1.2 IAP Management
“Applying similar management practices to [i]nformation security management is unavoidable as the security environment keeps on increasing in complexity and insecurity.” – Security Governance.net
Typically, the primary purposes for information systems are reliable, effective data collection, processing, and dissemination. Information systems should incorporate procedures specifically designed to achieve management’s objectives through adequate control measures. An entity’s management therefore should consider IAP a required service ensuring relevant information criteria delivery and support. As suggested by the COBIT framework, an entity’s information delivery and support should integrate effectiveness, efficiency, confidentiality, integrity, availability, compliance, and reliability criteria.