Using Reflex Disknet Pro to Aid Compliance with BS 7799 & ISO/IEC ...
Using Reflex Disknet Pro to Aid Compliance with BS 7799 & ISO/IEC ...
Using Reflex Disknet Pro to Aid Compliance with BS 7799 & ISO/IEC ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Introduction<br />
Just like any other business asset information has a value, and consequently we<br />
should as organisations look at protecting that most valuable of assets. Having a<br />
recognised standard <strong>to</strong> work <strong>to</strong>ward is both desirable and effective. Since compliance<br />
<strong>with</strong> a recognised standard will clearly identify <strong>to</strong> others that you have seriously<br />
considered the subject in question. The <strong>ISO</strong> (International Organisation for<br />
Standardisation) and the <strong>IEC</strong> (International Electrotechnical Commission) form the<br />
specialised system for worldwide standardisation. Numerous national bodies make<br />
up the membership of these organisations developing and publishing internationally<br />
recognised standards. Gaining accreditation of <strong>BS</strong> <strong>7799</strong> or <strong>ISO</strong>/<strong>IEC</strong> 1<strong>7799</strong>:2000 is<br />
fast becoming the accepted minimal standard for Information Security.<br />
More and more companies are demanding that their suppliers and partners become<br />
compliant, thereby indicating that they have taken credible steps <strong>to</strong> implement<br />
information security. Why is information security required and what is causing so<br />
many organisations <strong>to</strong> sign-up <strong>to</strong> this standard? Confidentiality, integrity and<br />
availability of information are probably the main drivers, which are directly linked <strong>to</strong><br />
competitive edge, cash-flow, profitability, legal compliance and not least commercial<br />
image.<br />
Executive Overview<br />
Since <strong>BS</strong> <strong>7799</strong> was converted in<strong>to</strong> the international standard <strong>ISO</strong>/<strong>IEC</strong> 1<strong>7799</strong>:2000 it<br />
has become almost a prerequisite when implementing information security. This<br />
standard or code of practice covers all aspects of IT including such elements as;<br />
Security Policy, Organisational Security, Physical and Environmental Security,<br />
Systems Development and Maintenance and Business Continuity Management.<br />
The standard is divided in<strong>to</strong> twelve main sections, each section sub-divided <strong>to</strong> allow<br />
all aspects of this vast subject <strong>to</strong> be considered. For any organisation either looking<br />
<strong>to</strong> implement this standard or for those that have already attained accreditation and<br />
require <strong>to</strong> remain compliant, <strong>Reflex</strong> <strong>Disknet</strong> <strong>Pro</strong> offers a software solution that will<br />
enforce policy in six of the twelve main areas:<br />
• Asset classification and control<br />
• Physical and environmental security<br />
• Communications and operations management<br />
• Access control<br />
• Systems development and maintenance<br />
• <strong>Compliance</strong><br />
Investment in information security and it’s formal acknowledgement via <strong>ISO</strong> 1<strong>7799</strong><br />
accreditation is not <strong>to</strong> be taken lightly. Not<strong>with</strong>standing the benefits already<br />
described above, any product which is capable of offering support of this standard<br />
whilst in itself providing further benefits in enforcing policy and security in a uniformed<br />
and manageable way, is worthy of consideration. The remaining pages of this<br />
document illustrate how <strong>Reflex</strong> <strong>Disknet</strong> <strong>Pro</strong> delivers just that.<br />
© <strong>Reflex</strong> Magnetics Ltd 4