ABORDAREA SECURITĂȚII INFORMAȚIEI ÎN BAZA STANDARDELOR

Abstract

Many people mistakenly believe that information security (SI) and cyber security (SC) are completely different and that SC only boils down to technical-technological issues, settings, firewall rules, etc. In reality SI and SC are very close, and statistics show that the human problem predominates with a weight of about 70 to 95%. The purpose of this paper is to disprove some illusions/myths regarding SI/SC and elucidate their correct approach, with the reorientation from the paradigm based on software-technical-technological problems – towards organizational and management problems, based on generally accepted standards of good practices, without diminishing the importance of IT security and not limited to it. The work is carried out on the basis of an in-depth study of the modern trends in the organization and management of SI/SC with the analysis and synthesis of some recommendations based on bibliographic sources and the standards of best practices for the organization and management of SI/SC. The benefits of the SI/SC approach through the prism of good practice standards are multiple, generally recognized and confirmed by numerous results obtained in research, publications and the increase of the number of certifications of SI/SC management systems.