|
|
|
|
|
|
|
The value of information has become important to the existence of most organizations today. Information can provide an organization with a competitive advantage, but it can also cause the destruction of the organization if misused or compromise.
Because of the criticality of this process, it should be part of corporate governance of every organization.
Until recently, the focus of security had been on protecting the IT systems that process and store the vast majority of information, rather than on the information itself. However, this approach is too narrow to accomplish the level of integration, process assurance and overall protection that is now required.
To achieve effectiveness and sustainability in today’s complex, interconnected world, information security must be addressed at the highest levels of the organisation, not regarded as a technical specialty relegated to the IT department.
Information security is not only a technical issue, but a business and governance challenge that involves adequate risk management, reporting and accountability. Effective security requires the active involvement of executives to assess emerging threats and the organisation’s response to them.
We, at SECOZ, believe that information security governance should be the core for any Information Security activity.
|
|
|
|
|
|
|
