top of page

Information Security

What is Information Security?

 

Information Security (IS) is the preservation of confidentiality, integrity and availability (CIA) of information. It may also include authenticity, accountability, non-repudiation and reliability.

Supporting the technical solutions utilised to manage the security of infrastructure, networks and data but incorporates a set of management processes to oversee information Security should be adopted.  

Information Security Management (ISM) is a set of controls that an organisation implements to ensure that it is managing Information Security appropriately. These controls cover areas such as:

  • Information Security Policies

  • Organisation of Information Security

  • Human Resources

  • Asset Management

  • Access Control

  • Cryptography

  • Physical & Environmental Security

  • Operations Security

  • Communications Security

  • System Acquisition, Development and Maintenance

  • Supplier Relationships

  • Information Security Incident Management

  • Information Security Aspects of Business Continuity Management

  • Compliance

 

Why have Information Security Management?

 

Some organisations face regulatory or commercial requirements to maintain and report on the security of their data and their client’s information.

Others may just see it as “common sense” to maintain confidentiality of information.

Whatever the reasons behind the need for security, the ISM provides a tailored framework based upon industry standards to ensure security is maintained at an acceptable and agreed level.

The ISM Lifecycle

 

Policy is at the start of the ISM Lifecycle. It defines the policy relating to ISM and all of the control areas of ISM. Current thought process is to maintain an overriding ISM policy and separated referenced policies for each control area.

Scoping the ISM depth is done by the applicability statement. This looks at individual controls within each control area and decides if the control is appropriate for your organisation.

Guidelines and procedures are implemented written to establish information security processes.

Monitoring and Auditing measure the organisation’s compliance against their policies and procedures.

bottom of page