ABSTRACT
Information security is a management rather than a technical issue. Security should be managed according to the level of risk and potential threats to the organization. The level of risk is influenced by the type of organization, its business and its objectives. An organization that operates in a highly competitive environment, depends upon large-scale information processing for its business, or manages a large proportion of personal or commercially sensitive information will have a higher security risk than an organization in a more stable and less sensitive environment. For example, the level of risk in the banking industry is much higher than the level of risk in a public library.
