(0.1 What is information security? Like other important business assets, information is also an asset that is vital to business organization and needs to be properly maintained. This is especially important in an increasingly interconnected business environment. This increase in interconnectivity exposes information to a growing and wider range of threats and vulnerabilities (see also the OECD Guidelines for Security of Information Systems and Networks). Information can exist in many ways. It can be printed or written on paper, stored electronically, transmitted by post or electronically, presented on film, or expressed in words. Regardless of how the information exists, and how it is stored or shared, it should be properly maintained. Information security is the protection of information from various threats to ensure business continuity, minimize business risks, maximize investment returns and maximize business opportunities. Information security is achieved by implementing a set of appropriate controls, including policies, processes, procedures, arrangements, and software and hardware capabilities. These controls shall be established, implemented, monitored, assessed and improved as required to ensure that the specific security and operational scenarios of the arrangement are satisfied. This process should be carried out in conjunction with other business management processes.
17799 Specification Chinese Version.doc)
收藏
