The broad spectrum of information security

In this rapidly changing world, well-organized, precisely documented and secure information systems are vital for any successful operation. It is equally important to work within strictly defined frameworks while retaining the flexibility to deliver the level of security required by your organization.

Organizations can improve efficiency and strengthen their reputation by focusing on information security and quality management.

Information technology and the Internet in particular have opened up a whole new field of possibilities. An example of this is the Internet banking environment, where people can now do all their banking business without walking into a bank. The generation of children growing up now may never

need to enter a bank building. Another example is the ability to communicate with authorities through the Web, such as organizing and querying tax returns and service applications with a local government. This development will continue to happen and the result will be that more and more people will have access to an ever-growing service portfolio across various sectors, including the health sector. Health records, for example, are already kept in an electronic format, enhancing accessibility and flexibility of usage.

These developments all have their benefits; however they also have their drawbacks, especially in terms of information security and data protection.

Implementing information security standards

The scope of such international security standards as ISO 27002 and ISO 27001 are not exclusively limited to addressing the regulation of just information systems. They also cover all related work and equipment. Consequently, the ways in which users should use the information and systems available to them must be defined. One of the most effective ways of doing this is by implementing information security standards, which help to address any security and data protection issues companies and organizations may face. Drawing up operating procedures is also important.

 

Businesses can also benefit from putting together a manual, which should contain, among other things, company policy, work procedures and processes. Ideally, the manual should also include all registered assets, processes and procedures in a comprehensive fashion, and incorporate points of emphasis, such as quality issues, information security and environmental security. In this way, management and employees can gain a comprehensive view of the entire business.

Implementing information security and adhering to international and respected standards reduces security breaches and the disruptions they cause to productivity and quality in trade and commerce.

Standards are formal documents that establish uniform technical criteria, methods, processes and practices. They are issued by respected global bodies, such as the International Organization for Standardization (ISO) and the British Standards Institute (BSI).

Certification is granted by a third party, which verifies certain operating procedures comply with the criteria specified in a standard. Gaining accreditation according to an international standard increases a company’s credibility and enhances its standing among its competitors.

Of course there are some that are critical of such certification standards, claiming that it requires a great deal of time-consuming documentation work. This may be the case, but it is equally important to gain certification. After all people do make mistakes, so it is often wise to seek assistance from a consultant outside of the company.

The majority of managers running a certified businesses state that they have benefited from obtaining such certification. Once a business is certified, it becomes easier to make improvements and the regular certification audits help managers find new opportunities. In the end, certification pays back in better management and better performance.

By: Svana Helen Björnsdóttir, Chariman of the Board for Stiki