Wednesday, March 9, 2011

What is the best approach to provide security?

The best way of providing information security
is to use a well-tried and tested approach to
meet your own specific security requirements.
This will ensure that you concentrate on the
important areas.

The British Standard, BS 7799, helps
businesses implement best practice in
information security management. Part 1 of
this standard is a code of practice. It was
originally published in 1995 and revised in
1999. It then became an international standard
ISO/IEC 17799 in 2000. This standard provides
a comprehensive set of security controls
comprising the best information security
practices in current use by organisations across
the world and in all market sectors. Its
objectives are to provide organisations with a
common basis for information security and to
enable information to be shared between
organisations.



  • Design the management system fo protecting your information. This sets the policy and objectives of information security, assesses your security risks, evaluates the options for treating the risks, and selects controls from ISO/IEC 17799 to reduce the identified risks to an acceptable level. Spending on controls should be balanced against the value of the information and other assets at risk, and the implications of these risks for your business.
  • Implement the management system by putting into practice the selected controls to manage the identified risks. This includes implementing suitable procedures, providing appropriate awareness and training, assigning roles and responsibilities and deploying any necessary technical controls.
  • Monitor and review the management system to check it is still ‘fit for purpose’ to manage the risks the business faces. This includes monitoring how effective the controls are at managing the risks, re-assessing the risks taking account of any changes to the business, and reviewing policies and procedures.
  • Update and improve the management system to implement changes to existing controls as well as putting into practice new controls to ensure it is maintained as ‘fit for purpose’. Both ISO/IEC 17799 and BS 7799 Part 2 can be used by any size of business in any sector, with any type of information system, whether manual or computerised.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)