Sports Wizard® has a fundamental interest in and commitment to strategic risk policy. Information security has become an important topic as part of the conversations with partners about policy. This week, Josh Fruhlinger (2020) (link) has written about information security.
In his post on the CSO blog, Josh notes information security is “a set of practices intended to keep data secure from unauthorized access or alterations, both when it’s being stored and when it’s being transmitted from one machine or physical location to another”.
Josh adds “you will sometimes see information security and cybersecurity used interchangeably. Strictly speaking, cybersecurity is the broader practice of defending IT assets from attack, and information security is a specific discipline under the cybersecurity umbrella. Network security and application security are sister practices to information security, focusing on networks and application code, respectively”.
He asserts that confidentiality, integrity, and availability are key information security principles. He adds “in an ideal world, your data should always be kept confidential, in its correct state, and available”.
These principles when they are “applied to an organisation, take the form of a security policy”. Such a policy tends to include:
- A statement describing the purpose of the information security program and the overall objectives.
- Definitions of key terms used in the document to ensure shared understanding.
- An access control policy, determining who has access to what data and how they can establish their rights.
- A password policy.
- A data support and operations plan to ensure that data is always available to those who need it.
- Employees’ roles and responsibilities when it comes to safeguarding data, including who is ultimately responsible for information security.
Josh’ s post is a timely contribution to the consideration of data and information security. At Sports Wizard® we place a great emphasis on strategic governance. We aim to ensure that each organisation has an information security policy as part of a wider strategic risk policy.