Security Strategy Risk Analysis and Risk Management
The organization's goals achievement depends on the ability of the organization to ensure the conditions for effective operation. In this framework, organizations develop their asset protection mechanisms and the appropriate resources for its operation. An information system is evaluated as a valuable asset of an organization, to the range that supports its important functions.
The need to protect an information system address to the selection of appropriate protective measures process where a key factor is the cost of the protective equipment.
The Analysis and Risk Management is a methodology that allows to choose the appropriate protection measures that provide safety equivalent of the value of an IT system and the risks it faces.
Security Policy Design and Implementation
The security policy of information systems describes the set of rules and practices that determine the way for protection and management of organization resources to achieve the maximum possible security.
Every organization, with the help of information systems security policy, should achieve the following objectives:
Information Security Management System
- Compliance with specific protection rules
- Optimization of financial and human resources
The International Information Security Standard ISO 27001 is applicable to companies of all types, size and product / service provided.
The ISO 27001 is a comprehensive Information Security Management System customized to procedures/ processes of each organization and in accordance with legal requirements.
Their basic principles are:
- Ensuring the existence of adequate controls in IT security
- Understanding and adaptation of such system from organization’s personnel
- Maintaining confidentiality, reliability and data availability.
ISO 27001 standards can be applied by any organization that wishes to:
- Establish an Information Security Management System in order to ensure adequate and appropriate controls for confidentiality, integrity and availability of information
- Confirm compliance with the requirements for personal data and information protection
- Protect files, data and intellectual property rights
- Ensure that there is a commitment to information security at all management levels
- Certify the implementation of an Information Security Management System by an independent outside body
- Reduce business risk and relevant costs