Datasec - IT Security & Control

Information Security Management System

ISO/IEC 27001, titled "Information Security Management - Specification with Guidance for Use", is the replacement for BS7799-2. It is intended to provide the foundation for third party audit, and is 'harmonized' with other management standards, such as ISO 9001 and ISO 14001.

The basic objective of the standard is to help establish and maintain an effective information security management system, using a continual improvement approach. It implements OECD (Organization for Economic Cooperation and Development) principles, governing security of information and network systems.

Risks

These standards have been developed as a consequence of growing losses suffered by organizations without a true knowledge of information importance.

Having criteria of the various risks and the impact of security gaps on business are basic elements of cautiousness for today’s executives.

Whether it is a an IT fraud, the lack of a critical system, web site disfiguration, or confidential information stealing, what is crucial is to understand the magnitude of the consequent possible damages, from productivity to facing high recovery costs, or suffering a serious image and credibility loss that jeopardizes the survival in the company.

Security

Protecting information is essential to many companies in terms of:

Availability: information must be available in correct shape when needed
Integrity: must be granted that information and processing methods are correct and complete.
Confidentiality: only authorized users may have access to relevant information

Information

Information is a valuable active that requires an adequate protection

Information may be:

Printed or in written paper
Electronically stored
Transferred via mail or electronic ways
Showed on films
Spoken in conversation

We must protect adequately any of the forms information takes as well as the storing and sharing ways.

ISO/IEC 27001:2005 follow the Deming Cycle steps (plan, do, check, act) to implement and keep an Information Security Management System able to be certified by competent organizations.

ISO/IEC 27002:2007 is a code for Information Security Management Best Practices.

Training

ISO/IEC 27001 information security Management Introduction Seminary.
Information security management Good Practices Seminary. ISO/IEC 27001 Control Revision.
Risk Management Seminary for an information security Management system.
Security Incidents Management Seminary. ISO/IEC 18044 standard.
Metrics and Indicators Seminary for information security Management. ISO/IEC 27004
Course/Workshop on information security Management System implantation and systemization.
Management levels awareness workshop on information security Management.
General staff awareness workshop on Security and information security Management.

Consulting

Assessment with respect to the ISO/IEC 27001 standard requirement.
Assessment regarding good practices suggested in the ISO/IEC 17799 standard.
Assess and support on implementing some of ISO/IEC 17799 Domains.
Internal Audits regarding ISO/IEC 27001 requirements.
Assess and support on implementing and certifying an information security Management system according to the ISO/IEC 27001.

Software tools

The Meycor CobiT® Suite or any of its independent modules can be purchased alternatively through the ISACA's Bookstore website.

*There is no connection or affiliation of any kind whatsoever between our company and Datasec Corporation, a USA based company. This fact will be considered when conducting business in the USA.

Technology and design by Grupo Triton