دانلود کتاب اصول مدیریت امنیت اطلاعات، ویرایش سوم

Data and information have been important for a very wide variety of reasons and for as many centuries as man has been able to pass valuable data to another person. The location of the nearest water hole, herd of wild animals or warm cave was a carefully guarded secret that was only passed on to those with a need to know and who could be trusted not to divulge the information to other, possibly hostile, tribes. The methods of transfer and the storage of such information were perhaps rather more primitive than today, but the basic principles of information security have not changed too much since those days. Information assurance is now well founded in three major concepts – those of confidentiality, integrity and availability. Managing these concepts is critical and, as information has increasingly become one of the modern currencies of society, it is the retention of assurance in an appropriate and cost-effective manner that has become of keen interest to businesses in all sectors, of all sizes and in all locations. Specific measures taken to ensure that information is held securely is termed ‘information security’ – the way of achieving information assurance. As an example, even within living memory, the quantity of numbers we are given and need to enable us to exist and participate in modern society has risen almost exponentially from virtually zero in the early part of the 20th century, to several hundred (and still growing) now: PIN codes; licence numbers; credit card numbers; number plates; telephone numbers; employee number; health, tax and insurance numbers; access codes; customer numbers; train times; tram or bus numbers; and so on. We now need to remember such numbers on a day-to-day basis, and that is before we start work proper and have to deal with all those things that allow us to earn our salary, where even more numbers and other elements of information will occur. The mechanisms we use to manage information are the areas where we have seen very significant change, notably in the last few decades. The advent of computers in particular has extensively altered the way we manage information and has also meant that we have much more information to worry about than ever before. Information has become the key to success in almost any field and so the assurance of it has gained in significance and, perhaps more importantly, in value to a business or organisation. It may not necessarily be financial value that is the most important factor. Lack of knowledge of some issue or the way things are done, or knowing the currency of specific pieces of information may be more important than any financial valuation. Nevertheless, looking after it properly is still very important.