Information security management (ISM) codifies the protection of your environment’s confidentiality, integrity, and availability (CIA) as part of an organization’s overall IT management objectives. ISM involves planning, building, and managing security controls that protect systems and data in the organization against security risks and threats. Furthermore, ISM deals with ensuring
ISM is the practice of protecting information and information systems by maintaining its tenets, namely confidentiality, integrity, and availability (CIA) triad.
- Confidentiality: focuses on limiting access to data to authorized entities only and further prevents exposure of information to anyone who is not intended entity.
- Integrity: Deals with maintaining the accuracy, validity, and completeness of information and information systems. And it ensures that data is not modified with anyone other than an authorized entity with valid intent.
- Availability: concerned with ensuring that authorized entities can access required data whenever and wherever they need it.
One critical component of information security management (ISM) is risk management. And risk management deals with identifying and analyzing security threats, and vulnerability thereby quantifying and addressing the risks associated with each of them.
- Threats: Anything harmful that is capable of intentionally or inadvertently compromising security of organizational assets.
- Vulnerability: Weakness or gap existing within an information and/or information systems.
- Risk: the intersection of threat and vulnerability that defines the probability of a vulnerability being exploited by a threat agent and the consequence should that exploitation occurs. Risk = Threat * Vulnerability.
ISM is a practice that focuses on establishing access controls, security controls, encryption techniques, physical security, incident management, business continuity/disaster recovery, and so on safeguards in an organization.