Listed below are key BSI information security publications plus information on understanding information security management. These tips are text only.
Good security practice needs to be built into the culture of a business
If Information security is to be improved in an organization, recognition that information security is a “whole business” issue and not just confined to the IT department is needed.
Why is information security needed?
Information is now globally accepted as being a vital asset for most organizations. As such, the confidentiality, integrity, and availability of vital corporate and customer information may be essential to maintain competitive edge, cash-flow, profitability, legal compliance and commercial image. BS ISO/IEC 27001 is intended to assist with this task. It is easy to imagine the consequences for an organization if its information was lost, destroyed, corrupted, burnt, flooded, sabotaged or misused. In many cases it can (and has) led to the collapse of companies.
The security of businesses has never been more important. As the numbers of websites, e-mails and electronic files increase, and the ways to access them become more flexible, the threat to information mounts.
What is BS ISO/IEC 27001?
BS ISO/IEC 27001 is a specification for the management of Information Security. It is applicable to all sectors of industry and commerce and not confined to information held on computers. It addresses the security of information in whatever form it is held. The information may be printed or written on paper, stored electronically, transmitted by post or email, shown on films, or spoken in conversation. Whatever form the information takes, or means by which it is shared or stored, BS ISO/IEC 27001 helps an organization ensure it is always appropriately protected.
Where do I start?
- Develop an information security policy and identify your organization's key information assets.
- Purchase the standards, ISO/IEC 17799:2005 and ISO/IEC 27001:2005 to help you do this.
- Carry out a risk assessment and build your ISMS. Training of key staff will help to ensure its successful implementation.
The biggest positive impact on a secure environment is shaping employee behaviour so that good security practice is built into the standard operations and culture of the organization.
More questions?
Consult our Frequently Asked Questions area at www.bsigroup.com/27001faq
