ISM is a division of Pondergrove Ltd Management Systems

News

ISM exhibiting at LGA Conference 30 Jun – 2 Jul 2009
Read >

Seminar at Donnington Valley, Newbury
Read >

ISM consultants’ membership of CLAS renewed
Read >

News archive >

Home > Information security

Information security


What is information security and why is it important?

In the days when most business information was paper-based, it was generally sufficient to keep confidential information in a locked filing cabinet, employ trustworthy staff and use security personnel to monitor your premises at night and weekends.

In today's digital world it is easy to fall into the trap of thinking that a similar approach is still good enough. But the media's almost-daily reports of IT-related security breaches show us that it is not.

PCs, laptops, mobile phones, the internet, e-commerce, Wi-Fi, devices such as the Blackberry; cumulatively, these have brought major advances to how we do business. Each, however, has added potential risks to the security of the information which it stores and communicates.

Information security is concerned with:

The solution

There is no shortage of technology designed to protect electronic information (virus checkers, encryption, firewalls, data back-up tools, password protection etc).

But how do you know whether it is being applied correctly and works effectively? This is a management rather than a technical issue. For example, access to an organisation's computer systems is normally controlled by username and password. However this precaution is pointless if a staff member chooses a password which is easily guessed or keeps a note of it on a pad next to the PC.

Security needs to be part of everyone's everyday thinking, just like quality. The way to achieve this is to include information security within the scope of the organisation's overall management system, as described on the Pondergrove main site.

The approach

An information security management system should be developed using a risk-based approach. ISO 27002, 'Code of Practice for Information Security Management', provides comprehensive coverage of the security controls required today. Identifying the threats to the organisation's information assets and the associated risks enables the organisation to select which controls are applicable and how they need to be applied.

This process of Risk Assessment is a key component of an information security management system.

Click here to find out more about ISO 27001

Call us now
+44 (0) 1635 817309

Enquiry form

Name
Company
Job title
Address
Phone
Email
Message

Required fields in Bold

Privacy & disclaimer >