Information Security Management Goal and objectives

To align IT security with business security and ensure that information security is effectively managed in all service and IT Service Management activities.

Security objectives are met when:

* Information is available and usable when required, and the systems that provide it can appropriate resist attacks and recover from or prevent failures (availability)
* Information is observed by or disclosed to only those who have a right to know (confidentiality)
* Information is complete, accurate and protected against unauthorized modification (integrity)
* Business transactions, as well as information exchanges between enterprises, or with partners, can be trusted (authenticity and non-repudiation).

Information Security Management ensures that the confidentiality, integrity and availability of an organization’s assets, information, data and IT services is maintained. Information Security Management must consider the following four perspectives:

* Organizational – Define security policies and staff awareness of these
* Procedural – Defined procedures used to control security
* Physical – Controls used to protect any physical sites against security incidents
* Technical – Controls used to protect the IT infrastructure against security incidents.