Whether we like it or not, it is a simple fact that crime is becoming more and more sophisticated and that criminals tend to be a step or two ahead of what either we as individuals are doing or even the large, multinational corporations’ activity. Criminal activity has moved on from running into a bank with a sawn off shotgun and demanding the safe be emptied. Indeed, you’re more likely to get away with a bounty in the modern world by hacking into a business’ computer system for either employee or company information and attempting a fraudulent scheme in that respect.
ISO 27001 is an information security management system which is designed to secure business from the threats associated with such criminal activity. It is important to note that it isn’t just computer criminals who are able to hack into complex networks; governments around the world are continuously launching so called “cyber attacks”, and it is rumoured that the United States and United Kingdom governments have used such tactics as a means to attempt to derail Iran’s nuclear programme.
Safe in the knowledge
ISO 27001 brings together a large number of security policies under one banner, enabling businesses to keep fresh records of their security activity and be pro-active in dealing with any threats, providing they maintain their information security systems fully. An important aspect of ISO 27001 is that it makes clear that the responsibility for information security lies with all members of an organization at every level. Numerous high profile exposures of information security in the past have occurred on account of team members believing this is solely the responsibility of the information technology department thus not giving any problems the required attention.
Keeping customers happy
With a business which has been certified as ISO 27001 compliant, both customers and corporate clients can be a lot happier that their information is secured and unlikely to be accessed by any unauthorised third party. What can be done with stolen information can differ wildly. Some smaller time scams may use the information to collect phone numbers, either to cold call homes offering “free prize holidays” or to sell them on to similar organisations and sales firms for a reasonable sum of cash. Others may take part in identity theft, again with high profile previous cases seeing people threatened with legal action for having racked up thousands of pounds worth of debt that they didn’t actually incur themselves.
Please note that this is a guest post by ISO27001Standard.com.