Below are the necessary security requirements for information systems.
A security policy clarifies the approach the company should take in relation to information assets, and the actions employees should take.
It is necessary to undertake security of information systems while maintaining security policies.
Security has the aspects below. It is necessary to manage information in an integrated manner based on these aspects.
Access to the information is restricted to prevent leakage of information outside of the company
Example measures: Prevention of information leakage or setup of access privileges
Integrity is guaranteed, ensuring information does not become corrupted or tampered with
Example measures: Prevention or detection of tampering
Failure is prevented and normal operation is maintained so that information can be used when needed
Example measures: Power supply measures, system mirroring
