Email
Home What is a Management Systems Management System Self Assessment Tool
Information Security Company Profile Services Join us Contact us
Management System Evaluation Tool
Information Security

What is information security and why is it important?

In the days when most business information was paper-based, it was generally sufficient to keep confidential information in a locked filing cabinet, employ trustworthy staff and use security personnel to monitor your premises at night and weekends.

In today's electronic world it is easy to fall into the trap of thinking that a similar approach is still good enough. But the media's almost-daily reports of IT-related security breaches show us that it is not.

PCs, laptops, mobile phones, the internet and e-commerce have all brought major advances to how we do business. But they are also potential risks to the security of the information which they store or communicate.

Information security is concerned with:
confidentiality: making sure that information is available only to those who have a legitimate need or right to access it
integrity: safeguarding the accuracy and completeness of information, so that a recipient can be sure that information received has not been altered during transmission
availability: ensuring that legitimate users of information have access to it when required

The solution

There is plenty of technology around designed to protect electronic information (virus checkers, encryption, firewalls, data back-up tools, passwords etc).

But how do you know whether it is being applied correctly and that it works effectively? This is a management rather than a technical issue. For example, access to an organisation's computer systems is normally controlled by user name and password. However this is pointless if a staff member chooses a password which is easily guessed or keeps a note of it on a pad next to the PC.

Security needs to be part of everyone's everyday thinking, just like quality. The way to achieve this is to include information security within the scope of the organisation's overall management system.

The approach

An information security management system should be developed using a risk-based approach. Part 1 of the British Standard, 'Information security management' ISO 17799 / BS 7799, provides comprehensive coverage of contemporary security controls. Identifying the threats to the organisation's information assets and the associated risks enables the organisation to select which controls are applicable and how they need to be applied.

This is known as a Risk Assessment, which is a key component of an information security management system.

Click here to find out more about BS 7799 / ISO 17799 / ISO 27001

LOGIN TO ACCESS OUR GUIDE TO INFORMATION SECURITY AND ACHIEVING BS 7799 Username and password required. If you have forgotten your password or you haven't used the site before, please contact us.


Back to top
FOR ACCESS TO OUR GUIDE TO INFORMATION SECURITY AND ACHIEVING BS 7799 CERTIFICATION, CALL US ON: +44 (0) 1635 817309
LOGIN TO ACCESS OUR GUIDE TO INFORMATION SECURITY AND ACHIEVING BS 7799
Tel: +44 (0) 118 2065 410  |  Email: info@pondergrove.co.uk
Privacy Policy & Disclaimer  |  Site Map  |  © Pondergrove Ltd