The Need for ISMS

Published under Risk Management

Security experts say and statistics confirm that:

  • information technology security administrators should expect to devote approximately one-third of their time addressing technical aspects. The remaining two-thirds should be spent developing policies and procedures, performing security reviews and analyzing risk, addressing contingency planning and promoting security awareness;
  • security depends on people more than on technology;
  • employees are a far greater threat to information security than outsiders;
  • security is like a chain. It is as strong as its weakest link;
  • the degree of security depends on three factors: the risk you are willing to take, the functionality of the system and the costs you are prepared to pay;
  • security is not a status or a snapshot but a running process.

These facts inevitably lead to the conclusion that:

Security administration is a management and NOT a purely technical issue

Therefore the establishment, maintenance and continuous update of an ISMS provide a strong indication that a company is using a systematic approach for the identification, assessment and management of information security risks. Furthermore such a company will be capable of successfully addressing information confidentiality, integrity and availability requirements which in turn have implications for:

  • business continuity;
  • minimization of damages and losses;
  • competitive edge;
  • profitability and cash-flow;
  • respected organization image;
  • legal compliance.
Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies