Security
refers to the policies, procedures and technical measures used to prevent
unauthorised access, alteration, theft and physical damage to information
systems by outside hackers as well as employees. Security can be promoted with
a range of tools and techniques to safeguard the computers hardware, software,
communication networks and data.
In the early 1990s, representatives from some major organisations such as Shell, BT, Nationwide, and Marks and Spencer with both concern for information security and experience in management, put their resources together to define best practice. This document was published as a Public Document - PD0003 by the British Standards Institution, but was later converted to BS 7799:1995 - A Code of Practice for Information Security Management. The Standards committee then adapted the Code to become a better basis for certification by turning it into a specification for an information security management system. Thus BS 7799 Part 2:1998 was published. With the increase attention and pressure on security these standard have now become international with the publication of ISO 27001:2005 Information technology - Information security management systems - Requirements and ISO 27001 Information technology - Code of practice for information security management.
 |
Security Management Implementation Support | ||||||
|
|
It was only a matter of time before an ISO security standard emerged for information technology. ISO 27001 is the international Information Security Management System (ISMS) standard which is a comprehensive set of controls comprising best practices in information security. It is intended to serve as a single reference point for identifying a range of controls needed for most situations where information systems are used in industry and commerce.
ISO 17799 was first published as a DTI Code of Practice in the UK. It was rebadged and published as Version 1 of BS 7799, published in February 1995. It was not widely accepted for various reasons, such as not having a simplistic approach or being flexible enough. Version 2 was published in May 1999 which was a major revision. Formal certification and accreditation schemes were also launched in the same year, followed by the ISO standard being published.
ISO 27001 is comprehensive in its coverage of security issues. It contains a considerable number of control requirements, some of which are quite complex. Compliance with ISO 27001 and certification can be a difficult and overwhelming task. It should be taken one step at a time. The best starting point is most likely to be an assessment of the current position, followed by the identification of changes which are needed for ISO 27001, and then comes planning and implementation.
For QM&T's special white paper comparing BS ISO/IEC 27001:2005 (BS 7799-2:2005) Information technology - Security techniques - Information security management systems - Requirements With BS 7799-2:2002 Information security management systems - Specification with guidance for use please contact QM&T- details below.
ISO 27001 (Requirements) and the associated ISO 17799 (Guide) is covers ten major elements:
Our experienced and knowledgeable staff have frequently been requested to provide security management system support not only for organisations wishing to meet the requirements of ISO 27001, but also those wishing to review, evaluate and improve their security arrangements.
For further information about implementing Information Security Management System to meet the requirements of ISO 27001 please contact QM&T- contact details below.
| Security Management Short Courses |
| ISO 27001 (BS 7799) Foundation |
| ISO 27001 (BS 7799) Audit |
| ISO 27001 Lead Assessor (Registered) |
If you would like to know more about Security Management Systems please contact QM&T at:
| Tel: | + 44 -0 1483 453511 |
| Fax: | + 44 -0 1483 453512 |
| Address: |
Quality Management & Training Ltd. PO Box 172, Guildford, Surrey, GU2 7FN United Kingdom |
| E-mail:l |
| Quality Management & Training Limited: http://www.qmt.co.uk/ Everything you wanted to know about Quality Management, Books, Distance Learning, Training courses, Software.... |
| Customer Satisfaction: http://www.customer-satisfaction.co.uk Our new Customer Satisfaction website which may help you consider, what options you have when evaluating, what your customers think of your organisation and its products and services? - How loyal are your customers? ... |
| Poka-Yoke: http://www.poka-yoke.org.uk Everything you wanted to know about Poke-Yoke and Fool or Mistake Proofing... |
| Quality: http://www.quality-uk.com/ Quality always appears to be a moving target, changing in terms of direction and standard, but after all this time of "getting it right" ... |
| Quality Books: http://www.quality-books.org.uk/ Quality Management & Training (publications) Limited offer a large selection of books, distance learning packages, videos, posters and software that cover all aspects of quality, environment, health & safety and security... |
| Quality Training: http://www.quality-training.org.uk A comprehensive range of Quality Assurance & Management Training courses (At QM&T training centre, Online, Distance Learning, In-company... |
| Root Cause Analysis: http://www.root-cause-analysis.co.uk Root cause analysis is a relatively new methodology that is continually evolving. Like most Quality Improvement approaches it is not magic; there is no silver bullet... |
| Security Management: http://www.security-management-systems.co.uk/ Security refers to the policies, procedures and technical measures used to prevent unauthorised access, alteration, theft and physical damage to information systems by outside hackers as well as employees... |
| Six Sigma: http://www.6sigma-training.co.uk or http://www.sigma-6.co.uk 6F - Six Sigma is a business strategy as well as a quality improvement technique. It began in the 1980s at ... |
| Process Mapping: http://www.process-mapping.co.uk Process Mapping and Process Flow Charting are techniques that can be employed to not only provide a visual representation of a procedure but also have the potential to identify significant savings in the way in which the process is organised and performed. This is particularly so when aligned with Process Cost Modelling... |
 |
Value Stream Mapping: (http://www.value-stream-mapping.co.uk/) is used to analyse the flow of materials and information currently required to bring a product or service to a customer. The technique originated in Toyota, where it is known as "Material and Information Flow Mapping"... |
| Failure Mode Effects Analysis: http://www.fmea-training.co.uk/ Failure Mode Effects Analysis (FMEA) or to give it its correct title Failure Mode Effects & Criticality Analysis (FMECA) is a logical technique used to identify and eliminate possible causes of failure. |
| IQA Diploma: http://www.iqa-diploma.co.uk QM&T are an Institute of Quality Assurance (IQA) registered Education Centre. This together with our team having over fifty years experience of working with the IQA, means that you can buy with confidence. Our IQA experience includes not only setting, markings and assessing IQA examination papers but also writing the standard text books for the courses and articles on Quality Assurance and attending various IQA meeting and committees. |
| Health & Safety: http://www.health-safety-online.co.uk QM&T has for over 20 years successfully delivering training support and are please to announce the following products to support your Health & safety initiative. |
| Quality Awareness: http://www.quality-awareness.co.uk Not getting the quality message across? New starts and even existing employees seem unaware of the quality management system or the importance of quality? |
Updated: November 2009
