ISO将信息安全定义为:为数据处理系统的建立和使用实现技术、管理上的安全保护,为的是保护计算机硬件、软件、数据不因偶然和恶意的原因而遭到破坏、更改和泄露。
信息安全从侠义上来说,主要指电子系统、计算机网络中的信息安全。也称为网络安全或计算机安全。
首先,安全的根本目的是保证组织业务可持续运行,保证利益的相关者生命、财产安全的延续;
其次信息安全应该建立在整个生命周期中所关联的人、事、物的基础上综合考虑人、技术、管理和过程控制,使得信息安全不是一个局部而是一个整体,单纯地从某个层次考虑安全问题往往会带来致命的损害;
第三,信息安全考虑成本因素,财务成本事信息安全必须要考虑的问题,作为安全管理人员,必须清晰地链接组织的资产财务成本、价值以及组织利用信息技术带来的收益情况;
最后,随着整个社会的对信息化的依赖,信息系统所维系得不仅仅是业务上得支撑和辅助,而是业务的命脉,没有信息安全也就没有业务安全。
英文翻译:
ISO defines information security as: the establishment and use of data processing systems to achieve technical and management security protection, in order to protect computer hardware, software, data from accidental and malicious reasons to be damaged, changed and leaked.
From the chivalrous point of view, information security mainly refers to the information security in electronic systems and computer networks. Also known as network security or computer security.
First of all, the fundamental purpose of security is to ensure the sustainable operation of the organization’s business and ensure the continuation of the life and property safety of stakeholders.
Secondly, information security should be based on the people, things and things associated in the whole life cycle, considering people, technology, management and process control comprehensively, so that information security is not a part but a whole, and simply considering security issues from a certain level will often bring fatal damage.
Third, information security takes into account the cost factor, and financial cost is an issue that information security must consider. As a security manager, it is necessary to clearly link the financial cost and value of the assets of the organization and the benefits brought by the use of information technology.
Finally, with the whole society’s dependence on information technology, the information system is not only maintained to support and assist the business, but also the lifeblood of the business. Without information security, there is no business security.
本文由数字化转型网(www.szhzxw.cn)转载而成,来源于网络;编辑/翻译:数字化转型网默然。
