Information Security For Business

How Do I Provide Security Solutions?

If your home risk assessment has identified a high level of risk when your house is empty, you may decide to install a burglar alarm.

You will then have to decide on the best type of system to meet your needs and identify a reputable supplier who can provide you with an effective, affordable system.

Similarly, in your organisation these risk assessment principles should be used to help you decide on the appropriate level of protection.

We looked at assessing security risks in the section What security do I need? In this section you will find advice on how you can provide security solutions to help reduce your level of security risk.

A good starting point is the ten key controls in BS 7799. Compliance with these controls will go a long way towards providing your security solutions. We will now look at how to implement the ten key controls.

  1. Information security policy document
    The section How do I develop my security policy? provides advice on this.

  2. Allocation of information security responsibilitiesThe section What roles and responsibilities should I consider? covers this.

  3. Information security education and trainingYou should provide all users, including managers, with appropriate training. This should include specific controls and procedures as well as ensuring that staff understand why security is important, what your policy is, and their own responsibilities.

  4. Reporting of security incidentsYou will need to provide guidance on the actions that should be taken following an incident, including how these should be reported. This topic should be included in your policy and your education and training programme.

  5. Virus controlsThere are two aspects to this control. You should produce a policy forbidding the use of unlicensed and unauthorised software. Secondly, you should use anti-virus software from a reputable supplier on all your PCs and networks.

  6. Business continuity planning processYou will need a process to develop and maintain business continuity plans. You will find that the identification of your security risks that were discussed in the section What security do I need? will help you to identify the vital business functions that you would need to maintain following a disaster.

  7. Control of proprietary software copyingYou will need to ensure that the legal restrictions on the use of copyright material are understood and implemented. You should introduce a policy requiring all staff to comply with software licences.

  8. Safeguarding of organisational recordsYou will probably find that you are doing much of this as part of your compliance with The Companies Act. You should, however, ensure that organisational records held on a computer also comply.

  9. Data protectionPersonal information that is stored or processed on a computer must be registered under the Data Protection Act.

    Further advice is available from the Information Commissioner’s Office (Also formerly known as the Office of the Data Protection Registrar) on: 01625 545745.

  10. Compliance with the security policyYou will need to review your organisation to ensure ongoing compliance with the requirements of your policy. Your information security policy will provide an overall direction for your organisation.

    You will need to support it with standards that set minimum levels and procedures on how to implement these standards.

The next section What further help is available to me? provides details of how to obtain further advice.

Read the next part of the Information Security for Business guide – Further Advice

1 2 3 4 5 6 7 8 9

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>