CHAPTER 2:
WHY INFORMATION SECURITY?
The specification for information security management, ISO 27001, defines information security as:
Information Security: The preservation of confidentiality, integrity and availability of information; in addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved
where:
Confidentiality: the property that information is not made available or disclosed to unauthorised individuals, entities, or processes
Integrity: the property of safeguarding the accuracy and completeness of assets
Availability: the property of being accessible and usable upon demand by an authorised entity
A rapidly increasing number of organisations are pursuing certification to ISO 27001 to demonstrate their security stance.
Many organisations need assessments to ISO 27001, and they therefore request and pay for them; they are the means whereby a company achieves recognition as an organisation that values the information it both generates and is entrusted with. This includes demonstrating to its clients that their information is safe with them.
Certification also enables organisations to maintain the competitive edge they need – without it they could be at a serious disadvantage. They also need assessments as an impartial and objective opinion of their own operation – they keep the organisation on its toes and can also help it keep up with the latest business practices.