Logic Of ISO 27001 And How Does Information Security Work?

By john.pbtm
•
09 May, 2017
•

While discussing such standards with someone who is not very familiar with it, I normally encounter the same problem, i.e. most of them believe that this standard is somewhat a detailed description of tasks that must be carried out by them in order to make things secure.

For instance, when and how many time will they need to make backups, how distant shall their recovery site from the disasters that may take place and what is the type of technology that they should go for when trying to protect their networks from attackers, etc.

The truth is a bitter and totally another way round, but let me share it, ISO 27001 works in totally different passion and it does not prescribe any of the aforementioned thoughts from those who are unfamiliar or new to it.

Why not prescriptive?

Let’s assume it for a while that it is a standard that prescribes you to make backups of your system every 24 hours. But honestly speaking, do you think that it really would be the right idea for you in such a fast paced and always changing technological trends.

For some may be it will work, but in most organizations, backups are required twice in an hour if not possible to make it in real time.

Management of Risk is the core idea in ISO 27001:

Naturally, this thought may trigger in your mind that what is good for when it does not even tell me firmly how to secure things especially data. My answer would be that it provides you with a structure so as to enable you to opt for the best and relevant protections that may be in line with your security needs.

You cannot rely on IT alone:

If you are working in an IT department of a company, you will second me when I say that data loss or other incidents do not always happen just because a system may have crashed, it is actually the way users (staff members) usually deal with the systems, means wrongly in many cases.

Such gaps cannot be prevented with the help of safeguarding only. Robust and secure operations would require additional steps in the form of the following:

A set of clear and precise policies
Smart Procedures
Staff awareness and regular training sessions
Protection by law
Ensuring that information is handled using the disciplined measures

The role of Top management:

For it to be a success for any organization both the aforementioned standard and data security must be dealt by the company executives. If they are not involved and things are left to be dealt by the lower or mid-level staff then one as an entrepreneur must only expect the least results.

Following is a set of checks that is offered by the said standard in order to guide the top management in the right directions:

They must define their enterprise anticipations (goals) for information security.
They must publish a robust policy on how to manage and analyze whether the set goals have been achieved or not.
Data safety oriented duties shall be designated accordingly to the most relevant personnel.
One must ensure regular reviews whether all the targets are actually met or not
They must provide adequate human resource and money for things to operate smoothly.

You can avoid deterioration in your company:

Any new task/project may get everyone’s attention and they may want to put in their 100% in the first few days or weeks but with the passage of time, the interest and zeal in the commitment may start to fade out and deteriorate. This is a normal course and this is what ISO 27001 and robust cyber security frameworks can save one’s projects from, i.e. you can avoid deterioration with their help.

Mail

How Can An ELV Design and Security Consultant Help

By john.pbtm • May 13, 2017

The script for business owners in the modern world is simply cut out, i.e. they will need to ensure that they are backed with professional assistance 24/7. Especially when markets are firm and rigid in nature like those of KSA, moving on with a fluked or weak approach where would not work to be honest.

What Are The Don’ts Of Control Room Design?

By john.pbtm • May 1, 2017

Terrorism, robbery and many other accidents like this are the main concerns due to which we consider security as an important aspect of this era. The design of the control room from where the security matters are watched also holds the key to better protection from such accidents. It is important for an organization to give importance to the design of the control room. If it is designed well, according to the defined modern norms then the chances to remain safe from many accidents increases a great deal.

What Are The Filtering Types Of Firewall?

By john.pbtm • April 13, 2017

Firewalls are performing their operations for a single purpose that is providing protection to a whole network. As networks are of different structures and none of their purposes are common, the different forms and types of firewalls and their dissimilarity of filtration mechanisms are available.

2017 Comes With 14 New Threat Trends

By john.pbtm • April 10, 2017

A report about the threat prediction released by Intel security has identified 14 threat trends for the year 2017, other things include critical developments made for the safety of cloud technology and the internet of things (IoT), and also the six challenges to be solved that are faced by the cyber safety industry.

Which Steps Managed Security Services Are Comprised Of?

By john.pbtm • March 31, 2017

It is really important for all the multinational and big business firms to opt the Managed Security Services for the better protection of their IT network. The Short form for this service normally everyone is aware about, is MSS’s. In this article, we will put emphasis on the major aspects which are involved in it to ensure the security of any network.

Information Security! A Step To Better Security Hygiene

By john.pbtm • March 22, 2017

For the success of the business and keep it running smoothly, it is really important to take care of the information related security matters in a well disguised way. As we know, in this era the businesses have been at the stake of high risks, that’s because the vulnerabilities just keep on getting stronger day by day. So it is really important for you either consult a professional and experienced individual, or hire their fulltime services to better take care of your firm's information security.

In this advanced era, we can never deny the usefulness and the need of the information security consulting firm. They really are the right ones to be approached, to safeguard a business’s information security matters. For a better security hygiene, you must take this advice seriously, certainly it will pay you off a great deal.

Risk Of Cyber Attacks On Organizations?

By john.pbtm • March 15, 2017

The latest survey shows that those countries which are wealthier at mostly in the sight for cyber-attacks. Because from these countries the chances of becoming rich by commencing these attacks are more than anywhere else.

Proper Design Of Control Room And Importance Of Lighting

By john.pbtm • March 8, 2017

Is the need of the time to turn our attentions towards the much needed trend of supervision in the modern times? Don’t have any idea, where to start from or what to do and how to do? We got a solution for you.

Why Is Everyone Talking About Patch Management Services?

By john.pbtm • February 28, 2017

A person who uses a PC is used to with the irregular pop-up messages when he is operating system. In each release Windows has tried to make it less unobtrusive as far as updates go. It gives one numerous alternatives for dealing with updates ranging from letting one know when updates are accessible, downloading updates and letting one know when they are ready to install and the full auto-pilot mode where it downloads and installs the updates without any user interaction.

Skills That You Can Learn From Information Security Course

By john.pbtm • February 27, 2017

Business procedures depend a lot on data and information. Even information is equated with power and money. To preserve their valuable resources, big companies need computer safety experts.