Information Security Management Systems (ISMS) MSZ ISO/IEC 27001:2006
The security of information is a „sensitive point” at a lot of companies. A little gap in the information security system may often mean an open point to the potential attacks that may shake the company to the foundations. The World Wide Web, electronic trade, industrial espionage, global virus attacks or just the international catastrophes as in the case of World Trade Centre in New York made obvious the necessity of the high levelled information security management systems.
The information is such a property that has value and which value – similarly to other important business assets - the organisation has to protect properly. The information security protects the information against several threatening in order that the continuity of the business should be ensured, the business damage should be minimum and the business possibility and the return of investments should be maximum.
The actions regarding the information security can be classified into two main groups depending on their nature. They are:
- Data protection : protection of information systems against losing the
data, rules, processes and solutions ensuring the continual availability of
data.
- Data security: rules, processes and solutions preventing the unauthorized
access to the data of information systems.
The information may exist in different form: printed or written on paper, stored electronically, forwarded by mail or electronically, presented in film or by voices in course of a conversation. It is recommended to protect, store or forward the information properly being in any form.
The information security safeguards the
a) confidence of information: protects the information that only authorized
person should have access to it
b) integrity of information: protects the accuracy and entirety of the information
and its processing method
c) availability of information: provides that the authorized person can really
access the required information and the necessary equipment be at his/her disposal.
In general the security can be considered as satisfactory if the cost and the
method of the protection as well as the risk of damage (value of loss × probability
of occurrence) are under tolerable limit.
However it is necessary to emphasize that not only the sum but the method of
the protection are important, namely the protection shall be realised completely
and exclusively. The tolerable risk defines the rate of investment that can
be determined on the basis of tolerable limit indicated in a risk matrix. This
limit shall be individually defined for all organisations in course of examination
of information security.
Where shall an information security management system be implemented and certified?
- IT companies that carry out software development and prepare information projects.
- Financial, administrative organisations, authorities and insurance companies that handle the personal data of their customers.
- Security companies that deal with property protection, defensive and guarding technology.
- Logistic companies that contact their customer in electronic way.
- Health institutions that provide health care.
What shall you do if you want to be our client?
- If you are interested in our offer, you can receive the necessary information from one of our certification managers on the enclosed phone or fax number, or by e-mail. Or fill in, please, our „Request for Quotation” form and send it to us. We will welcome you among our client with pleasure and will send you a customized quotation as a reply.