Which of the following defines the level of protection in Information Security Management?
A. The IT Executive
B. The ISO27001 Standard
C. The Business
D. The Service Level Manager
One Comment on “Which of the following defines the level of protection in Information Security Management?”
Michael McNeilsays:
Page 153 of ITIL3 Service Design
Prioritization of confidentiality, integrity and availability
must be considered in the context of business and
business processes. The primary guide to defining what
must be protected and the level of protection has to
come from the business. To be effective, security must
address entire business processes from end to end and
cover the physical and technical aspects. Only within the
context of business needs and risks can management
define security.
Page 153 of ITIL3 Service Design
Prioritization of confidentiality, integrity and availability
must be considered in the context of business and
business processes. The primary guide to defining what
must be protected and the level of protection has to
come from the business. To be effective, security must
address entire business processes from end to end and
cover the physical and technical aspects. Only within the
context of business needs and risks can management
define security.