Current Situation: Organizations now rely heavily on information systems to manage their business and distribute their products / services. He relies on IT for development, production and distribution in a variety of internal applications. These include financial databases, employee time orders, help desk providers and other services, remote access to customers and staff, remote access to client systems, communication with the outside world via e-mail, and use of the Internet and third parties. third party and application outsourcing distributors.

Business Needs:

Information security is required as part of the contract between clients and customers. Marketing requires a competitive aspect and can build customer trust. Senior management wants to know the status of IT infrastructure malfunctions or data breaches or information occurrences in the organization Senior Information Security and Risk Management Officer (P4). The biggest challenge for information systems is to protect information and information systems that meet business and legal requirements by presenting a safe environment for clients, managing security between competing client projects, and preventing confidential information from leaking.

Definition of Information:

Cyber ​​criminals, hackers, malware, Trojans, fish and spammers are the biggest threats to our information systems. The study found that the majority of those who carried out the coup were IT employees who showed traits, including quarrels with colleagues, frustration and dissatisfaction, work delays, and poor work performance. 86% of cybercriminals have a technical position and 90% have administrator or special access to corporate systems. Natural disasters such as hurricanes, hurricanes and floods can cause crashes in our information systems. Information Security Incidents: Information security events can disrupt organizational routines and processes, reduce shareholder value, lead to loss of privacy, loss of competitiveness, loss of reputation that can lead to brand devaluation, loss of trust in IT, and data corruption. , Stolen, damaged or lost in the event of, loss of profit, failure of safety-critical systems, injury or loss of life.

Some basic questions:

Do we have an IT security policy? Have we analyzed the threats / risks to IT operations and infrastructure? Are we ready to face natural disasters such as floods and earthquakes? Are all our assets safe? Do we believe our IT infrastructure / network is secure? Is our business data secure? Is the IP phone network secure?

Do we configure or maintain application security features?

Do we have a dedicated network environment for application development, testing and production servers? Do we have control over the distribution of software / information? Introduction to ISO 27001: Getting the right information to the right people at the right time in a business can make the difference between profit and loss, success and failure.

There are three aspects to information security:

Confidentiality: Protects information from unauthorized disclosure, possibly by an adversary or suppressor. Integrity: Protects information from unauthorized modifications and ensures that information such as price lists are accurate and complete

Availability:

Make sure information is available when you need it. Ensuring the confidentiality, integrity and availability of information is essential to maintaining competitiveness, cash flow, profitability, legal compliance, commercial image and branding. Information Security Management System (ISMS): Business risk to define, implement, operate, monitor, inspect, maintain and improve information security