In this new series “What is” we explain specific subjects within the information security domain. Since the audience of this blog is focused on high levels of understanding, we start with “What is security management?”.
Within information security and security management we primarily focus on the identification of the assets within an organization. One of the assets with special focus is is the “knowledge” asset. This asset is the combination of what people know and what information is stored. Security management however is broad and focuses on all assets, including people, information and buildings.
Security management has a secondary task to initiate, create and maintain policies and procedures to safeguard and protect assets. For example ISO27001 focused on creating an information security management system, using the Deming cycle, better known as PDCA (Plan, Do, Check, Act).
Within security management we focus also on the commonly referred CIA triad, to keep our assets and information available, confidential and protect its integrity.
In all parts of business we have to deal with risks. Security management incorporates risk management strategies as well, including the acceptance, avoidance, mitigation or the transfer of risks. More about risk management and dealing with risks will follow later in this series.