Viewing Security Management as a Business Practice, Part 3: Integrating Information Security with Business Management
This series of articles illustrates why information-security risk management should be considered an important business practice. Since most organizations rely on access to electronic data to conduct business, the data must be protected from misuse. The ability of an organization to achieve its mission and meet its business objectives is directly and strategically linked to the state of the computing infrastructure and to the manner in which people interact with that infrastructure.
For an organization to be in the best position to achieve its mission, its people need to understand which information-related assets are important, as well as what they should do to protect those assets. Implementing an information-security risk management approach such as OCTAVE provides the organization with a context-driven approach for improving its security posture.