This report examines the organisation, programmes and resources needed to promote good practice in information security effectively across an enterprise (ie an individual
company, business unit or public-sector body).
It presents an objective, factual analysis of the impact that security management has on an organisation; and covers the status of information security arrangements ‘on the ground’ (ie as applied to individual critical business applications, computer installations,
networks and systems development activities), the risk of major incidents affecting business-critical environments and whether particular methods of managing security have a discernible impact on risk.
|
