Information Security Management

In today’s knowledge driven economy, information is a key to the success of any business.

For example, the patents owned by a telecom company drive its growth. If this information were available freely, anyone would be able to duplicate that technology and compete with the creator. Imagine what it would do the business of Microsoft if its Vista source code were available in public domain. Since information is so critical, its security becomes an important concern for any business or organization. Information Security is the process of protecting data from unauthorized access.

It is based on the following four pillars:
1. Confidentiality – Privacy of information must be maintained
2. Integrity – Information available should be updated and correct. Any modifications to the information must be recorded.
3. Accessibility – Information should be easily available to people who are supposed to have access to it.
4. Authenticity – Information should be reliable and its source identifiable.

There are many standards available to implement information security in an organization These include: BS7799, ISO, etc. An organization wanting to have a proper information security process can get certified for any of these. Once certified, a customized security policy is put in place, which goes a long way in guaranteeing information security technologies like data encryption, digital signatures, biometric identification, vulnerability analysis, etc are being used to protect information. Software tools like scanners, firewalls, packet snuffers, encryption programs, anti-virus programs, are becoming very popular and go a long way in defending against unauthorized access to information.