Information is an asset which, like our other important business assets, has value to an organization and consequently needs to be suitability protected. Information security protects information from a wide range of threats in order to ensure business continuity, minimize business damage and maximize return on investments and business opportunities. Confidentially, integrity and available of information may be essential to maintain competitive edge, cash-flow, profitability, legal compliance and commercial image.  

Increasingly, organizations and their information systems and networks are faced with security threats from a wide range of sources, including computer-assisted fraud, espionage, sabotage, vandalism, fire or flood. Sources of damage such as computer viruses, computer hacking and denial of service attacks have become more common, more ambitious and increasingly sophisticated.

Organizational motives for information security should support primary business objectives; they should not be an afterthought. For some organizations, such as those requiring high degrees of assurance, ISO-17799 certification may become mandatory. To other organizations, certification may be a marketing tool.

What are the main objectives of ISO 17799?

As defined by ISO-17799, information security is characterized as the preservation of:

• Confidentiality - ensuring that information is accessible only to those authorized to have access.

• Integrity - safeguarding the accuracy and completeness of information and processing methods.

• Availability - ensuring that authorized users have access to information and associated assets when required.

Information security is necessary to:

• Comply with applicable laws and regulations

• Demonstrate due diligence

• Help prevent loss and thus increase profit

• Protect the organization from liabilities related to security negligence

• Enhance and support customer reputation

Benefits of ISO-17799

Information security is always a matter of trade-offs, balancing business requirements against the triad of confidentially, integrity and availability. The information security process has traditionally been based on sound best practices and guidelines, with the goal being to prevent, detect and contain security breaches, and to restore affected data to its previous state. ISO-17799 offers a benchmark against which to build organizational information security. It also offers a mechanism to manage the information security process.

ISO-17799 is a comprehensive information security process that affords enterprises the following benefits:

• An internationally recognized, structured methodology

• A defined process to evaluate, implement, maintain, and manage information security

• A set of tailored policies, standards, procedures, and guidelines

• Certification allows organizations to demonstrate their own and evaluate their trading partner’s information security status

• Certification shows “due diligence”

ATIBA has a team of experienced professionals available to assist you in establishing a comprehensive information security process that will help your organization demonstrate its dedication to protect customer information and in some cases compliance to applicable laws and regulations.