| Security Policy |
|
Information technology systems typically contain key corporate information, whose loss or disclosure could spell serious consequences. Therefore, in order to ensure the security of information and communications technology (ICT) systems, it is necessary to design such systems in a manner that reduces possible issues posed by security breaches or undesirable activity by authorized users. In such cases, the goal of security management is to minimize potential losses and enable rapid, efficient problem identification. The standards that apply in Poland in that respect are PN-ISO/IEC 17799:2005 and PN-ISO/IEC 27001:2005. The development and implementation of an IT system security policy can determine the company’s future success. In order to protect their information assets, businesses are increasingly deploying Information Security Management Systems (ISMSs), implemented and certified pursuant to PN-ISO/IEC 27001:2005. This standard defined an ISMS as “that part of the overall management system based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security.” The standard provides requirements for the establishment, implementation and documentation of security controls customized to the needs of individual organizations, and contains a set of goals and safeguards to be utilized in order to mitigate identified risks. Information security should be considered in the context of three attributes, namely:
An Information Security Management System can be implemented in an organization of any type and size, and regardless of the nature of its operations. Furthermore, it is based on the same process-oriented approach as quality management and environmental management systems, making integration with these systems possible. |