or loss or deterioration of assets resulting from lower priority or lack of focus on information security.
The management must define an acceptable risk level for the company and objectives for how IT systems should be used to protect the company's assets. The complexity of IT systems and the company's reliance on them means that assets in the IT environment should be included in the overall risk assessment and be made a natural part of the company's general governance.
Why Information Security?
INADEQUATE IT GOVERNANCE CAN LEAD TO:
- inaccessible and unreliable information
- inaccurate and unreliable accounts and management reports
- fraud and loss of confidential information
- reduced business partner confidence
- direct financial loss
- loss of reputation
- costs incurred for rectifying errors
- measures and investments that do not support business-critical processes and achievement of objectives
Technology and technical solutions alone cannot adequately meet a company's security needs. It is therefore important that solid groundwork is done before solutions and measures are implemented. It is particularly important that employees receive the necessary training related to IT security and proper use of IT systems.