Information security assessments are necessary to ensure business continuity and minimise damage by preventing and reducing the impact of security incidents.
Information security management enables information to be shared, while ensuring the protection of information and computing assets.
There are three basic components:
Protecting sensitive information from unauthorised disclosure or intelligible interception
Safeguarding the accuracy and completeness of information and computer software
Ensuring that information and vital services are available to users when required
Information can take many forms. It can be stored on computers, transmitted across networks, printed out or written down on paper, and spoken in conversations. From a security perspective, appropriate protection should be applied to all forms of information.
Your information and the IT systems and networks that support it are vital organisational assets.
Experience has shown that the following factors are often critical to the successful implementation of information security within an organisation:
a) Security objectives and activities being based on management objectives
b) Visible support and commitment from top management
c) A good understanding of the security risks, both threats and vulnerabilities, to organisational assets and of the level of security inside the organisation, which should be based on the value and importance of the assets
d) Effective marketing of security to all managers and employees
e) Distribution of comprehensive guidance on information security policy and standards to all employees and contractors
In order to achieve these goals it would be necessary to undertake an assessment of an orgainsation to evaluate the current status of each component, with a view to attaining the best solution to each of the objectives set out.
Although listed below, it is accepted that in certain areas, primarily physical security little or no recommendations will be made as the standards that exist are already of a high nature.
- Physical & Environmental Security
- Computer & Network Management
- System Access Control
- Continuity Planning
- System Maintenance and Development
- Assets Classification and Control
- Personnel Security
After undertaking any necessary security assessments Cyber Crime Awareness Society would make recommendations, review and implement a manageable security policy, this would be in the form of:
- Providing a report outlining our assessment of the present system including potential security risks that exist.
- Making recommendations, which if agreed should be implemented to reduce those risks.
- Carrying out agreed implementations.
- Providing a coherent and manageable security policy covering all the aspects mentioned above.
For completeness and depending on the acceptable level of risk within any given environment, certain additional security assessments may be considered necessary, to ensure the implementation of any recommendations has not had an adverse impact on other deployed security measures.