IT Security

With the rise of global computer-related crime and security breaches, it is important that organizations follow best practice guidelines to ensure that their systems are not compromised by electronic attacks. The risk of electronic attack is greater when computer systems are connected directly or indirectly to public networks such as the internet. An electronic attack could:

• allow the attacker to gain access to your computer system and modify your information
• insert malicious software (eg viruses, worms, Trojans)
• allow the attacker to see restricted information
• make your systems impossible to use.

The following BS European and International standards and publications give recommendations on the management of Information Technology security.

BS 7799-3:2006
Information security management systems. Guidelines for information security risk management

Identifying, evaluating, treating and managing information security risks are key processes if businesses want to keep their information safe and secure. Whilst these processes are specified in the information security standard BS ISO/IEC 27001:2005, further guidance is required on how to manage these risks as well as to put them into context with other business risks.

Securing Email and Electronic Messages BSI order ref: BIP 0020:2008	BS ISO/IEC 27005:2008 Information technology. Security techniques. Information security risk management
BS ISO/IEC 27001:2005 Information technology. Security techniques. Information security management systems. Requirements	Complete ISMS BS ISO/IEC 27001 documentation toolkit CD-ROM. Including The Manager's guide to data security and BS 7779/ISO 17799 BSI order ref: BIP 0026:2006