|
Information Security Management
Most of us depend more than ever on IT systems, wireless and mobile telephone networks and increasing connectivity in today’s business environment. But companies are challenged with threats to these systems, exposing assets to risk. There have been a number of high profile incidents of loss of sensitive information and loss of hardware containing data on customers by banks and information pertaining to the citizen by government. More stringent legislative requirements from government and the need for Corporate Governance relating the management of Information Security will place additional pressures of management.
However, implementing and managing effective information security provides companies with the means to minimise these risks while maximising business opportunities and investments. ISM - Information Security Management, defined as 'protection of information from a wide range of threats in order to maximise return on investment and business opportunities' is becoming a critical corporate discipline alongside marketing, sales, HR, quality and financial management.
ISO 27001:2005was developed as a common business language to help information security management to address the needs of companies from all business sectors. An ISMS- Information Security Management System is explicit in requiring a risk assessment to be carried out before any controls are selected and implemented and is equally explicit that the selection of every control must be justified by a risk assessment.
Benefits
Over 5000 businesses who have already implemented the standard have said that the benefits include;
- Improved business performance from reduced operational risks.
- Enhanced customer confidence and trust from demonstrating “fit for purpose”.
- Improved market positioning and competitive advantage.
- Decrease in negative business impacts and financial losses.
- Greater protection of business continuity and availability of services.
- If certified it provides customers with a recognised independent certification.
The objective of the standard itself is to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System.
It employs the PDCA, Plan-Do-Check-Act model to structure the processes that are implemented.
MFA can:
Conduct a gap analysis of an organisations current systems against the standard and recommend improvements.
Faciliate organisations to develop and implement a site specific ISMS- Information Security Management System.
Manage certification to ISO 27001:2005.
Manage your ISMS on an annual agreed fee basis which will include all aspects of the implemented system through to annual certification maintenance.
|
