IT Security

With the rise of global computer-related crime and security breaches, it is important that organizations follow best practice guidelines to ensure that their systems are not compromised by electronic attacks. The risk of electronic attack is greater when computer systems are connected directly or indirectly to public networks such as the internet. An electronic attack could:

• allow the attacker to gain access to your computer system and modify your information
• insert malicious software (eg viruses, worms, Trojans)
• allow the attacker to see restricted information
• make your systems impossible to use.

The following BS European and International standards and publications give recommendations on the management of Information Technology security.

BS 7799-3:2006
Information security management systems. Guidelines for information security risk management

Identifying, evaluating, treating and managing information security risks are key processes if businesses want to keep their information safe and secure. Whilst these processes are specified in the information security standard BS ISO/IEC 27001:2005, further guidance is required on how to manage these risks as well as to put them into context with other business risks.

BS ISO/IEC 17799:2005 Information technology. Security techniques. Code of practice for information security management	Are you ready for a BS ISO/IEC 27001 information security management systems (ISMS) audit? BSI order ref: BIP 0072:2005
BS ISO/IEC 27001:2005 Information technology. Security techniques. Information security management systems. Requirements	Complete ISMS BS ISO/IEC 27001 documentation toolkit CD-ROM. Including The Manager's guide to data security and BS 7779/ISO 17799 BSI order ref: BIP 0026:2006