Information security as utilization tool of enterprise information capitalSaša Aksentijević, Saipem Mediteran Usluge LLc, RijekaEdvard Tijan, Adrijana Agatić, University of Rijeka, Faculty of Maritime StudiesOpatija, May 2011.

AGENDA

• Introduction

• Definition and development of information security

• Impact of risk concept on information security

• Definition of information capital

• Components of information capital

• Identification of information capital

• Legal requirements and best practice measures

• Q&A

INTRODUCTION

Capital is a production factor that by itself does not have a particular value needed by the consumer when compared with comparable goods, but capital possesses the ability to reproduce maintaining the characteristics of relative non-changeability in production process, therefore serving as a catalyst in production of other goods.

This division of forms of capital has opened a number of questions and dilemmas that are not yet solved entirely, especially in regard to relation between different forms of capital

DEFINITION AND DEVELOPMENT OF INFORMATION SECURITY

Information protection is an academic and a multidisciplinary activity conducted between different professional organization, working towards the common goal of ensuring security and protection of information systems.

IMPACT OF RISK CONCEPT ON INFORMATION SECURITY

• Risk is a stochastic concept that describes potentially negative impact on enterprise activities that can be a consequence of some ongoing process or can be caused by a future event.

• Information capital risk management is a structured approach to insecurity and uncertainty management by using the tools of risk assessment and management

• The final goal of every risk treatment process is lowering the risk to a level that is acceptable by the enterprise.

DEFINITION OF INFORMATION CAPITAL

Enterprise information capital can be defined as non-material form of capital whose usage in business activities acts as a catalyst in production of goods and services, and is represented by classified information and knowledge stored inside information and documentation systems of the enterprise (defined by the authors)

COMPONENTS OF INFORMATION CAPITAL

• Definition of information capital implies that enterprises have the awareness of information intrinsic value that can be used as means of exchange inside the enterprise and towards its surroundings

• Data is a set of symbols that by itself does not have a particular meaning and cannot be used directly in the enterprise

• Information is represented by organized and well-structured data, processed in a way that is relevant for certain purpose or context

• Knowledge is a combination of experience, value, context, professional insight and founded intuition

IDENTIFICATION OF INFORMATION CAPITAL

Information capital identification achieves the following:

• Goals of excellence• Creation of new products, services and business models• Improved connection with clients and vendors• Enhanced decision making process• Comparative advantage• Daily operations

LEGAL REQUIREMENTS AND BEST PRACTICE MEASURES

• COBIT• ISO 27001:2005• Sarbanes-Oxley Act (USA)• PRINCE2• ITIL

THANK YOU FOR YOUR ATTENTION