Security Technology ALONE of any sort, however advanced it might be is not TRUE Security, its even one RISK because of its false sense of security it gives. Complete Security is TECHNOLOGY, PROCESS and PEOPLE.
Every asset in every organization must be protected and information is an asset which must be protected as well. During the evolution of human race the value of information is growing constantly. The higher the value of information the more effectively it must be protected. There are a lot of schemes and mechanisms for information protection. One of the most popular systems that helps organizations to establish information security is the ISMS defined by ISO 27000 standards. The benefits of implementing an ISMS in this case seem obvious.
The ISMS is a system which drives the management of Information, regulates the information flows and builds an environment for information protection. The ISMS is not a single document or even a single process, it is a set of well-organized processes and documents. All the benefits of implementing an ISMS derive from those well organized processes and documentation.
Well organized ISMS helps organizations to identify the assets subject to risks, evaluate and manage these risks in a proper manner, monitor the implemented controls. First of all management should define the scope of ISMS considering the type of the business and the mission of the company, the information assets and the technological infrastructure. The integral part of each ISMS is the Information Security Risk management. It can be either a process separated from the Organization’s overall risk management or integrated in it. The phases of risk management methodology of ISMS are similar to other standards: Risk Identification, Risk assessment and Risk treatment.
Ethiopian Enterprises are fully equipped to do security the right way, we can help you. Contact us.