Information is one of any organisation’s greatest assets and therefore demands security. Security is a weak link problem, where total security is no better than weakest point in any organisation.

To risk or not to risk your corporate information? This is the question that should be asked within your organisation. Do you put your organisation at risk or do you take action to establish and manage an Information Security Management System (ISMS)? Do you have measures in place to assure the following key aspects of Information Security?

Availability – knowing that your information can always be accessed.
Integrity - knowing that your information is accurate and up to date.
Confidentiality - knowing that your information can only be accessed by those authorised.

According to a recent Business Information Security survey nearly half of the 1,000 respondents reported an information security breach in the last two years. Over two fifths of all sites reported a significant security breach; one in five organisations suffered breaches which they described as either serious or significant; over half of those reporting a security breach felt they could have done something to prevent it. When the reported cost of security breaches was calculated, it came to an average of over £7,000 per breach, although this rises to almost £18,000 for incidences of theft and around £20,000 for sites with 500+ employees.
An Information Security Management System (ISMS) is a management system to establish policy and objectives for information security within the context of the organisation’s overall business risk and the means by which these objectives can be achieved.

BS 7799 Part 2 is a national management system standard, which is a specification for an Information Security Management System (ISMS), which can be used as the basis for accredited certification.

The significance of Information Security to business operations is increasing all the time in line with both internal and external threats to organisations’ data systems. The cost of ‘locking the stable door’ after this particular horse has bolted is likely to be very high for organisations who do not understand the issues and take appropriate action. The development of an effective ISMS will always add value to the business and such an ‘insurance’ cost is likely to be minimal in relation to any potential damage that might be inflicted.

Support Group Consulting has experience in developing ISMS and advising on BS 7799 certification programmes for both private and public sector organisations and can help you to implement an effective ISMS.