NUCLEUS CONSULTANTS 

Home  |Contact us  

NUCLEUS Home 
Services
Solutions
Industries 
Clients 
Training
Our Company
Careers
Contact NUCLEUS

ISO MANAGEMENTS SYSTEMS 

ISO 17799- INFORMATION SECURITY MANAGEMENT SYSTEMS 

Overview 

IF YOU AREN’T MANAGING RISKS, YOU SHOULD BE The issue of information security sees organisations of all sizes and from all sectors, with an identical problem – their inherent vulnerability.

No matter how secure and well protected an organisation appears to be, sensitive information can be leaked without you even realizing until it’s too late. All information in all departments, whether on computer disk, paper or in the heads of those you employ, is at risk from any number of very real threats. Information security is no longer just an issue for IT managers – a single breach of information security could cost your company hard earned profits whilst doing irreparable damage to your image and reputation. Your capacity to trade profitably depends on your ability to manage this risk effectively.

As the number of reported information security breaches consistently increases, the need to create a management framework for information security intensifies. An Information Security Management System (ISMS) – BS 7799-2:2002. The International Standards organisation document ISO/IEC 17799 provides guidance on the use of the control identified in Annex A of BS 7799-2:2002, will provide a well- proven framework to initiate, implement, maintain and manage information security within any organisation. Once you start using BS 7799-2:2002 as a basis for your ISMS, your management system can be audited and registered by a third party. This process adds significant value to the ongoing effectiveness of the system.

What is Information Security BS 7799?

An enabling mechanism An enabling mechanism whose application ensures that information may be shared shared in a manner that ensures the appropriate protection of the information & associated information assets.  

Aim

  • Build on a Common Basis for Organisational Security Standards Development

  • Enhance Security Management Practice

  • Increase Confidence and Trust in Inter-Organisational Dealings

OHSAS 18001 does not state specific OH&S performance criteria, nor does it give detailed specifications for the design of a management system. OHSAS 18001 is not a legislative requirement or a guide to implementation.

Threats 

Parameters of Information Security 

Components of Information Security 

BS7799 Cycle and stakeholders 

Roadmap to certification 

Features & Benefits 

Due to the all encompassing nature of BS 7799-2:2002 and the code of practice, we have highlighted the key areas you would have to address when using the BS 7799-2:2002 Information Security Management System:

  • Security policy – A document to demonstrate management support and commitment to the Information Security Management System process.

  • Security organisation – An established management framework to initiate and control the implementation of information security within your organisation and to manage ongoing information security provision.

  • Asset classification and control – A comprehensive inventory of assets with responsibility assigned to ensure that effective security protection is maintained.

  • Personnel security – Well defined job descriptions for all staff outlining security roles and responsibilities.

  • Physical and environmental security – A clear and concise definition of the security requirements for your premises and the people within them.

  • Communications and operations management – Optimise your communication to facilitate smooth operation of the Information Security Management System.

  • Access control – Network management to ensure that only those with the appropriate responsibility have access to information in the networks and the protection of the supporting infrastructure.

  • Systems development and maintenance – Ensuring that IT projects and support activities are conducted in a secure manner through data control and encryption where necessary.

  • Business continuity management – A managed process for developing and maintaining business contingency plans, which protect critical business, processes from major disasters or failures.

  • Compliance – A demonstration to clients, employees, and the authorities of your commitment to meet statutory or regulatory information security requirements.

If this exercise has highlighted areas that need more work, or you have any queries regarding the issues raised, please contact NUCLEUS  on 09382834534

 

For more information - just contact us [email protected] 

 

Bureau of Indian Standard  -- learn more about Indian regularity board - BIS ISO Management Systems  -- Learn more about ISO Management Systems 
 

Let us be Your only choice” in “Quality Consultancy & Training to build “A solid foundation.”

Tell a Friend  |  Refer 2 Others

Copyright © 2005 NUCLEUS CONSULTANTS, Inc. All rights

Questions or comments about the Web site? Contact the mailto:[email protected]   
Hosted by www.Geocities.ws

1