Information Security Risks Could Threaten Your Business

Risk Types to Avoid

The core purpose of an Information Security Management System (ISMS) is to provide protection for sensitive or valuable information. Sensitive information typically includes information about employees, customers and suppliers. Valuable information may include intellectual property, financial data, legal records, commercial data and operational data.

Risk Terms to Learn

Threats and vulnerabilities to company assets that process, store, hold, protect, or control access to information trigger information security risks that lead to incidents. Assets in a company are typically people, equipment, systems or infrastructure owned by the company while information is the data set(s) that the company wants to protect such as employee records, customer records, financial records, design data, test data etc.

A Cycle to Govern All ISMS Processes

ISO 27001 standard requires company to use a method for continuous improvement in information security policy and Plan-Do-Check-Act (PDCA) cycle is the preferred method for most information security teams. PDCA can be applied whenever the organization consider making a change as well as relevant to manage risk of information security, thus the delivering results could be in accordance with the company’s overall policies and objectives.

Conclusion

The core purpose of an Information Security Management System (ISMS) is to provide protection for sensitive or valuable information and there are three categories of information security risks types commonly referred as “CIA”: Confidentiality, Integrity, and Availability. Last but not least, there is also PDCA cycle that could be used to govern ISMS process and manage risk of information security as well as provide an ongoing focus on continuous improvement.

References

1. Russell, J. (n.d.). ISO/IEC 27001:2013 Implementation Guide. NQA. Global Certification Body.

IT & Soft Skill Training, Coaching, and Consulting Service Provider