Wednesday, 8 May 2013

What is ISO 27001 and information security?



By 

What is your data worth?

ISO 27001 logo 
Information is one of the most valuable assets in any organisation. Data loss costs companies millions, not to mention the damaged reputation. The Audit Commission has recently stated that 50% of all detected frauds are found by accident. Poor supervision of staff and lack of proper authorisation procedures are a major cause of security incidents.

Any information collected, stored, managed and transferred is an asset. It adds value to the business and must be protected. It can be your customers’ personal details or confidential financial data and can be printed or written on paper, electronically stored, etc…

What is information security?


Because of the increasing dependence of information systems, shared networks and distributed services like cloud computing, organisations are increasingly more vulnerable to security threats.

The Chartered Management Institute did a recent survey where 72% of businesses admitted that they were worried about the financial impact of cybercrime. Over 35% said they have had experienced with such attacks in 2010.

One of the major causes of security incidents is due to poor supervision of staff and a lack of proper authorisation procedures.

There are several ways companies try to prevent breaches. Some set heavy restrictions on all information, making ordinary tasks difficult. While others are laidback and permit access to all, making the company much more likely to suffer from security breaches cyber-crime and fraud.

For a business to run efficiently with low risk, they need the right balance between the two: this is where ISO 27001 comes in, the international standards for information security management.

Why your company needs ISO 27001


The purpose of information security management and auditing is to ensure business continuity and reduce business damage by preventing and minimising the impact of security incidents.

Strong information security is only possible when the security objectives are set out specifically for an organisation so they can be identified and addressed.

The framework, also known as the information security management system (ISMS) - that ISO 27001 identifies, requires that senior management:
  • Examine security risks, taking account of the threats, vulnerabilities and impacts;
  • Implement a logical and effective information security controls 
  • Create a reliable management process to ensure that the information security controls continue to keep the organisation secure

The PwC Information Security Breaches survey in 2010 found that “Two fifths of large organizations have been asked by customers to comply to ISO/IEC 27001” which continues to state that is is “increasingly becoming the lingua franca of information security”. Following the frameworks identified in ISO 27001 ensures your company that you are following the globally-agreed good practice with regard to the protection of information.

In another report by BSI, it was found that 87% of organisations implementing ISO 27001 confirming that the standard had ‘positive’ or ‘very positive’ outcomes, including an increased ability to respond to tenders.

Secure your data and information


We have two accelerated ISO 27001 courses - Lead Auditor and Lead Implementer. You'll learn how to plan and execute audits on your Information Security Management Systems.

These three-day courses are twice as fast as traditional training, and we're accredited by the PECB (Professional Evaluation and Certification Board).

Or get the latest ISO 22301 certifications - Lead Auditor and Lead Implementer.

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.