The Need for ISMS

Published under Risk Management

Security experts say and statistics confirm that:

  • information technology security administrators should expect to devote approximately one-third of their time addressing technical aspects. The remaining two-thirds should be spent developing policies and procedures, performing security reviews and analyzing risk, addressing contingency planning and promoting security awareness;
  • security depends on people more than on technology;
  • employees are a far greater threat to information security than outsiders;
  • security is like a chain. It is as strong as its weakest link;
  • the degree of security depends on three factors: the risk you are willing to take, the functionality of the system and the costs you are prepared to pay;
  • security is not a status or a snapshot but a running process.

These facts inevitably lead to the conclusion that:

Security administration is a management and NOT a purely technical issue

Therefore the establishment, maintenance and continuous update of an ISMS provide a strong indication that a company is using a systematic approach for the identification, assessment and management of information security risks. Furthermore such a company will be capable of successfully addressing information confidentiality, integrity and availability requirements which in turn have implications for:

  • business continuity;
  • minimization of damages and losses;
  • competitive edge;
  • profitability and cash-flow;
  • respected organization image;
  • legal compliance.

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more