What is a security information management system?

In the actual juncture, the information is regarded as essential resources for continuous existence and organization of a company’ activities, the need to secure this information is imperative.

The standard can be used by many types of organizations of various fields: finance, insurance, telecommunications, utilities, trade, services, transportation and more. The standard specifies the processes that enable an organization to implement, monitor and manage an information security management system.

Implementation of information security management system helps identify and reduce critical security risks and to focus efforts to protect sensitive information. Information security is more than the information technology. The goal of information security management system is to provide business development and reduce potential damage by preventing and minimizing the impact of security incidents.

What is  ISO 27001:2013 ?

ISO 27001:2013 is an instrument of protection and control to ensure that the integrity, confidentiality and the availability of information is kept. This standard provides the basis for a Security Management System (ISMS) and is applicable to all organizations regardless of size and business sector.

ISO 27001:2013 provides premises for establishment, implementation, maintenance and improvement of information security management system certified, which gives the top management a process – self-regulating security mechanism, all these leading to an increased information flow that is reflected in quick decision mechanisms, and thus in speeding the processing of several secure information, entailing increasing business opportunities.

The benefits of ISO 27001:2013 system implementation are:

• awareness and control of information / informational risks and of other types of risks;
• proof of security of the information system of an organization to third parties (authorities, customers, partners);
• evaluation of processes within the organization in terms of their safety
• business continuity management;
• cost savings through transparent and optimized structures;
• security as a part of business processes;
• documenting structures and processes on the basis of an internationally recognized standard;
• the possibility of insurance premiums decrease;
• easy integration of ISO 27001 with the quality management system (ISO 9001)..

Myths about ISO 27001:

• Firewall and antivirus software will protect us
• Information security cost will inevitably increase
• The more we know about the work of our network, the more protected we are
• We are not a target for industrial espionage
• Providers of IT products and services offer a security “independent”
• All antivirus software works in the same way
• Information security is a condition that makes the business possible