VAHTI-ohje 2009/5 Effective Information Security

From the dataset abstract

These sum­marised instructions serve as a manual and as a link to the more extensive instructions and present their main elements in condensed form. Moreover, these instructions emphasise the management perspective, management and supervisor responsibility as well as information security planning. Their pur­pose is to give the management of central government organisations, and par­ticularly their senior information management staff and security and infor­mation security personnel, together with people otherwise working in the said tasks, instructions for managing information security as part of their own work.

These instructions have been written primarily for central government use, but they are for the most part also applicable to other organisations. Informa­tion security has been described as an entity that includes operational processes and people as well as the security and safeguarding of information material and information systems. The main elements are people, processes, informa­tion material, information technology and availability of information. Policy, instructions, training and the consequent common understanding and oper­ating practices that arise are the cornerstones of an organisation’s good infor­mation security culture. (06.09.2011)

Source: VAHTI-ohje 2009/5 Effective Information Security