These summarised instructions serve as a manual and as a link to the more extensive instructions and present their main elements in condensed form. Moreover, these instructions emphasise the management perspective, management and supervisor responsibility as well as information security planning. Their purpose is to give the management of central government organisations, and particularly their senior information management staff and security and information security personnel, together with people otherwise working in the said tasks, instructions for managing information security as part of their own work.
These instructions have been written primarily for central government use, but they are for the most part also applicable to other organisations. Information security has been described as an entity that includes operational processes and people as well as the security and safeguarding of information material and information systems. The main elements are people, processes, information material, information technology and availability of information. Policy, instructions, training and the consequent common understanding and operating practices that arise are the cornerstones of an organisation’s good information security culture. (06.09.2011)