DataSys - IT Consulting

Home Consultancy Information

Information

E-mail Print PDF

Information is an asset and, like other assets, requires suitable protection. Many industries now require conformity to specific procedures to secure information in order to comply with industrial and governmental regulations. This is particularly true for organisations in the financial services industry where ISO17799 may be just one of several conformancy issues that must be addressed.

Information security encompasses far more than the obvious, and much publicised, threats to the IT infrastructure. For example, there is little point in having sophisticated firewall and virus checking systems if no attention is paid to securing the physical access to a machine room. A further example would be the requirement for employees terms and conditions of employment to reflect directly the information security policy in force in a particular organisation. There are many ways that information can be compromised and exploited to the detriment of your company, causing financial loss or leaving you exposed to legal liability. ISO17799 is a standard designed to make you aware, and to help you address the security of your information.

For the purposes of ISO17799 information security is characterised as the preservation of:
  • Confidentiality: ensuring that information is accessible only to those authorised to have access
  • Integrity: safeguarding the accuracy and completeness of information and processing methods
  • Availability: ensuring that authorised users have access to information and associated assets when required.
ISO17799 is a standard which describes the processes and systems used by an organisation to secure their information. The security policy is fully documented and maintained on a regular basis to ensure full compliance to best security practices. Full risk assessment is undertaken in order to compile an appropriate policy which addresses all relevant areas affecting the security of information. Due consideration is given to ensuring that the costs involved in addressing these issues are consistent with the monetary exposure that a breach in security may entail.

DataSys has found that the critical success factors in implementing a successful audit of information security in an organisation are:
  • Security policy, objectives and activities that reflect business objectives
  • An approach to implementing security that is consistent with the organisational culture
  • Visible support and commitment from management
  • A good understanding of the security requirements, risk assessment and risk management
  • Effective marketing of security to all managers and employees
  • Distribution of guidance on information security policy and standards to all employees and contractors
  • Providing appropriate training and education
  • A comprehensive and balanced system of measurement which is used to evaluate performance in information security management and feedback suggestions for improvement.
DataSys consultants are qualified ISO17799 auditors and can assist a company in assessing their security risks and producing the security policy documentation required. We can also carry-out more IT centric security audits, supported by extensive penetration testing, for those customers not requiring full ISO17799 certification.

For a FREE initial consultation call us on 0121 270 4948, alternatively drop us an email
DataSys Team
 

Latest post

  1. Replace Your Backup Tapes....
  2. CCTV
  3. Support Packages
  4. DataSys Gold
  5. DataSys Silver

Popular review

  1. Careers
  2. DataSys Bronze
  3. Troubleshooting
  4. DataSys Silver
  5. Who We Are

Contact Information

15 Queen Street
Wednesbury
West Midlands
WS10 7PT
Tel: 0121 270 4948
Email: info@datasys.org.uk

Statistics

Members : 13
Content : 24
Content View Hits : 32446