'. . . nearly 90% of those companies that had adopted BS 7799 said that formal certification had improved their business continuity; 85% said it had minimized damage from security incidents; and 53% said it had led to a higher return on investment . . .'
- Computer Weekly, May 2004, as based on the DTI Information Security Breaches Survey 2004
What is information security?
Information security defines information as an asset, which adds value to an organization and consequently needs to be suitably protected. It can be printed or written on paper, stored electronically, transmitted by post or using electronic means, shown on films, or spoken in conversation.
Information security protects information from a wide range of threats in order to ensure business continuity, minimize business damage and maximize return on investments and business opportunities.
Information security is achieved by implementing a suitable set of controls, which could be policies, practices, procedures, organizational structures and software functions. These controls need to be established to ensure that the specific security objectives of the organization are met.
BSI developed the internationally recognized information security management standard BS 7799 to help you meet the challenge of minimizing your internal and external threats. This has now been updated to BS ISO/IEC 17799:2005. Information security is characterized in the standard as the preservation of:
- confidentiality
- integrity
- availability.
BS ISO/IEC 17799:2005 will initiate, implement, maintain and manage information within your organization and help you manage your inherent vulnerability to information security issues.
The standard has been written such a way so that it can be harmonized with other management system standards to assist in the integration and operation of an organization's management system.
Click here for information security standards and publications.
Further information
