The purpose of the Information Security Management process is to align IT security with business security and ensure that information security is effectively managed in all service and
Service Management activities, such that:
• Information is available and usable when required (availability)
• Information is observed by or disclosed to only those who have a right to know (confidentiality)
• Information is complete, accurate and protected against unauthorized modification (integrity)
• Business transactions, as well as information exchanges, can be trusted (authenticity and nonrepudiation).
Change management aims to ensure that standardized methods and procedures are used for efficient handling of all changes. A change is an event that results in a new status of one or more configuration items, and which is approved by management, cost-effective, enhances business process changes (fixes) – all with a minimum risk to IT infrastructure.
The main aims of change management include:
- Minimal disruption of services
- Reduction in back-out activities
- Economic use of resources involved in the change
IT Continuity Management supports the overall business continuity by ensuring that the required IT technical and service facilities can be resumed within required and agreed business timescales.
• To maintain service continuity and IT recovery plans that support the business continuity
• To conduct regular risk assessment and management activities
• To provide advice and guidance regarding to service continuity
• To implement measures to meet or exceed business continuity targets
• To check the impact of changes on existing plans
• To negotiate necessary contracts with suppliers.
An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization’s goals or objectives.
What is IT governance?
It is placing structure around how organizations align IT strategy with business strategy, ensuring that companies stay on track to achieve their strategies and goals, and implementing good ways to measure IT’s performance. It makes sure that all stakeholders’ interests are taken into account and that processes provide measurable results. An IT governance framework should answer some key questions, such as how the IT department is functioning overall, what key metrics management needs and what return IT is giving back to the business from the investment it’s making