Information security is an essential enabler for the protection of privacy and personal data. Moreover, most organisations must deal with an ever-changing landscape affecting their operations. Uncertainties created by such changes will affect how the organisation needs to react in order to ensure that its information assets are suitably protected. Therefore, there is a need for a specific framework that helps individuals responsible for information security to manage the uncertainties which might affect the security of their organisation's information over time. Such a framework for a specific organisation is referred to as Information Security Risk Management process.
There are three generally accepted elements to properly secure information.
- Confidentiality: so that only the right people have access to the information;
- Integrity: so that only the right people can update the information in the right way; and
- Availability: the information is available when needed.