Security as a Process (SAAP) and the classification of information is fundamental to information security. This article, the second in a three-part series, looks at the "how" of information security and why it is so important.
Information security is a multifaceted field, covered with tempting baubles and sharp thorns. However, the unifying framework upon which the whole field is suspended is governance. This article, the first in a three-part series, looks at standards and policy—from why policies are needed and what needs to be done to support them.