ABSTRACT
The information security manager must establish and
maintain a security program that ensures three require-
ments: the confidentiality, integrity, and availability of
the company’s information resources. Some security
experts argue that two other requirements may be
added to these three: utility and authenticity (i.e., accu-
racy). In this discussion, however, the usefulness and
authenticity of information are addressed within the
context of the three basic requirements of security
management.