Information Security Managements is responsible for the security of provided services. The security could be impaired in multiple ways, e.g.:
- Security issues within used components (e.g. IT infrastructure)
- Software Bugs
- Physical: Tailgating
- Social Engineering
Scope
Information Security Management secures a service based on the CIAA methdology:
- Confidentiality
Data is only available to defined users - Integrity
Data cannot be manipulated (e.g. Man-in-the-Middle attack) - Availability
Data is available, see Availability Management - Authenticity
Data is authentic and true
Activities
Information Security Management tries to reduce the impact of any thread:
Critical Success Factors
The following items are examples:
- CSF: Effective protection of the business
- KPI: Amount of security breaches
- KPI: Reduction of the impact of security breaches
- CSF: Suitable actions and policies
- KPI: Reduction of deviation between Information Security Management and Business Security Management policies and processes
- KPI: Increased acceptance of actions and policies
- CSF: Service availability is not impaired through security incidents
- KPI: Reduced impact through security incidents
- CSF: Effective marketing and training
- CSF: Transparent roles and responsibilities
- CSF: Existing meachnism for Continual Service Improvement