IT Security
Securing your systems and data is universally understood as a mandatory necessity in all businesses.
But how do you go about it? What are you securing it from? How far do you go? Are your current security systems adequate? Does your security comply with legislative and privacy requirements? Have you analysed risks? How often is your security reviewed?
To adequately answer these questions a formal approach to IT security is necessary. It should start with a risk and vulnerability assessment. This provides the necessary information about an organization’s IT infrastructure and assets, and the current level of security. Using this information, the assessor can provide recommendations for increasing or enhancing that IT asset’s level of security based on the identified and known vulnerabilities that are inherent in the IT infrastructure and its assets.
Using a state-of-the-art, best practice standard (ISO/IEC 27001:2005) we can assist you in the implemention of an Information Security Management System that will enable your business to establish, implement , review and monitor, manage and maintain effective information security.
It is built on a Plan-Do-Check-Act (PDCA) model, and the requirement for continutal improvement.
Risk Management is at the core of the ISO/IEC 27001 and it provides a framework to implement effective information securuity management in compliance with business requirements and organisational objectives. The standard is a risk-based specification, designed to take care of information secuirty aspects of corporate governance, protection of information assets, legal and contractual obligations as well as the wide range of threats to an organistaion's information and communications technology (ICT) systems and business processes.