WHAT IS INFORMATION
Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected
Information exist in many forms
- Paper
- Electronic
- Spoken
OUR RESPONSE
Understand the threats & Mitigate the risks.
Establish security requirements:
- Risk assessment
- Legal, statutory, regulatory and contractual requirements
- Set of principles, objectives and business requirements for information processing that an organization has developed to support its operations
INFORMATION SECURITY MANAGEMENT SYSTEM
ISMS is that part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security
The management system includes organizational structure, policies, planning activities, responsibilities, practices, procedures, processes and resources.
Reference: ISO/IEC 27001:2005
Nowadays, whenever we surf the internet, we are exposed more to severe threats and virus attacks on information assets. There are so many intelligent IT hackers that extract any information we kept in the our network system.
ReplyDeleteIT security has become a priority at organizations’ highest levels. The best practice of Information Security anagement System (ISMS) is ISO/IEC 27001 & 27002 and SOGP (Standard of Good Practice). This SOGP comes from the Information Security Forum's (ISP) practical experiences in the industry.
ISMS through ISO 27001/2 will bring information security under explicit management control.It requires that the management systematically 1)examines the organization's information security risks, taking account of the threats, vulnerabilities and impacts; and 2)adopts a management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.
But so far in the construction industry, there are more emphasis on providing quality management of products and services i.e. ISO9000 and now ISO14000 on environmental management. There is less focus or awareness on this ISMS or ISO27001/2. Unless they are manufacturer/ suppliers of specialist products, bankers, insurance company and government bodies or agencies, ISMS application is necessary to protect the information kept by them.
Just imagine how one oragnization has to adopt all these procedures ISO 9000, 14000 and 27000. It could be marvellous.
Thank you En. Mansor for the knowledge sharing...actually i am new to this ISMS knowledge but is good for us to understand what is ISMS all about and a very good idea of how us to implement ISMS in our organization.
ReplyDeleteWhat i understand regarding this ISMS is that, it is a set of processes and procedures dealing with management of information within an organization. ISMS helping the organization to secure any valuable assets of information.
An ISMS offers a number of significant benefits to both the organization and its customers.
1)It ensures suitable security controls are in place
The intensive risk assessment and other processes involved in implementing the ISMS help to verify that any security controls and strategies are appropriate, cost effective, and prioritized to address the core security needs of the organization.
2)It demonstrates a commitment to security best practice
The existence of an ISMS is a powerful demonstration to an organization's customers of its commitment to information security. Customers can be confident that an ISMS-compliant organization understands and implements industry best practice. Certification of the ISMS provides independent and unbiased evidence of this compliance.
3)It ensures compliance with third party obligations
Many organizations will have external responsibilities with regard to the data in their possession. These may concern privacy, intellectual data ownership, or, in an increasingly regulatory environment, legal issues. An ISMS can greatly assist an organization in the fulfillment of such requirements.
The construction industry in Malaysia has embarked on a new era towards the realisation of SUSTAINABLE and PROGRESSIVE construction. The Government had launched the CONSTRUCTION INDUSTRY MASTER PLAN 2006-2015 (CIMP) initiated by the Construction Industry Development Board (CIDB) Malaysia. Launched with the purpose of gearing up the Malaysian Construction Industry towards GLOBALISATION and COMPETITIVENESS, the CIMP constitutes 7 strategic thrusts which encompass the construction value chain.
ReplyDeleteOne of the strategies, strategic thrust 3, emphasises on striving for the highest standard of QUALITY, OCCUPATIONAL SAFETY, AND HEALTH AND ENVIRONMENTAL PRACTICES.
To keep abreast with development, particularly in relation to the issue of occupational safety and health, CONSTRUCTION PLAYERS should play their roles in consolidating the industry to reach greater heights. Safety in construction must be a priority among the construction fraternity during pre-construction, during construction and post construction.
A holistic approach of safety must be introduced to the construction industry as a strategic way for construction stakeholders to move up to the greater height in future.
It also can be suggested that the most effective techniques of preventing a hazard are:
1)Pre-planning for safety
2)Safety orientation
3)Safety training
4)Written safety policy
5)Certification to the Contractor for successful projects with less accidents.
I agree with you, Fareezan. ISMS is new thing to us. May be En Mansor can apply this ISMS to safeguard our blog from any IT hackers. Just joking...
ReplyDelete