Information Security For Business

What Is The Best Approach To Provide Security?

We protect our homes and cars in a systematic manner, perhaps with door and window locks, intruder alarm systems and car immobilisers. We think about what the risks are and introduce relevant countermeasures.

Protecting your company information requires a similar approach.

The most effective way of providing information security is to use a structured approach based upon your specific security requirements. This will ensure that you concentrate on the important areas.

'A Code of Practice for Information Security Management' was published in 1995 as a British Standard, BS 7799. This provides a comprehensive set of security controls comprising the best information security practices in current use. It s objectives are to provide organisations with a common basis for providing information security and to enable information to be shared between organisations.

BS 7799 contains many controls and identifies ten that are considered 'key' controls. You should consider implementing these ten controls as a baseline across your organisation. In some important specific business areas you may wish to implement additional controls and security measures. The ten key controls are discussed in more detail in the section 'How do I provide security solutions?'

BS 7799 - The Ten Key Controls

• information security policy document
• allocation of information security responsibilities
• information security education and training
• reporting of security incidents
• virus controls
• business continuity planning process
• control of proprietary software copying
• safeguarding of organisational records
• data protection
• compliance with the security policy