1ISO17799INFORMATIONSECURITY��!��!#$%&'��!#$%&Ifyourinformation’snotsafe,yourfuture’snotsecure2InformationSecurityNomatterhowsecureandwellprotectedanorganisationappearstobe,sensitiveinformationcanbeleakedwithoutyouevenrealisinguntilit’stoolate.Allinformationinalldepartments,whetheroncomputerdisk,paperorintheheadsofthoseyouemploy,isatriskfromanynumberofveryrealthreats.InformationsecurityisnolongerjustanissueforITmanagers–asinglebreachofinformationsecuritycouldcostyourcompanyhardearnedprofitswhilstdoingirreparabledamagetoyourimageandreputation.Yourcapacitytotradeprofitablydependsonyourabilitytomanagethisriskeffectively.Asthenumberofreportedinformationsecuritybreachesconsistentlyincreases,theneedtocreateamanagementframeworkforinformationsecurityintensifies.AnInformationSecurityManagementSystem(ISMS)–ISO17799,theInternationalStandardsOrganisation’sversionofBS7799,willprovideawell-provenframeworktoinitiate,implement,maintainandmanageinformationsecuritywithinanyorganisation.ISO17799OnceyoustartusingISO17799asabasisforyourISMS,yourmanagementsystemcanbeauditedandregisteredbyathirdparty.Thisprocessaddssignificantvaluetotheongoingeffectivenessofthesystem.ByimplementingandregisteringtotheaccreditedBS7799schemeyouwillbewellonthewaytobeingregisteredtoISO17799whenaregistrationprocessispublished.Atthatpoint,BSIwillworkwithyoutoensureasmoothtransitionfromBS7799totheISO17799certificationstandard.IFYOUAREN’TMANAGINGRISKS,YOUSHOULDBETheissueofinformationsecurityseesorganisationsofallsizesandfromallsectors,withanidenticalproblem–theirinherentvulnerability.3��!#$%&'()*+,-./'(01+23��!#$%&'()*+,-./0123#$4��!��!#$%&'()*+,-./012%345��!#$%&'()*+,-./0123456��fq��!#=��=��!#$%&'()��!#$%&'()*+,-./�%0123��!#$%&'()*+,-./0123456��!#$%&��!#$%&'()*+,-.-/01234��!#$%&'()*+,-./0��!1��fpjp�fpl=NTTVV=��=��!#$%&_pTTVV��!#$%&'()*+,-+./012��!#$%��fpl=NTTVV��!#$��!#$%&'#�!(��!#$%&'()*+,-���!#$%&'()*��!#�$%&$'()*+��_p=TTVV��!fplNTTVV��!#$%&'($��!#$%&'()*_pf���!#$_p=TTVV��!��fpl=NTTVV����!#$%&'()*+,-.%/��!#$%&'()��!#$%&'()*+,��!#$%&'=��=��!#$%��!4FEATURESANDBENEFITSOFISO17799DuetotheallencompassingnatureofISO17799,wehavehighlightedthekeyareasyouwouldhavetoaddresswhenusingtheISO17799InformationSecurityManagementSystem:�Securitypolicy–AdocumenttodemonstratemanagementsupportandcommitmenttotheInformationSecurityManagementSystemprocess.�Securityorganisation–Anestablishedmanagementframeworktoinitiateandcontroltheimplementationofinformationsecuritywithinyourorganisationandtomanageongoinginformationsecurityprovision.�Assetclassificationandcontrol–Acomprehensiveinventoryofassetswithresponsibilityassignedtoensurethateffectivesecurityprotectionismaintained.�Personnelsecurity–Welldefinedjobdescriptionsforallstaffoutliningsecurityrolesandresponsibilities.�Physicalandenvironmentalsecurity–Aclearandconcisedefinitionofthesecurityrequirementsforyourpremisesandthepeoplewithinthem.�Communicationsandoperationsmanagement–OptimiseyourcommunicationtofacilitatesmoothoperationoftheInformationSecurityManagementSystem.�Accesscontrol–Networkmanagementtoensurethatonlythosewiththeappropriateresponsibilityhaveaccesstoinformationinthenetworksandtheprotectionofthesupportinginfrastructure.�Systemsdevelopmentandmaintenance–EnsuringthatITprojectsandsupportactivitiesareconductedinasecuremannerthroughdatacontrolandencryptionwherenecessary.�Businesscontinuitymanagement–Amanagedprocessfordevelopingandmaintainingbusinesscontingencyplanswhichprotectcriticalbusinessprocessesfrommajordisastersorfailures.�Compliance–Ademonstrationtoclients,employeesandtheauthoritiesofyourcommitmenttomeetstatutoryorregulatoryinformationsecurityrequirements.Ifthisexercisehashighlightedareasthatneedmorework,oryouhaveanyqueriesregardingtheissuesraised,pleasecontactBSI.5fpl=NTTVV��!#��fpl=NTTVV��!#$%&'()*+,!-.)/012��!#$%&'()*+,-./012345678!���!=��=��!#$%&'()*+,-./���!=��=��!#$%&'()*+,-./012#$��!#$%&'()*+,-./0���!#$=��=��!#$%&'()*+,-�./���!=��=��!#$%&'()*+,-.���!#$=��=��!#$%&'()*+,-./01���!#$=��=��!#$%&'()*+,-./01��!#$%&'()���!=��=��!#$%&'()*+,-./01234��!#$%&'!()*+,-./���!#$=��=��!fq��!#$%��&'()��!#$%&'()*+,-.���!#$%=��=��!#$%&'()*+,-./��!#$%&'()*+,-.���!=��=��!#$%&'()*+,-.��!#$%&'()*+,-./0123$I��_pf��6ADDEDVALUETHROUGHINTEGRATIONWhiletheBritishandInternationalManagementSystemstandardsareautonomous,theyaremorecompatiblethaneverbefore.Integratingyoursystemsgiveslimitlesspotentialwhileaddingvalueandefficiencytoyourorganisation.Integratedmanagementsystemsarefastbecomingaprerequisitetotradeglobally,securepartnershipsandmaintaincustomerloyalty.Theyaredesignedtohelpyourorganisationworkasacompleteunitwithacommonobjective,whilepromotingdevelopmentinabalancedandholisticway.OurIntegratedAssessmentService(IAS)isdesignedtohelporganisationsreachregistrationtoanumberofmanagementsystemstandardscost-effectivelywithminimaldisruptiontoworkactivity.So,shouldyouwanttodemonstrateyourcommitmenttotheenvironment(ISO14001),health&safety(OHSAS18001)orquality(ISO9001:2000)alongsideinformationsecurity(ISO17799)tocreateatotalmanagementsolution,wec
