Basic
policy
Information security policy
Standards for
measures
Procedures for
implementation
●Procedures for implementation
The procedures for implementation are usually not covered by the information security policy. The procedures for implementation describe the
procedures for executing the contents prescribed by the “standards for
measures,” as it relates to specific and individual work and information
systems.
3
Technology element
●Standards for measures
The organization establishes a concrete code and evaluation criteria in accordance with the basic policy, describing the “information assets,
threats, and degree of protection against threats.”
Chapter 9
●Basic policy
Describes the guidelines from upper management for pursuing information
security initiatives as an organization. Upper management must explain the
reasons for pursuing these initiatives to the employees of the organization.
Three major elements of information
security management
“Information security management” is designed to protect information
assets from various threats, and secure the “confidentiality”, “integrity”,
and “availability” of the information assets. These three elements are to
be secured in a balanced manner.
●Confidentiality
Ensure that only persons authorized to have access are able to access information.
●Integrity
Protect the accuracy and integrity of information and processing methods.
●Availability
Ensure that authorized users are able to access information and related assets when needed.
286