Certification of Information Security Management Systems (ISMS) according to MSZ ISO/IEC 27001:2006
The security of information is a „sensitive point” at a lot of companies. A little gap in the information security system may often mean an open point to the potential attacks that may shake the company to the foundations. The World Wide Web, electronic trade, industrial espionage, global virus attacks or just the international catastrophes as in the case of World Trade Centre in New York made obvious the necessity of the high levelled information security management systems.
The information - according to one of the definition - meaningful data and accordingly it may exist in many different forms: printed or written on paper, stored electronically, forwarded by mail or electronically, presented in film or by voices in course of a conversation. It is recommended to protect, store or forward the information properly being in any form.
The information is such a property that has value and which value – similarly to other important business assets - the organisation has to protect properly. The information security protects the information against several threatening in order that the continuity of the business should be ensured, the business damage should be minimum and the business possibility and the return of investments should be maximum.
The information security safeguards the
a) confidence of information: protects the information that only authorized person should have access to it
b) integrity of information: protects the accuracy and entirety of the information and its processing method
c) availability of information: provides that the authorized person can really access the required information and the necessary equipment be at his/her disposal.
Topics, security measures and methods related to information security can be classified into more groups in many ways according to different criteria. Such as:
- Data protection: protection of information systems against losing the data, rules, processes and solutions ensuring the continual availability of data.
- Data security: rules, processes and solutions preventing the unauthorized access to the data of information systems.
In general the security can be considered as satisfactory if the cost and the method of the protection as well as the risk of damage (value of loss × probability of occurrence) are under tolerable limit. However it is necessary to emphasize that not only the sum but the method of the protection are important, namely the protection shall be realised completely and exclusively. The tolerable risk defines the rate of investment that can be determined on the basis of tolerable limit indicated in a risk matrix. This limit shall be individually defined for all organisations in course of examination of information security.
Where shall an information security management system be implemented and certified?
- IT companies that carry out software development and prepare information projects.
- Financial, administrative organisations, authorities and insurance companies that handle the personal data of their customers.
- Security companies that deal with property protection, defensive and guarding technology.
- Logistic companies that contact their customer in electronic way.
- Health institutions that provide health care.
What shall you do if you want to be our client?
If you are interested in our offer, you can receive the necessary information from one of our certification managers on our Accessibilities. Or fill in, please, our "Request for Quotation" form and send it to us. We will welcome you among our client with pleasure and will send you a customized quotation as a reply.