Information security based on ISO/IEC 27001

Information Security is not only about securing information from unauthorized access. Information Security is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. Information can be physical or electronic one. Information can be anything like Your details or we can say your profile on social media, your data in mobile phone, your biometrics etc. Thus Information Security spans so many research areas like Cryptography, Mobile Computing, Cyber Forensics, Online Social Media etc.

During First World War, Multi-tier Classification System was developed keeping in mind sensitivity of information. With the beginning of Second World War formal alignment of Classification System was done. Alan Turing was the one who successfully decrypted Enigma Machine which was used by Germans to encrypt warfare data.

Information Security programs are build around 3 objectives, commonly known as CIA – Confidentiality, Integrity, Availability.

ITSM CENTER will help you to get ready for, and address your potential issues and deficiencies prior undergoing certification, hence minimizing your costs of the certification process by taking possible corrective actions prior the beginning of the certification process.The certification process itself can then be embarked upon via a suitable accredited third party.

The process starts when the organization makes the decision to embark upon the exercise. Clearly, at this point, it is also important to ensure management commitment and then assign responsibilities for the project itself.

An organizational top level policy can then be developed and published. This can, and will normally, be supported by subordinate policies. The next stage is particularly critical: scoping. This will define which part(s) of the organization will be covered by the ISMS. Typically, it will define the location, assets and technology to be included.

At this stage a risk assessment will be undertaken, to determine the organization's risk exposure/profile, and identify the best route to address this. The document produced will be the basis for the next stage, which will be the management of those risks. A part of this process will be selection of appropriate controls with respect to those outlined in the standard (and ISO27002), with the justification for each decision recorded in a Statement of Applicability (SOA). The controls themselves should then be implemented as appropriate.

Few companies can afford the depth and breadth of IT and security specialists required to address the increasing number of IT related risks. IT Internal Audit Services provide clients a cost-effective alternative for the development and execution of an internal audit plan aimed at addressing IT related business risks. Services range from single discreet projects focused on a specific risk, to partial or full IT internal audit outsourcing.

Internal Audit of Information Security Management System (ISMS) is a mandatory step before getting accreditation but it also gives organisations a quick overview of the current compliance with ISO/IEC 27001.