Information is an asset which, like other important business assets, has value to an organisation and consequently needs to be suitably protected. Information Security preservation of confidentiality, integrity and availability of information; in addition, other properties, such as authenticity, accountability, non – repudiation, and reliability can also be involved.

Without suitable protection, information can be:
 

• Given away, leaked or disclosed in an unauthorised way

• Modified without your knowledge to become less valuable

• Lost without trace or hope of recovery

• Can be rendered unavailable when needed

Information should be protected and properly managed like any other important business asset of an organisation. From security perspective, appropriate protection should be applied to all forms of information.

ISO 27001:2005 defines best practice for Information Security Management.
 

• The management system should balance physical, technical, procedural and personnel security.

• Without a formal information security management system such as ISO 27001:2005 based system, security will be breached.

• Information security is a Management process, not a Technological process.