Call us: +44 20 3327 0699  
Managed Cyber Security Consulting


Logic Of ISO 27001 And How Does Information Security Work? 

  • By john.pbtm
  • 09 May, 2017
Logic Of ISO 27001 And How Does Information Security Work

While discussing such standards with someone who is not very familiar with it, I normally encounter the same problem, i.e. most of them believe that this standard is somewhat a detailed description of tasks that must be carried out by them in order to make things secure.

For instance, when and how many time will they need to make backups, how distant shall their recovery site from the disasters that may take place and what is the type of technology that they should go for when trying to protect their networks from attackers, etc.

The truth is a bitter and totally another way round, but let me share it, ISO 27001 works in totally different passion and it does not prescribe any of the aforementioned thoughts from those who are unfamiliar or new to it.

Why not prescriptive?

Let’s assume it for a while that it is a standard that prescribes you to make backups of your system every 24 hours. But honestly speaking, do you think that it really would be the right idea for you in such a fast paced and always changing technological trends.

For some may be it will work, but in most organizations, backups are required twice in an hour if not possible to make it in real time. 

Management of Risk is the core idea in ISO 27001:

Naturally, this thought may trigger in your mind that what is good for when it does not even tell me firmly how to secure things especially data. My answer would be that it provides you with a structure so as to enable you to opt for the best and relevant protections that may be in line with your security needs.

ISO 27001 Qatar
ISO 27001

You cannot rely on IT alone:

If you are working in an IT department of a company, you will second me when I say that data loss or other incidents do not always happen just because a system may have crashed, it is actually the way users (staff members) usually deal with the systems, means wrongly in many cases.

Such gaps cannot be prevented with the help of safeguarding only. Robust and secure operations would require additional steps in the form of the following:

  • A set of clear and precise policies
  • Smart Procedures
  • Staff awareness and regular training sessions
  • Protection by law
  • Ensuring that information is handled using the disciplined measures

The role of Top management:

For it to be a success for any organization both the aforementioned standard and data security must be dealt by the company executives. If they are not involved and things are left to be dealt by the lower or mid-level staff then one as an entrepreneur must only expect the least results. 
Information Security and Data Safety
Information Security and Data Safety

Following is a set of checks that is offered by the said standard in order to guide the top management in the right directions:

  1. They must define their enterprise anticipations (goals) for information security .
  2. They must publish a robust policy on how to manage and analyze whether the set goals have been achieved or not.
  3. Data safety oriented duties shall be designated accordingly to the most relevant personnel.
  4. One must ensure regular reviews whether all the targets are actually met or not
  5. They must provide adequate human resource and money for things to operate smoothly.

You can avoid deterioration in your company:

Any new task/project may get everyone’s attention and they may want to put in their 100% in the first few days or weeks but with the passage of time, the interest and zeal in the commitment may start to fade out and deteriorate. This is a normal course and this is what ISO 27001 and robust cyber security frameworks can save one’s projects from, i.e. you can avoid deterioration with their help. 
By john.pbtm 13 May, 2017

The script for business owners in the modern world is simply cut out, i.e. they will need to ensure that they are backed with professional assistance 24/7. Especially when markets are firm and rigid in nature like those of KSA, moving on with a fluked or weak approach where would not work to be honest.

By john.pbtm 09 May, 2017

While discussing such standards with someone who is not very familiar with it, I normally encounter the same problem, i.e. most of them believe that this standard is somewhat a detailed description of tasks that must be carried out by them in order to make things secure.

For instance, when and how many time will they need to make backups, how distant shall their recovery site from the disasters that may take place and what is the type of technology that they should go for when trying to protect their networks from attackers, etc.

The truth is a bitter and totally another way round, but let me share it, ISO 27001 works in totally different passion and it does not prescribe any of the aforementioned thoughts from those who are unfamiliar or new to it.
By john.pbtm 01 May, 2017

Terrorism, robbery and many other accidents like this are the main concerns due to which we consider security as an important aspect of this era. The design of the control room from where the security matters are watched also holds the key to better protection from such accidents.

It is important for an organization to give importance to the design of the control room. If it is designed well, according to the defined modern norms then the chances to remain safe from many accidents increases a great deal. Thus, we can say that CCTV control room design holds a vital key in all the security matter.

By john.pbtm 13 Apr, 2017

The most critical component for the stable positioning of IT security of a business is firewall. Designed just like a wall for security of a physical building, the main purpose of their security is to prevent the entire connected devices from external attacks.

In a wide network, when a single device or one part of the whole network is under attack and is accessed through unauthorized means, the firewall management is performed in such a way that it will allow the rest of devices and other parts of the network unharmed.

As individuals are continuously looking forward for observing interesting facts of technology innovations, so is the interesting facts regarding firewall protection are presented here. These facts are those agents that have given weight to the importance of firewall protection.

By john.pbtm 10 Apr, 2017

A report about the threat prediction released by Intel security has identified 14 threat trends for the year 2017, other things include critical developments made for the safety of cloud technology and the internet of things (IoT), and also the six challenges to be solved that are faced by the cyber safety industry.

The vice president of Intel Security’s McAfee Labs Vincent Weafer says that “we need to neutralize our rival’s greatest advantages to change the balance between the defenders and the attackers.” A new defensive technique’s stays effective until the hackers develop measures to counter and evade it.
By john.pbtm 31 Mar, 2017

It is really important for all the multinational and big business firms to opt the Managed Security Services for the better protection of their IT network. The Short form for this service normally everyone is aware about, is MSS’s. In this article, we will put emphasis on the major aspects which are involved in it to ensure the security of any network.

In this advanced era, everyone has access to the internet and its negative as well as the positive aspects. The positive aspects are okay for everyone, but when it comes to the negative ones, they are the one which we all are worried about. So to ensure our safety, we definitely need something like managed security services Oman .

By john.pbtm 22 Mar, 2017
For the success of the business and keep it running smoothly, it is really important to take care of the information related security matters in a well disguised way. As we know, in this era the businesses have been at the stake of high risks, that’s because the vulnerabilities just keep on getting stronger day by day. So it is really important for you either consult a professional and experienced individual, or hire their fulltime services to better take care of your firm's information security.

In this advanced era, we can never deny the usefulness and the need of the information security consulting firm. They really are the right ones to be approached, to safeguard a business’s information security matters. For a better security hygiene, you must take this advice seriously, certainly it will pay you off a great deal.
By john.pbtm 15 Mar, 2017
The latest survey shows that those countries which are wealthier at mostly in the sight for cyber-attacks. Because from these countries the chances of becoming rich by commencing these attacks are more than anywhere else. Countries like USA, Japan, Korea, they all are reported to be at high risk when it comes to cyber-crimes. The recent report also said that this crime costs around $400 Million worldwide on a yearly basis. So you can clearly see how devastating that issue is for all of us.

It should be the utmost priority for any organization to make proper plans and arrangements to remain safe from this crime. Cyber security UK is necessary for you because if your organization is being hit by such an attack then it would result in to be the biggest setback for you. That’s because, these attacks leave you in the state of misery, and suddenly everything is taken away from you and makes you bankrupt. Following are the huge drawbacks of these security flaws.
By john.pbtm 08 Mar, 2017

Is the need of the time to turn our attentions towards the much needed trend of supervision in the modern times? Don’t have any idea, where to start from or what to do and how to do? We got a solution for you.

By john.pbtm 28 Feb, 2017
A person who uses a PC is used to with the irregular pop-up messages when he is operating system. In each release Windows has tried to make it less unobtrusive as far as updates go. It gives one numerous alternatives for dealing with updates ranging from letting one know when updates are accessible, downloading updates and letting one know when they are ready to install and the full auto-pilot mode where it downloads and installs the updates without any user interaction.
More Posts
Share by: