Search in ISMS Guides

Google
 

Sunday, September 2, 2007

IMPLEMENTING ISO 17799

It is becoming increasingly critical that information security is given the attention and level of importance it deserves. Most organizations are now totally dependent upon their information and business systems, so much so that serious disruption to those systems and the business information they contain can mean disaster or critical loss.

ISO17799 is the only internationally accepted worldwide standard/code dealing comprehensively with these issues. Purchasing this standard is a good first step, but as the standard is by necessity a comprehensive and therefore a fairly complex document, guidance is often necessary to help organizations decide where to start and what priorities should be applied to the implementation process.

The ISO17799 Toolkit was of course introduced to solve many of these issues in one step. As well as containing both parts of the standard, it also includes a full set of compliant policies ready for implementation, a road map for potential certification of the organization, an audit kit for network based systems, a business impact analysis questionnaire together with many other supportive items (eg: a disaster recovery kit, a management presentation and an IS glossary). This toolkit represents extremely good value as it can enable organizations to commence work with the introduction of vital security aids without reference to expensive external consulting resources.

However, even armed with a support kit like this, it is important to understand that the key to the standard is PROCESS... the creation and maintenance of a robust ISMS. This is occasionally overlooked, as some organizations simply adopt a tick list from the first part of the standard (ISO 17799). This is certainly a good stride forward, but is by no means the end of the journey.

When first considering the standard, therefore, it should be understood that the path forward will certainly include enhancement and improvement of security, but it will largely be driven via the creation and maintenance of information security management systems and supporting procedures.

Source : http://www.17799central.com/news.htm

No comments: