 |
|
- BS 7799 is the British Standard on Information Security Management, which provides a well_proven framework to initiate, implement, mantain and document information security within an organization. The standard is a bussiness-led approach to best practice on information security management.
- BS 7799 can be used by any size of business, in any sector, with any type of information systams, both manual and computerized.
- The use of BS 7799 allows you to develop an Information Security Management System (ISMS) and this involves three steps:
- Creation of a management framework for information. This sets the direction, aims and objectives of information security and defines a policy which has management commitment;
- Assessment of your security risks. Spending on controls should be balanced against the value of the information and other assets at risk, and the business implications of these risks;
- Selection and implementation of controls so that the identified security risks are reduced to an acceptable value. This will vary from organization to organization.
- Adopting BS 7799 cannot make your organization imune from security breaches. But, it will make them less likely and reduce the consequential cost and disruption if they do occur.
-
-
|
|
|
