1395/11/30 14:02


IT security management

Information Security Management System ISMS

New version of ISO 27001:2013 was published. Transition requirements.

IAF has issued a resolution concerning transition: “The General Assembly, acting on the recommendation of the Technical Committee, resolved to endorse ISO/IEC 27001:2013 Information technology - Security techniques - Information security management systems – Requirements, as a normative document. The General Assembly further agreed that the deadline for conformance to ISO/IEC 27001:2013 will be two years from the date of publication. One year after publication of ISO/IEC 27001:2013, all new accredited certifications issued shall be to ISO/IEC 27001:2013. Note: As the date of publication was 1 October 2013, the deadline for Certification Bodies to conform will be 1 October 2015.” CBF (Certification) is already accredited for new ISO/IEC 27001:2013 standard.

Obtaining secret data from competitors.

Information today is one of the most important "assets" of a firm. What does loss of data, leaking of trade secrets or just a breakdown in the information system mean to your firm? If these risks are important to you from the point of view of the threat of the running and development of your company, look for a solution via the introduction of a system of management of information security. By its certification you can demonstrate trustworthiness to your partners for access to their information systems or for mutual sharing of data and information. Competitors can use the database of contacts for your clients, can gain information about your prices, secret production technology or instructions, and also information about your key employees.

Data loss.

The loss of the database can mean a threat or slowing down in the activities of the company, considerable expenses for their reconstruction and a large loss of orders or claims from clients. In the case of a threat to accounts or secret personal databases there could be sanctions from the state.

Interruption in the running of the company.

An uncommonly frequent maintenance of the system, removing faults and glitches, incompatibility; these all mean that the company employees devote their time to different activities than directed towards the company. Clients understand temporary problems only if they do not occur frequently and repeatedly, especially when you are running sales outlets or warehouses.

Threats (selection)

•Misuse of administrator rights • Data management negligence and laxity • Data deletion • Ta ping to the important negotiations • System hacking • Adverse and hostile SW installation • System non functionality • Data theft •Errors and omissions of the users • Incorrect routing • System accidents • Natural disaster • Clients compensations

Tags :