INFORMATION SECURITY: Integrating Security Into Information Networks And Systems

ISO 27001 Information Security Principles

Principle 7 – Integrating Security Into Information Networks And Systems

Security must be incorporated from the beginning, as well as tested, implemented and maintained as you design, develop, test, implement, and maintain your information networks and systems. Let’s begin by looking at the key elements of information security:

  • Vulnerability
  • Threat
  • Threat agent
  • Risk
  • Exposure
  • Treatment or controls

Security must be incorporated from the beginning, as well as tested, implemented and maintained as you design, develop, test, implement, and maintain your information networks and systems. Let’s begin by looking at the key elements of information security:

  • Vulnerability
  • Threat
  • Threat agent
  • Risk
  • Exposure
  • Treatment or controls

The Vulnerability is a place where an attacker can use a weakness to gain access to a computer, enter a building or invade your network and then access your information assets unauthorized. The Threat is the possibility that someone or software can identify and exploit the vulnerability. When a vulnerability is exploited, it is the threat agent that takes advantage of it. There is then a Risk. Risk refers to the probability and severity of a threat agent exploiting your vulnerability and attacking it.  The business impact will be similar, and there could be losses as a result.

You and your systems are Exposed when they are susceptible to a threat agent. In other words, Treatments or Controls minimize risk, close the gaps, and decrease vulnerability.

All these elements are related.

Your organisation needs to understand the terminology of information security. You should always keep in mind that your information networks and systems are always vulnerable.  Your network and systems are always on the lookout for a chance to expose you.

The risk of that occurring must be determined (or its probability and severity determined) and then the risk can be minimized with treatments or controls implemented. Treatments and controls should be strong enough to reduce the risk to an acceptable level. You will be more vulnerable to threats if you fail to reduce risk to an acceptable level.

To achieve ISO 27001, information security is fundamental.

  • Be sure to discuss security regularly.
  • Prioritize security.
  • Ensure accountability.
  • Security should always be a priority.
  • IT is not the only department responsible for security.

Use SHEQ software

To design and implement a Quality Management System, SRM and many of our clients use Mango Compliance Software – www.mangolive.com Mango makes it easier to obtain and maintain ISO 9001:2015 certification.

 

SRM is ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018 certified. Contact our consultants today. Let us know if we can help you with the development and implementation of your Quality Management System.