services
products
Management systemsInformation security is often misinterpreted as IT security. While IT security is its essential element, Information security is a much broader term which covers other security aspects such as physical security, contractual requirements, regulations, human resources, business continuity management etc.
Due to its complexity, Information security requires implementation of effective management processes based on a risk management approach and aligned with organization’s business objectives.
Moreover, regulations which have arisen from serious mistakes in the past and which require risk management processes to be in place are also an important driver for the implementation of Information security management systems. In the US, SOX (Sarbanes-Oxley Act of 2002) is already in place, while in the EU similar regulations are required only in the banking sector through Basel II accord (EU directive CAD 3). Within several months time it is expected that the EU will also accept similar regulations which may be even more restrictive than SOX, and will cover other business segments.
Besides the regulations mentioned above, Information security management process is also defined by the ISO/IEC 27001:2005 standards „Information technology -- Security techniques -- Information security management systems -- Requirements“ and ISO/IEC 17799:2005 „Information technology -- Security techniques -- Code of practice for information security management“.
Understanding the importance of the Information security for business, INFIGO IS is offering the following consulting services to our clients:
