Practical, Cost Effective and award-winning

Business Continuity, Crisis Management & Information Security Solutions

Phone:

0800 035 1231 (Mon to Fri 9am – 5pm)

36B Market Street, New Mills

Derbyshire, SK22 4AA, United Kingdom

What is Information Security

Information security is the preservation of confidentiality, integrity and availability of information.  In other words:Information Security

  • Confidentiality – ensuring the privacy of information, ensuring that ‘information is not made available or disclosed to unauthorized individuals, entities’;
  • Integrity – ensuring that information cannot be amended or incorrectly deleted, and maintains ‘accuracy and completeness’; and
  • Availability – ensuring that information is where you want it when you want it, and is ‘accessible and usable upon demand by an authorised entity’.

Types of Information

In order to be able to protect your information, it is critical to understand the nature of the data and information that is of importance.  This is not usually just client data, despite the tendency to focus on this.  Other elements that could be equally critical will include staff data, corporate information, such as financial, product specifications, supply chain data, and any other information that is essential for the running of the organisation.

Types of information security

Given recent concerns, there is often a tendency for people to focus on ‘cyber security’ but cyber and IT issues are not the only security concerns.  Other critical aspects include physical and environmental, staffing and supplier security, to name but a few.  As an example, do you know what information assets are in all your filing cabinets?

Why do Information Security

You have probably heard of cyber security in the news, and will already have implemented a number of information security practices which will be second nature to you; locked doors, passwords, secret PIN numbers, and other such techniques, and may be wondering why you would need to implement an Information Security process.  However, the implementation of an effective Information Security management system will help you to understand the nature of the data and information that you hold, and the vulnerabilities of that data.

By properly understanding the risks, you will be able to implement effective risk treatment and control, and will be able to monitor the effectiveness of the protective steps that you have taken.  Additionally, you will be able to have a better understanding of the legislative and regulatory regime for you and your key stakeholders, knowing what all parties require for the confidentiality, integrity and availability of their information.

There are additional benefits to adopting a comprehensive information security management system, which may include:

  • Greater confidence for clients and other interested parties;
  • Improved data retention and disposal procedures, resulting in reduced requirements for back-up and archiving;
  • Improved responses to security events and incidents; and
  • Competitive advantage over similar organisations.

Approach

Implementation of effective information security within an organisation may require a change in the culture, with a change in perception that “everything is generally permitted unless expressly forbidden” instead of “everything is generally forbidden unless expressly permitted”.  However, this has to be balanced against information requirements for innovation and productivity.

The implementation of an effective information security management system can be demonstrated through certification to ISO 27001:2013 – Information Technology – Security Techniques – Information Security Management Systems.  Further information supporting the requirements specification can be found in the ISO 27000 series, particularly:

  • ISO 27002 – Code of Practice for Information Security Controls
  • ISO 27005 – Information Security Risk Management

How can Cambridge Risk Solutions Help?

Cambridge Risk Solutions provides a range of services to assist with the implementation of Information Security, and have an experienced ISO 27001 Lead Auditor who can assist with readiness for certification to ISO 27001:2013.

View some case studies of recent Information Security projects.

Further information is available in our Downloads section.

Please ensure that you do not divulge any sensitive data as this webpage is not secure.
* indicates required field

When we decided to go for accreditation to BS25999, we knew we would need outside help. We chose Cambridge Risk because they represented the best balance of professionalism and pragmatism.

more testimonials

  • Business Continuity Planning

    Effective planning that takes into account risk evaluation and business impact analysis, supported by clear and concise crisis management. We work with you to develop user-friendly plans.

  • Business Impact Analysis

    The Business Impact Analysis (BIA) is one of the most important, and least well understood, stages of the Business Continuity Management Lifecycle; we can assist with your BIA.

  • Training and Exercising

    No Business Continuity Management programme is effective without a significant element of training. Moreover, ongoing Crisis Management training and exercising is key. We can provide objective training and exercising.

  • Risk Evaluation and Control

    Risk evaluation and treatment provide a process to identify, prioritise and managing your risks. Cambridge Risk Solutions can assist with risk management for business operational and information security risks.

  • Statement of Applicability

    Which controls do you need to have in place? How do you link your risk assessment process into your SoA? How do you ensure that you have effective controls in place? We can assist with your SoA.

  • Integrated Management Systems

    Management Systems assist with your on-going management, maintenance and continual improvement. We work with you to develop a fully integrated management system, enabling certification to ISO 22301 and ISO 27001.