Welcome to our InfoSec Website

What is Information

In most organizations one of the most important assets they have is Information. The problem is that information can take many forms from emails, printed material, written on paper or stored electronically. There are of course many other forms of information and we go into that in more detail in other sections of the site.

So of course some of the problems most organisations have when trying to control information, firstly understanding what type of information they have and secondly, what to do with it to unsure it’s properly managed.

Understanding these basic principles would seem simple but without proper managment and control information can so easily be overlooked. The ensure this problem does now arise an organization should implement an ISMS.

Information Security Management System

This is where the Information Security Management System comes in or ISMS. A good ISMS should contain everything an organization needs to ensure its information is managed correctly. Good InfoSec is an essential part of a professional organizations requirements and the InfoSec Director plays a crucial role in defining organizations objectives.

InfoSec Standards

There are many standards and guides that can be used to help you setup a good ISMS and we going into the different types in more detail in other sections. One of the most popular ISMS standards used today is the international standard ISO/IEC 27001: 2005 and was created with the help of many leading figures in the information security field from many of the largest companies in the world.

ISO/IEC 27001 can help you implement a very effective infosec framework and we will go through each section of the standard later and give guidance on how best to implement it into your business. A good ISMS based on ISO/IEC 27001 will give an organization a good platform for managing and continually improving the security of their information.

We have split the website up into the specific sections that are important to a good ISMS and allows us to go into great detail on each section of InfoSec to help you understand the complexities associated with maintaining a good ISMS.

Information Security is not just the responsibility of your InfoSec dept but all employees within your organization no matter how big or small. Without that mindset it is hard for any company or organization to fully understand and control its information assets.

My InfoSec Experience

I have over 11 years experience in all forms of Information Security Management, working for some of the largest companies and organizations in the world help them to setup security processes and systems from Risk to Compliance and of course the full ISMS.

I also have a MSc in Information Security and intend this sight to be my main vehicle to record my thoughts and opinions on the ever changing face of ISMS. Please feel free to leave comments or questions and I will be more than happy to reply.

ISMS in more detail

As you can see the website has been broken down into the following categories:

Risk – The detailed understanding of the Risk, controls and mitigation required to meet the requirements of a good ISMS. All businesses need to take risks and what they need is a way to calculate the impact of their activities on their company. This section covers everything you need to know to control the Risks associated with your organization.

Compliance – A fundamental part of InfoSec that allows a business the chance to understand what it is that is required to ensure they meet internal and external regulations. We talk about changing trends and influences both internally and external that can help to form your compliance requirements and discuss the many legal and regulatory issues that will impact your compliance plan.

Information – The term “Information Security” is specifically related to the control and understanding of information. We look at how this can be done from classifying the data and grouping it under specific sections such as Confidentiality, Integrity and Availability.

Legal – here we look at the many laws that can affect your organization and how you can put together a process that allows you understand the many influences globally that must be taken into account. We look at specific laws such as Data Privacy, SOx, US Export etc and tools that can help you  stay  compliant with any regulations that are relevant to your organization.