|
 Information security defines information as an asset, which adds value to an organisation and consequently needs to be protected. Information can be printed or written on paper, stored electronically, transmitted by post or using electronic means, shown on films, or spoken in conversation.
Through the implementation of an Information Security Management System (ISMS), information is protected from a wide range of threats to ensure business continuity, minimise business damage and maximise return on investments and opportunities. It is achieved by implementing a suitable set of controls, which can be policies, practices, procedures, organisational structures and ICT system functions. These controls need to be established to ensure that the specific security objectives of the organisation are met.
ISO/IEC 17799:2005 and ISO/IEC 27001:2005 are respectively the code of practice and international standard for information security management. Information security is characterized in the standard as the preservation of:
- Confidentiality
- Integrity
- Availability.
The code of practice and standard are designed to work with international standards on quality management and environment management.
AiM information security experts can advise and consult on information security, and generate an ISMS adapted to your organisation. We can implement the ISMS and integrate it into the way you work using training and awareness sessions. We can prepare you for audit against ISO/IEC 27001, arrange certification audits and post award regularly check for compliance that the ISMS is being applied consistently and accurately.
|
