To align IT security with business security and ensure that information security is effectively managed in all service and IT Service Management activities.
Security objectives are met when:
* Information is available and usable when required, and the systems that provide it can appropriate resist attacks and recover from or prevent failures (availability)
* Information is observed by or disclosed to only those who have a right to know (confidentiality)
* Information is complete, accurate and protected against unauthorized modification (integrity)
* Business transactions, as well as information exchanges between enterprises, or with partners, can be trusted (authenticity and non-repudiation).
Information Security Management ensures that the confidentiality, integrity and availability of an organization’s assets, information, data and IT services is maintained. Information Security Management must consider the following four perspectives:
* Organizational – Define security policies and staff awareness of these
* Procedural – Defined procedures used to control security
* Physical – Controls used to protect any physical sites against security incidents
* Technical – Controls used to protect the IT infrastructure against security incidents.