Sydney, Nov 5, 2005 (ABN Newswire) - The International Organization for Standardization has developed the latest weapon to help global business secure their information assets and boost their defences against costly information security attacks.
The move comes following a number of high profile information security breaches that have exposed millions credit card users worldwide.
The new international standard titled, ISO/IEC 27001 Information Security Management Systems (ISMS), is designed to help ensure the selection of security controls for information assets such as customer lists, databases, billing information, banking details and audit records.
The ISO/IEC 27001 standard can assist organisations in:
- Formulating security requirements and objectives
- Cost effectively managing security risks
- Managing compliance with laws and regulations
- Designing a framework for implementing and managing controls to help ensure security objectives are met
- Providing information to clients about information security
The Chief Executive of SAI Global Limited, Mr Ross Wraight, said: "This new standard will be a vital weapon in an organization's armoury for guarding their information assets and although the information security requirements will be different for all organizations, one of the most effective approaches is the use of a standards based management system."
The most widely used standards based approach draws on:
ISO/IEC 27001: Information security management systems
ISO/IEC 17799:2005 Information technology ? security techniques ? code of practice for information security management
AS 4360 ? Risk management
HB 231 ? Risk management guidelines for information security.
According to Mr Wraight: "Using a standardized risk management approach to information security allows organizations to effectively manage risks associated with confidentiality, integrity and availability of information assets."
"It is also vitally important for organizations to help ensure their employees are effectively trained to understand the intent of the standard and the key principles of information security," said Mr Wraight.
"By utilising our on-line information security training program, for your eyes only, organizations can deliver training programs across the globe in the language of their choice and monitor and track employees performance."
"In-line with the requirements of the standard, we can help you track and monitor the regulatory and legal requirements your organization my face by using our Lawlex range of products and services."
"Organizations who are really serious about demonstrating compliance with an international standard should consider independent certification of their information security management system and earn the right to display the 'five checks' StandardsMark."
Contact
Available in English only at:
http://www.iso.org
| ||
|
