Information security management practice
Information security management practice (hereinafter, the Practice) is the practice that
. This Practice is a part of the ITIL practices.
of protecting an organization by understanding and managing risks to the confidentiality, integrity, and availability of information.
According to the ITIL Foundation 4e by Axelos,
- Information security management practice. The practice of protecting an organization by understanding and managing risks to the confidentiality, integrity, and availability of information.
The purpose of the Practice is to protect the information needed by the organization to conduct its business.
The Practice includes understanding and managing risks to:
- Confidentiality
- Integrity
- Availability
- Authentication
- Non-repudiation