Information is one of a most important assets for todays enterprise. Security of information assets is necessary to establish and maintain trust between the enterprise and its employees, customers & suppliers maintain compliance with the law, and protect the reputation of the institution. Timely and reliable information is necessary to process transactions and support the enterprise decisions. An enterprise's earnings and capital can be adversely affected if information becomes known to unauthorized parties, is altered, or is not available when it is needed.

Information security is the process by which an organization protects and secures its systems, media, and facilities that process and maintain information vital to its operations. The security of the industry’s systems and information is essential to its safety and soundness and to the privacy of its critical information.

The enterprise must maintain effective security applications adequate for their operational complexity. These security applications must have strong board and senior management level support, integration ofsecurity activities and controls throughout the organization’s business processes, and clear accountability for carrying out security responsibilities.

SECURITY OBJECTIVES

Information security enables an enterprise to meet its business objectives by implementing business systems with due consideration of information technology (IT)- related risks to the organization, business and trading partners, technology service providers, and customers. Organizations meet this goal by striving to accomplish the following objectives.

Data Availability : The ongoing availability of systems addresses the processes, policies, and controls used to ensure authorized users have prompt access to information. This objective protects against intentional or accidental attempts to deny legitimate users access to information or systems.

Data Integrity : System and data integrity relate to the processes, policies, and controls used to ensure information has not been altered in an unauthorized manner and that systems are free from unauthorized manipulation that will compromise accuracy, completeness, and reliability.

Data Confidentiality : Confidentiality covers the processes, policies, and controls employed to protect information of customers and the institution against unauthorized access or use.

Data Accountability : Clear accountability involves the processes, policies, and controls necessary to trace actions to their source. Accountability directly supports non-repudiation, deterrence, intrusion prevention, security monitoring, recovery, and legal admissibility of records.

Data Assurance : Assurance addresses the processes, policies, and controls used to develop confidence that technical and operational security measures work as intended. Assurance levels are part of the system design and