Loading...

Information

Information Security

To manage information assets and determine their security values, needs and risks; to develop and implement controls against security risks. To define the framework of methods for identifying information assets, their values, security needs, vulnerabilities, threats and threat frequencies. To define a framework for evaluating the confidentiality, integrity and availability impact of threats on assets. To set out working principles for treating risks. To continuously monitor risks by reviewing technological expectations within the scope of service. To meet information security requirements arising from national or international regulations, legal and regulatory obligations, contractual commitments, and corporate responsibilities toward internal and external stakeholders. To reduce the impact of information security threats on service continuity and contribute to continuity. To be capable of responding rapidly to information security incidents and minimizing their impact. To maintain and improve the level of information security over time with a cost-effective control infrastructure. To enhance the company's reputation and protect it from adverse effects based on information security.