Difference between revisions of "Information security management practice"
| Line 1: | Line 1: | ||
| − | [[Information security management practice]] (hereinafter, the ''Practice'') is the [[practice]] to protect an organization by understanding and managing risks to the confidentiality, integrity, and availability of information. This ''Practice'' is a part of the [[ITIL practices]]. | + | [[Information security management practice]] (hereinafter, the ''Practice'') is the [[practice]] to protect an organization by understanding and managing risks to the confidentiality, integrity, and availability of information. The ''Practice'' relates to [[]], [[]], and [[service management]]. This ''Practice'' is a part of the [[ITIL practices]]. |
Revision as of 20:46, 28 December 2020
Information security management practice (hereinafter, the Practice) is the practice to protect an organization by understanding and managing risks to the confidentiality, integrity, and availability of information. The Practice relates to [[]], [[]], and service management. This Practice is a part of the ITIL practices.
Definitions
According to the ITIL Foundation 4e by Axelos,
- Information security management practice. The practice of protecting an organization by understanding and managing risks to the confidentiality, integrity, and availability of information.
Purpose
The purpose of the Practice is to protect the information needed by the organization to conduct its business.
Parts
The Practice includes understanding and managing risks to:
- Confidentiality
- Integrity
- Availability
- Authentication
- Non-repudiation
