Introduction

Information systems can be very diverse entities ranging from high-end supercomputers to very specialized systems (e.g., industrial/process control systems, telecommunications systems, and environmental control systems). Information systems are subject to serious threats that can have adverse effects on organizational operations (including missions, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation by compromising the confidentiality, integrity, or availability of information being processed, stored, or transmitted by those systems. Threats to information systems include environmental disruptions, human errors, and purposeful attacks. Attacks on information systems today are often well-organized, disciplined, aggressive, well-funded, and in a growing number of documented cases, extremely sophisticated. Successful attacks on public and private sector information systems can result in great harm to the national and economic security interests of the United States. Given the significant danger of these attacks, it is imperative that leaders at all levels understand their responsibilities in managing the risks from information systems that support the missions and business functions of organizations.

(http://csrc.nist.gov/publications/drafts/800-39/SP800-39-spd-sz.pdf. Adaptado)