Home > Products & Services
   
     
 
Consultancy  
 
Information Security >
Business Continuity >
Risk Management >
Information Assurance >
Quality Assurance >
Corporate Governance >
Information Governance >
   
Products  
 
Mission Possible >
Capability Based Information Assurance

>
Policies and Procedures >
Exercise Planning Templates and Scripts >
   
Training  
 
Needs Analysis >
Designing Training and Programs >
Delivery of Training and Training Programs >
Validation of Training >
 
Information Security Management

Information Security is a Business Issue.

Information Security (ISM) is a business issue and must add value to your organisation if it to be worth doing. If it isn't adding value then it probably isn't being done right....its probably costing you too much as well!

Information Security or ISM is often seen as a "nice to have" but is much more critical than that....its all about good business management! Many organisations shy away on the grounds that there are more important things to be done but in reality, a well run business is probably using many Information Security Practices and tools anyway.

The difficulty lies when these security controls are not managed effectively; where there is no visibility of . This means that inevitable gaps appear in your defences with the result that he effort and cost that has been put into the system thus far is wasted and you are still vulnerable.

Industry has collaborated with the standards community to produce some excellent standards

- The British Standard BS 7799 Part 2 Provides an excellent specification for a management system, against which you can attempt accredited certification.

- The Code of Practice has become enshrined as an international Standard ISO 17799. This is an excellent checklist.

These are very effective, but must be implemented imaginatively and intelligently if they are to work for you. If you pull them "Straight off the peg" you may find them too unmanageable to be practical.

The InfoSec Associates Approach

We take a pragmatic approach to Information Security:

- Business Analysis - Decide what you need and what you want to achieve.

- Design an implementation plan - consistent with both BS7799 (and any other relevant standards) and your unique set of objectives and constraints.

- Integrate security activity with any existing initiatives or systems that are in place.

- Involve the organisation - but don't alienate people!

- Validate the system - using exercising so that everyone can see the value and contribute.

If we do our job right, we should be able to develop a footprint in your business, and let you run things on your own. We will then maintain a hands off supportive approach, remaining there when you need us, but out of sight when you don't.

For more information, download our BS 7799 Part 2 Information Sheet.

 

 
                                 
  A Toad Interactive Site