Information Security

What is information security?
Firstly, we need to define what we mean by ‘information’. ‘Information’ refers to business-critical information regardless of its form and thus includes information which is: computer-based, typed or written on paper, stored on magnetic media, sent by fax, spoken in conversations etc. etc. Information is arguably an organisation’s most valuable owned asset and it is therefore vital that it is protected. 

Secondly, it is worth noting that just as ICT disaster recovery is a subset of business continuity, ICT security is a subset of information security. Also like business continuity, information security spans the whole organisation, it is not simply an issue for the ICT department to address.

In effect information security is used to ensure that the organisation’s information and computing assets are protected against a multitude of threats including but not limited to theft, abuse, misuse, sabotage, hacking, malicious software, human error, disasters, fraud, disclosure, destruction and unauthorised alteration. Failure to recognise and address these threats puts the organisation at serious risk of financial loss and other harm.

Critical Success Factors for an Information Security Management Programme
The British Standard for Information Security Management, BS7799, defines the following as critical success factors when implementing information security in an organisation:

  1. Security policy, objectives and activities that reflect business objectives
  2. An approach to implementing security that is consistent with the organisational culture
  3. Visible support and commitment from management
  4. A good understanding of the security requirements, risk assessment and risk management
  5. Effective marketing of security to all managers and employees
  6. Distribution of guidance on information security policy and standards to all employees and contractors
  7. Providing appropriate training and education
  8. A comprehensive and balanced system of measurement which is used to evaluate performance in information security management and to feedback suggestions for improvement

Teed can help with your Information Security Management programme in a number of ways to suit your needs and budget, the primary examples being through:

  • Helping define your policy and an appropriate security structure
  • Providing targeted presentations and training courses
  • Conducting risk assessments