MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.

I'm not curious

Understanding Information Security Management

Published on 27 March 13
One of the many essential components of operating a successful business is to ensure that the corporate and customer information it holds is kept safe and secure from getting into the wrong hands. Having a robust information security management system in place is a great asset for both small and big organisations. Read on to discover more about this vital topic.
Understanding Information Security Management - Image 1
Why is information security management so important?
We've all heard the stories about organisational information being accessed, leaked or stolen by outside parties, and how damaging this can be to them. For any organisation, it is a major blow to the functioning of their business, often leaving it crippled or on its knees. Few people want to be associated with an organisation that has shoddy security measures on protecting its data, so that's why it's ever so crucial to ensure adequate steps are taken to safeguard personal and company information.
Setting standards

So just how does an organisation best manage the security of its information? The ISO/IEC 27001 is an international standard for information security management. It details how to put in place an information security management system, which has been independently assessed and certified.

This standard is not only your best line of defence against sensitive data falling into the wrong hands, but it gives the organisation peace of mind. It also shows customers, potential clients, suppliers, shareholders and other interested external parties your commitment to protecting your data and best practice.

With this standard in place, you can also identify any risks and put controls in place to deter them happening. By demonstrating compliance, it also bolsters your reputation on many levels - improving trust and paving the way for business growth.
How to become ISO/IEC 27001 certified
To become certified, an organisation has to be formally assessed. This means an external reviewer will review your current information security systems and compare them to the standards. They will identify any gaps and the necessary measures required to fill those gaps. Once these are in place, the procedures and controls used within your organisation will be assessed to make sure they are up to scratch for certification.

Following certification, an organisation will receive its ISO/IEC 27001 certificate. This is valid for three years. Certification is suitable for businesses of all sizes, and elements of the system can be adapted to meet organisation's size and needs.
Ongoing management
Once an organisation has received its standard, it still needs to make sure it complies with security management. As an organisation evolves and grows, the information management security system will need to be adapted to meet these ever-changing needs. There are a number of training courses, resources and updates available to interested organisations on this issue, to ensure they are on top of the latest developments. Many organisations also integrate their ISO/IEC 27001 systems with other management systems to streamline operations.

Relevant training courses last from a day to several days and cover all aspects of information security management, such as information on implementation, meeting expectations and risk management.

Written by James Harper QT&C: The Information Assurance Experts.
This blog is listed under IT Security & Architecture Community

Post a Comment

Please notify me the replies via email.

  • We hope the conversations that take place on will be constructive and thought-provoking.
  • To ensure the quality of the discussion, our moderators may review/edit the comments for clarity and relevance.
  • Comments that are promotional, mean-spirited, or off-topic may be deleted per the moderators' judgment.
You may also be interested in
Awards & Accolades for MyTechLogy
Winner of
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url