The English word for "Management" in information security management is management. If we define its meaning, generally speaking, effective results can be achieved through some specific means. The purpose of information security is to protect the security of information assets and ensure the stable operation of business; Information security means include people, processes and technologies, commonly known as PPT.
1, the purpose of information security management is to protect the security of information assets and ensure the stable operation of business, which has universal applicability; Specifically, it is to protect the confidentiality, integrity and availability of information assets, that is, CIA. There is also a saying that information security is equal to CIA. Today, I will briefly explain three means of information security management.
2, people, is the core of the three means, emphasizing the knowledge, skills and experience of people in the process of information security management, as well as the understanding and cognition of information security. Information security is a highly professional job. To achieve the goal of information security management, we need a professional team with strong professionalism. At the same time, information security is closely related to everyone, and anyone's negligence may lead to information security incidents, so it is particularly important to improve everyone's awareness of information security.
3. Technology is the fastest developing and most widely used of the three means. The application of technology can greatly improve work efficiency, free people's main energy from tedious and repetitive affairs, give play to greater subjective initiative and create greater value. At the same time, technology is relatively more reliable. Reliability here has two meanings, one is that technology will not make mistakes because of fatigue, and the other is that technology will not deceive people. So many times, people prefer technology to other means.
4. Process is one of the three means with long implementation period, slow effect and high failure rate, and it will exert great power once it is accumulated to a certain extent. The role of process in information security management can be used as a supplement to the other two means, which is helpful to make it better applied and play a greater role, and improve the efficiency and effect of information security management. On the other hand, this process can also lead the direction of information security management and provide guidance for the application of other means. About the means of process, we will explain in detail in the process management in the future.
Generally speaking, these three means have their own characteristics and advantages, and there is no distinction between good and bad, as long as they achieve the specific purpose of management, they are good; At the same time, different means can also cooperate with each other. At present, the boundaries of the three means are becoming more and more blurred, and mutual integration is the trend.