Nowadays medium, big and sometimes even small organizations depend on information and information technologies processing it. If critical information is leaked, changed, not accessible or critical information technologies services are interrupted or misused organization's clients, members, founders as well as the organization itself or even third-parties can be hurt.
Purposes of Information Security are:
- to identify critical for organization, members, clients, etc information and IT services;
- to identify threats and risks to critical information and IT services;
- to identify what can happen if risks are realized;
- to develop cost effective approaches to risks mitigation for assurance critical information confidentiality, integrity, availability and critical IT services continuity and usage according to its intended purposes;
- to ensure that risks are mitigated and do not exceed acceptable by the TOP management level.
So the main value of mature Information Security for an organization is cost-effective keeping risks to critical information and IT services below or at acceptable by the TOP management level.
