This preview has intentionally blurred parts. Sign up to view the full document

View Full Document

Unformatted Document Excerpt

Management of Information Security 1-1 Chapter 1 Introduction to the Management of Information Security Chapter Overview The opening chapter establishes the foundation for understanding the field of Information Security. This is accomplished by explaining the importance of information technology and defining who is responsible for protecting an organizations information assets. In this chapter the student will come to know and understand the definition and key characteristics of information security as well as the come to recognize the characteristics that differentiate information security management from general management. Chapter Objectives When you complete this chapter, you will be able to: Recognize the importance of information technology and understand who is responsible for protecting an organizations information assets Know and understand the definition and key characteristics of information security Know and understand the definition and key characteristics of leadership and management Recognize the characteristics that differentiate information security management from general management INTRODUCTION Information technology is the vehicle that stores and transports informationa companys most valuable resourcefrom one business unit to another. But what happens if the vehicle breaks down, even for a little while? As businesses have become more fluid, the concept of computer security has been replaced by the concept of information security. Because this new concept covers a broader range of issues, from the protection of data to the protection of human resources, information security is no longer the sole responsibility of a discrete group of people in the company; rather, it is the responsibility of every employee, and especially managers. Organizations must realize that information security funding and planning decisions involve more than just technical managers: Rather, the process should involve three distinct groups of decision makers, or communities of interest: Information security managers and professionals Information technology managers and professionals Nontechnical business managers and professionals Management of Information Security 1-2 These communities of interest fulfill the following roles: The information security community protects the organizations information assets from the many threats they face. The information technology community supports the business objectives of the organization by supplying and supporting information technology appropriate to the business needs. The nontechnical general business community articulates and communicates organizational policy and objectives and allocates resources to the other groups. ... View Full Document

End of Preview

Sign up now to access the rest of the document