ABSTRACT
Information security management establishes the foundation of a comprehensive and proactive security program to ensure the protection of an organization’s information assets. Today’s environment of highly interconnected, interdependent systems necessitates the requirement to understand the linkage between information technology and meeting business objectives. Information security management communicates the risks accepted by the organization due to the currently implemented security controls, and it continually works to cost effectively enhance the controls to minimize the risk to the company’s information assets. Security management encompasses the administrative, technical, and physical controls necessary to adequately protect the confidentiality, integrity, and availability of information assets. Controls are manifested through a foundation of policies, procedures, standards, baselines, and guidelines.
