Information Security Management
Information Security is exactly what it says, the security of information. Typically, this is the information that you or the organization ‘own’ and process. Applying security to information is comparable to the application of security to any physical asset.
Historically, information security has been called a number of different things such as (a) Data security (b) IT security (c) Computer security. At prime KBS, we are of the opinion that these terms except (a) Data Security, ignore the fact that the information that is held on the computers is almost always and most certainly worth many times more than the computers that it runs on. The correct term should therefore be ‘Information Security’ and typically information security comprises three component parts; Confidentiality, Integrity and Availability. At Prime KBS we believe that at least two more components should be included; Accountability and Auditability.
The title Information Security Management was deliberately chosen to emphasize the need for this fundamental component of good business practice to be addressed as an aspect of general management rather than as a new and separate topic. It is clear that security is a matter of identifying valuable assets and deciding how best to safeguard them. It is not the process of ‘IT Security’ which seeks to protect IT systems – what needs to be protected is the information that they process but this processing must be for the whole life cycle from creation to destruction – and this does not always involve IT systems or processes.
The institute’s position is that the greatest number of security breaches are directly attributable to the failure of people to comply with rules and objectives of their own security policies and procedures. Understanding this process is essential if top executives are to meet the ever- increasing needs to comply with the requirements of Corporate Governance and good corporate husbandry.
The institute’s faculty conducts Information Security Management Programmes a Knowledge Based Solution both nationally and internationally. These customised programmes have been developed for the public and private sector. The aim of the program is to achieve breakthrough in producing complex problem- solving professionals who recognise that understanding the rules and objectives of their own security policies is an essential Individual Competence scope to develop. Results are achieved through project-driven Action-Learning Approach, in which the workplace is the laboratory of learning.