Information security overview
Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimise business risk, and maximise return on investments and business opportunities.
Information is an asset that, like other important business assets, is essential to an organisation’s business and consequently needs to be suitably protected. This is especially important in the increasingly interconnected business environment. As a result of this increasing interconnectivity, information is now exposed to a growing number and a wider variety of threats and vulnerabilities.
Information security is achieved by implementing a suitable set of controls, including policies, processes, procedures, organisational structures and software and hardware functions. These controls need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure that the specific security and business objectives of the organisation are met.
ISO 27001 – information security standard
ISO 27001 is widely recognised as the de-facto standard for benchmarking information security management systems.
ISO 27001 specifies requirements for the establishment, implementation, monitoring and review, maintenance and improvement of a management system - an overall management and control framework - for managing an organisation’s information security risks.
Bringing information security under management control is a prerequisite for sustainable, directed and continuous improvement. An ISO 27001 ISMS therefore incorporates several Plan-Do-Check-Act (PDCA) cycles: for example, information security controls are not merely specified and implemented as a one-off activity but are continually reviewed and adjusted to take account of changes in the security threats, vulnerabilities and impacts of information security failures, using review and improvement activities specified within the management system.
Data Compliance Ltd consultants have many years experience working with ISO 27001 and other information security standards.
Contact us for a free consultation.