IT security management
Information Security Management System ISMS
New version of ISO 27001:2013 was published. Transition requirements.
IAF has issued a resolution concerning
“The General Assembly, acting on the recommendation of the Technical
Committee, resolved to endorse ISO/IEC 27001:2013 Information technology
- Security techniques - Information security management systems –
Requirements, as a normative document. The General Assembly further
agreed that the deadline for conformance to ISO/IEC 27001:2013 will be
two years from the date of publication. One year after publication of
ISO/IEC 27001:2013, all new accredited certifications issued shall be to
Note: As the date of publication was 1 October 2013, the deadline for
Certification Bodies to conform will be 1 October 2015.” CBF (Certification) is already accredited for new ISO/IEC 27001:2013
Obtaining secret data from competitors.
Information today is one of the most important
"assets" of a firm. What does loss of data, leaking of trade secrets or
just a breakdown in the information system mean to your firm? If these
risks are important to you from the point of view of the threat of the
running and development of your company, look for a solution via the
introduction of a system of management of information security. By its
certification you can demonstrate trustworthiness to your partners for
access to their information systems or for mutual sharing of data and
Competitors can use the database of contacts for your clients, can gain
information about your prices, secret production technology or
instructions, and also information about your key employees.
The loss of the database can mean a threat or
slowing down in the activities of the company, considerable expenses for
their reconstruction and a large loss of orders or claims from clients.
In the case of a threat to accounts or secret personal databases there
could be sanctions from the state.
Interruption in the running of the company.
An uncommonly frequent maintenance of the system,
removing faults and glitches, incompatibility; these all mean that the
company employees devote their time to different activities than
directed towards the company. Clients understand temporary problems only
if they do not occur frequently and repeatedly, especially when you are
running sales outlets or warehouses.
•Misuse of administrator rights • Data management
negligence and laxity • Data deletion • Ta ping to the important
negotiations • System hacking • Adverse and hostile SW installation •
System non functionality • Data theft •Errors and omissions of the users •
Incorrect routing • System accidents • Natural disaster • Clients