With the recent events of hackers attacking networks, companies moving from paper, to digitization of servers and their tendency to gather information in the cloud, the absolute need to take care of and pamper critical information of organizations becomes more evident , and the importance of information in companies is of absolute relevance. Whether through legal obligations, such as the Organic Law on Data Protection or LOPD, or the usual news about security breaches of companies with the consequent exposure of personal data and diverse information, we are constantly reminded of the importance of establishing a correct management of the information available and implement adequate security measures.

Along with physical security, companies have at their disposal a large number of tools that help them improve the management of the information they have available and that we will briefly explain next.

The importance of a correct management of information security.

Information is one of the most valuable assets of the company, so it must establish measures to ensure its management effectiveness and safety.

The management of information and its correct security are current issues for both users and public and private companies. In the case of companies, for many years, they are clear that information is one of the most valuable assets of the company because if it were lost or modified by an external action unrelated to the performance of the company, it would not only entail economic problems or management difficulties but would also greatly damage the image of this.

Although many companies are already beginning to understand this importance and the need to use systems that allow them to secure information, they implant, in my opinion, half-baked systems. That is, they adopt physical security systems such as backup copies, access controls, video surveillance, alarms, antivirus, fire-fighting systems, etc. However, they also forget to adopt information management systems that allow them to control, preserve and properly manage this existing information. That is, they focus more on the computer security of the supports where this stored information is located, than the security of the information itself.

I do not mean by this that the companies do not have to establish systems of computer or physical security but it can not be the only thing that they realize since the multiple risks to which they are exposed must be taken into account at the time of establishing the systems of adequate security that will maintain the essential information on which the management of the company is based and all its management and processes, properly managed and maintained in an efficient manner.

To achieve this, companies have at their disposal effective tools that we will briefly indicate below.

Tools for the effective management of information.

Among the various existing tools we will highlight some of them below:

The first of them and one of the best known is the ISO27001 standard. This standard is the perfect tool for those companies that wish to adequately manage and protect the information they have, as it provides the basis for evaluating physical risks and allows effective controls and processes to be established to safeguard information. The ISO 27001 standard follows an approach based on Deming’s widely known circle of Planning – Doing – Checking – Acting and allowing it to be effectively adapted to other systems that may be previously or subsequently implanted in the company as a QMS of the ISO 9001
The UNE Standard – ISO / IEC 38500, Corporate Governance of Information Technology (IT), provides, as the norm itself says in its document, “guiding principles for the administrators of organizations (including owners, members of the board , directors, partners, senior executives or similar) about the effective, efficient and acceptable use of Information Technology (IT) in their organizations “.
The Standard UNE-ISO 22301: 2013, Protection and safety of citizens. Management System for Business Continuity (SGCN). Specifications, refers to the management of business continuity and, as the document says, “specifies the requirements for planning, establishment, implementation, operation, supervision, review, maintenance and continuous improvement of a documented management system, so that the business is protected against disruptive incidents, as well as reduce the probability of occurrence of these, be prepared against, respond to and recover from them when they occur. ”
Finally, we can not not comment on the UNE-ISO / IEC 20000-1: 2011, Technology

The criticality of the management of information security in companies

Uso de cookies

Este sitio web utiliza cookies para que usted tenga la mejor experiencia de usuario. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies, pinche el enlace para mayor información.

ACEPTAR
Aviso de cookies