(3)Types and characteristics of physical threats
Physical threats such as natural disasters, destruction, and sabotage can
prevent access to information or lead to the destruction of information,
which in turn can interfere with the execution of work or provision of services.
●Natural disasters
Natural disasters such as earthquakes, fire, and flooding can cause the destruction of computers or information. Unlike threats from social engineering, it is difficult to control threats from natural disasters. Measures that
include appropriate response after a threat has materialized must be formulated.
Chapter 9
●Destruction and sabotage
Deletion of data within a computer, destruction of actual storage media,
and spread of malicious code or programs through unauthorized access to
computers can interfere with work.
Technology element
9-5-2 Information security management
“Risk management” refers to the process of ascertaining and analyzing
risks, and assessing the risks from the standpoint of the frequency of occurrence and extent of impact, in order to implement certain measures according to the type of risk. It is also important to formulate measures to
minimize the damage, if the risk actually materializes. Information security management and personal information protection are types of risk management.
1
ISMS (Information Security Management System)
“ISMS” is a unified framework for an organization to improve the level of
information security by implementing necessary information security
measures based on risk analysis/assessment.
(1)Risk management
“Risk management” is a method for identifying where and how risks exist in using information systems, and measuring the extent of losses and
impact if the identified risks materialize. The order of priority is also determined for foreseeable risks, starting with risks that have the greatest probability of materializing and incur the greatest losses.
Reference
ISMS conformity assessment system
An ISMS conformity assessment system is a system for assessment that is
conducted by a third party examination
and registration organization to determine conformance with international
conformity standards.
Abbreviation for “Information Security
Management System.”
284