Information Security
Information is the most valuable asset of most businesses and organisations today. It is also possibly the most difficult asset to control, maintain and retain. Just think of the impact that data loss or theft would have to your business - and if you are in the financial sector . . . .
Information security is the process which organisations use to protect their information. It is required not just to ensure the smooth running of the business but to establish and maintain trust with customers, shareholders and employees, comply with law and protect the reputation of the organisation.
Information Security
Information security should address the following issues:
- Availability - ensuring appropriate access by the designated authorised personnel as and when required
- Integrity of data and systems - free from unauthorised changes that compromise accuracy, completeness and reliability
- Confidentiality of data and systems - appropriate access by the designated authorised personnel only
- Protection - ensuring against data loss
- Accountability - appropriate processes, policies and controls to be able to trace actions to their source
- Assurance - demonstrating that the objectives listed above are actually being achieved.
Risk management is the heart of the information security process. It consists of:
- Context establishment.
- Risk assessment.
- Risk treatment.
- Risk acceptance.
- Risk communication.
- Risk monitoring and review.
RiskAid Enterprise supports the whole process, making the information security risk management task so much easier, by providing:
- A secure, collaborative working environment for all stakeholders
- Risk identification and assessment tools, enabling users to assess risks in terms of potential cost, business delay and any other relevant criteria
- Automatic risk prioritisation, to show where effort is best applied
- Action definition to prevent and/or limit the impact of the risks
- Potential benefits of taking each action
- Tracking of risks to Issues (definitely going to happen) to Incidents (definitely has happened)
- Award-winning mathematics handling all calculations, behind the scenes, giving you the information you need to make sound decisions
- A fully recorded history throughout the life of the assessment to support trend analysis, audit trails - and to cut down the paperwork!
- All the reporting displays needed for managing and reporting on risk
- Private "what-if" scenarios where team members can try out alternatives to find the best solutions, before proposing them for inclusion.
- Award-winning mathematics handling all calculations, behind the scenes, giving you the information you need to make sound decisions
RiskAid Enterprise supports the information security risk processes as defined in ISO/IEC 27005:2008, the US General Accounting Office advice contained in Information Security Risk Assessment - Practices of Leading Organisations GAO/AIMD-00-33 and the guidance from the Federal Financial Institutions Examination Council (FFIEC).
RiskAid Enterprise allows stakeholders throughout the organisation to address risk from their viewpoint and determine the potential benefits of the actions they are taking, against the potential expenditure.
The result can be a pro-active approach to information security risk throughout the organisation, with clearly cost-benefit analysed action plans being executed to maintain information security, coupled with the ability to demonstrate that the information security objectives are actually being achieved.