Information Security Management Systems
Many organisations recognise that their approach to information security management systems lacks effective governance and efficient resource allocation. The reality is that too many organisations lack an effective means to assess and identify information security threats and risk. Consequently, this is relevant to their organisation. What this often leads to is a haphazard or uncoordinated approach to their selection of controls. As a result, do little to reduce the organisations overall risk profile. Finally, the outcome is an inadequate security strategy that not only falls short in supporting business requirements but also results in incorrectly aligned or over investment.
A proven and globally recognised information security management framework is ISO/IEC 27001. ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) within the context of the organisation. Furthermore, it also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation.
The ISO/IEC 27001:2013 standard contains control domains, outlined below, which are aligned to industry best practices. Consequently, the framework is very flexible in nature and allows an organisation to select controls from the domains that align to the scope of their ISMS and the outcomes from the risk assessment.
- Information security policies
- Organization of information security
- Human resource security
- Asset management
- Access control
- Cryptography
- Physical and environmental security
- Operations security
- Communications security
- System acquisition, development and maintenance
- Supplier relationships
- Information security incident management
- Information security aspects of business continuity management
- Compliance; with internal requirements, such as policies, and with external requirements, such as laws
Why Sense of Security
Sense of Security’s Governance, Risk and Compliance Practice employs experienced ISO 27001 Lead Auditors that can assist any organisation develop and implement an effective security strategy that aligns to ISO/IEC 27001:2013 or supports a full certification objective. Certification will not only support the organisations internal security governance objectives but also demonstrate to customers that protection of their sensitive information will be conducted in an effective and consistent manner. As a result, this in itself is likely to lead to repeat or new business opportunities for the organisation.
Similarly, for NSW Government Departments, Statutory Bodies and Shared Service Providers we are fully conversant with the State governments Digital Information Security Policy (DISP) v2.0 and its mandate to align and or certify to ISO27001.
Furthermore, to discuss how our team of consultants can assist your organisations ISMS objective please feel free to contact us on 1300 922 923 or complete the enquiry form by pressing the button below.