In a global information society, where information travels through cyberspace on a routine basis, the significance of information is widely accepted. In addition, information and the information systems and communications that deliver the information are truly pervasive throughout organization – from the user‘s platform to local wide area networks to servers to mainframe computers. Organizations depend on timely, accurate, complete, valid, consistent, relevant and reliable information. Accordingly, executive management has a responsibility to ensure that the organization provides all users with a secure information systems environment.
Now, it is clear that there are not only many direct and indirect benefits from the use of information systems, there are also many direct and indirect risks relating to the information systems. These risks have let to a gap between the need to protect systems and the degree of protection applied. Security failures many result in both financial losses and/or intangible losses such as unauthorized disclosure of competitive or sensitive information. Threats to information systems may arise from intentional and unintentional acts and may come from internal or external sources.
Adequate measures for information security help to ensure the smooth functioning of information systems and protect the organization from loss or embarrassment caused security failures.