Information Security here refers to the protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats.
Three widely accepted elements of information security are:
- Confidentiality
- Integrity
- Availability
Information security is achieved by implementing a suitable set of controls, including policies, processes, procedures, organizational structures and software and hardware functions. These controls need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure that the specific security and business objectives of the organization are met.
Information Security Audit Resources
- Information Security Handbook: A Guide for Managers
- Managing Information Security Risk
- Information Security Control Standards – ISO/IEC 27001
- Technical Guide to Information Security Testing and Assessment
- Performance Measurement Guide for Information Security
- Electronic Authentication Guideline
- Recommendation for Key Management
- Information Security – FFIEC Handbook
- Computer Security Incident Handling Guide
- Guide for implementing HIPAA
