Information security, part of convincing top management, on how
important it is an effective safeguard of information assets, in precise
clear language, in business language. Without the support of the
business, any policy will be insufficient, let‟s not forget that those
who are responsible for complying with the policies are the people
and if they do not have the mandate or the motivation to do so
frankly do not open awareness campaign to achieve it.
Finally, being a CISO is not a simple task. It is one which requires a
constant effort and a dedication to studies as well as certification in
the best practices of the market. Always be pending to the threats of
the environment since these never rest.
This article was taken from here
What is the triad?
Next, as a complement identifies the pillars that deliver the
management of information security and which means as a
contribution to the service in the quest to generate value for the
organization.
Confidentiality: Information labeled as private, confidential,
sensitive or reserved should operate under the right people. It is a
guarantee that must exist in a service of the nature of the
Undersecretariat since documents must maintain their character and
recipient, and only be received by the person corresponding to the
moment of his evacuation.
Integrity: The information cannot
authorization. Preserving its initial format.
be
modified
without
Availability: Officials must be able to enter information and work on
it when they need it. And… two more.
Authenticity and non-repudiation: The service must generate
guarantees that only authorized users and owners use their
credentials, thus avoiding possible problems of misuse of
organizational accounts.
Traceability: Should the service be able to trace the processes, or
determine the “what? when? or how?” of the critical processes of the
organization? Yes! It improves the response times of formal
processes or administrative documents.
5