Management information security

Details
IT Security

Information is now one of the main assets of the companies. It is necessary to protect intelligently preserving its security in the broad sense:

  • Notice is to ensure that information is available only to authorized persons.
  • Integrity is to ensure that the information is complete, accurate and protected against unauthorized changes.
  • Availability is to ensure that the information is available and can be used when needed.
  • Compliance is to ensure that the information and treatments are appropriate to the current legislation.

The information security in the company is not located only in the hardware, software and technical configurations, mainly in the corporate analysis is the same, its impact on the guidelines and business processes, which involves dissection and categorizing information according to business criteria.

This analysis, indicating the potential risks, contribute to assess and decide the measures to be acceptable for preventing them and acceptable costs.

In this line also pronounced current regulations regarding data protection, considering that the measures to be applied should be based on three areas, all of which are necessary: ​​

  • Organizational level: the key to define and maintain an information security management system (ISMS). Management and updating of the system as a whole so that it is effective and comprehensive with the passage of time is necessary.
  • Technical area: implementation of controls which arise as a result of developing the organizational level.
  • The legal field arises from the necessary enforcement and compliance. Increasingly regulations affecting the ICT law appears. And "corporate responsibility" for "failure to control measures."
    Regardless of obtaining final certification, the direct benefits of establishing the scope and targets are achieved.