INFORMATION SECURITY: Principle 5
ISO 27001 Information Security Principles
Principle 8 – Active Prevention and Detection of Information Security Incidents
Effective information security requires an active system that prevents and detects incidents, such as breaches of security. The effectiveness of your information security will not be true if your system fails to detect or prevent these breaches.
The 5 types of Security Breaches:
- Malware
- Phishing
- Password Attacks
- Ransomware
- Denial-of-Service
You need to always be on guard as you will be constantly monitoring for incidents and preventing incidents. Transparency is also vital in this regard. Thus, a culture of blame-free behaviour is essential. It sounds simple, but it’s difficult.
As humans, we are hardwired to point the finger at people when they fail to prevent security breaches or fail to detect them. It is imperative that you stop accusing people and encourage them to report. Your system will fail the moment you start blaming again. It needs constant attention.
It is vital to determine how many security breaches are occurring on your networks and systems.
Use SHEQ software
To design and implement a Quality Management System, SRM and many of our clients use Mango Compliance Software – www.mangolive.com Mango makes it easier to obtain and maintain ISO 9001:2015 certification.
SRM is ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018 certified. Contact our consultants today. Let us know if we can help you with the development and implementation of your Quality Management System.