Securing IT management in organization / Nurmuzlifa Mohamad Munir

Information Technology (IT) deals with the uses of electronic computers and computer software to convert, store, protect, process, transmit and retrieve information. Information exists in many forms, and different types of information have different values to an organization. The impact of threats to confidentiality, integrity and availability of information also depends on the information and an organization's mission. As information systems become increasingly interconnected, the opportunities for compromises increase. This paper focuses is to determine secure IT management practices among organizations and their awareness level. It also elaborated on ISO 27001, currently the only auditable international standard that defines the requirements for ISMS. It helps to establish policies, objectives and controls for information security within the context of an organization's overall business. It is based on a methodical business risk approach to establish, implement, operate, monitor, review, maintain and improve information security. The findings concluded that that the awareness level of organization in securing their IT management is moderate. More than half of the respondents agree that insider threat posed more damage (40%) yet only 43% of respondent applies security training to new employee. This is may be because security executives and top management maybe becoming over confident. Even though they are making serious headway in understanding and combating threat, organizations think they have things handled when most of them (70%) only review and update their security policy only as needed. More than half of the respondents agree that insider threat posed more damage (40%) yet only 43% of respondent applies security training to new employee.