At present the technological advance that is being presented brings with it challenges that generate concerns for the top organizational managers, guaranteeing a maximum level of disponibility, integrity and confidentiality of the information handled daily in the organizations is an aspect of great importance that is sought to have into account within the business tasks today.
In the world of networks and communications, there are different threats such as attacks by cybercriminals in search of confidential data of great commercial interest, sabotage, modification of highly confidential information, among others, which are carried out with some economic, commercial, competitive or in order for the attacker to obtain a reputation. But this problem presented does not only affect large companies or organizations with a large infrastructure for its operation, currently neither large and small companies, nor governments or ordinary people are exempt or are not vulnerable to any computer attack, according to the Digiware cybersecurity firm, in the year between August 2016 and 2017, there have been 198 million cyber attacks, according to the company on average there are 542 thousand incidents and the impact of computer damage has generated losses for more than 6 one billion dollars in the country.
Therefore, it is very useful for organizations to implement an ISMS (Information Security Management System) which is based on the ISO27001 standard and establishes a systematic process for protection against any threat that could affect the confidentiality, integrity or availability of information. This system offers the best practices and procedures that being correctly applied in the business environment, provide a continuous and appropriate improvement to evaluate the risks that we face daily, establish controls for better protection and defend our most valuable asset within the organization, information.
In short, an information security management system analyzes and manages the risks that may arise in an entity based on the mission processes, and information assets that an organization has, in order to ensure greater control in terms of the vulnerabilities that may arise, avoiding the materialization of threats that directly or indirectly affect the daily functioning of the organization.
The implementation of an information security management system within organizations based on the information life cycle is of great importance as it provides great benefits such as:
- – It guarantees a high level of confidentiality, integrity and availability of the information handled in the daily tasks in the organization.
- – Access to information will have controls according to levels of security and confidentiality that hinder the manipulation by unauthorized persons.
- – There will be a continuous improvement that generates a continuous evaluation of the current situation and will facilitate the detection of vulnerabilities or security incidents in time.
- – Suppliers, strategic partners and customers of our business will have greater confidence due to the quality and confidentiality generated by the implementation of an ISMS.
- – Guarantees business continuity, an important aspect of business competitiveness.
- – Help to stay out of national legislation regarding the handling of information from suppliers, customers, strategic allies, among others.
- – Differentiating factor that generates a plus before the competition.
Ing. Andrés Felipe Gómez Barbosa
Computer Analyts – Safe Society