Probably the article “What is information security ?” should have been the first post on this blog. Information is a collection of meaningful data and we consider it as being a very important asset. Like any assets, it’s got a value for you (as the owner). The problem starts here. If it’s valuable to you, then it will probably be for a third party as well. Think for example of your list of clients and their purchases of products or services in relation with you. It surely has some value to your competition. If they can get hold of this information they might try to acquire some new business from you. That is why some protection needs to be in place. The CIA triad describes a fundamental security model with regards to the basic goals of information security. Continue reading
I am going to talk, actually write, about the CIA triad. I am not going to discuss about some Chinese underground society in a joint venture with a three letter agency (secret service). CIA triad refers to an information security model made up of three principles: confidentiality, integrity, and availability.
Information needs to be secret to a non-intended and non-authorised party. It is perhaps the most common view towards information security. We usually refer to this aspect when we talk about security. You have to agree that having confidential health records is absolutely taken for granted. Or your credit card details. Both have to be private to avoid unpleasant situations. Below, I managed to find (and it was really easy) Continue reading
After answering the question “What is ISO 27001?”, you might want to know more about ISO 27001 controls and objectives. These are listed Annex A of the standard where you can find 133 controls and 39 control objectives. For those of you who don’t know, a control is a measure to deal with an unwanted event. For example, let’s say the organisation has very sensitive information on a salesman’s laptop. They consider the risk of data breach unacceptable, so they implement cryptographic controls. This will ensure that if a memory medium is lost (e.g. the notebook’s hard drive), at least it has a layer of protection and they won’t Continue reading
What is ISO 27001 ? ISO/IEC 27001:2005 – Information technology – Security techniques – Information security management systems – Requirements (commonly known as ISO 27001) is a set of best practices that defines a certifiable information security management system (ISMS). The framework establishes the general principles to initiate, implement, maintain and continually improve an ISMS within the organisation. Compliance with ISO 27001 will assure the organisation that it addresses issues in a holistic manner. More important, it will assure its clients and partners that information security is regarded as an important subject.