prolateral tel +44 (0)8450 763 760
fax +44 (0)8450 763 761		    
Company Services Products News Partners Legal  
 
Services AntiSpam Information Security Forensics eCommerce Support ISO17799  

Break Down
FAQ

ISO17799 - Broken Down

Business Continuity Planning

To counteract interruptions to business activities and to critical business processes from the effects of major failures or disasters.

System Access Control

The objectives of this section are:

  1. To control access to information
  2. To prevent unauthorised access to information systems
  3. To ensure the protection of networked services
  4. To prevent unauthorised computer access
  5. To detect unauthorised activities.
  6. To ensure information security when using mobile computing and tele-networking facilities

System Development & Maintenance

The objectives of this section are:

  1. To ensure security is built into operational systems
  2. To prevent loss, modification or misuse of user data in application systems
  3. To protect the confidentiality, authenticity and integrity of information
  4. To ensure IT projects and support activities are conducted in a secure manner
  5. To maintain the security of application system software and data.

Physical & Environmental Security

The objectives of this section are:

  1. To prevent unauthorised access, damage and interference to business premises and information
  2. To prevent loss, damage or compromise of assets and interruption to business activities
  3. To prevent compromise or theft of information and information processing facilities.

Compliance

The objectives of this section are:

  1. To avoid breaches of any criminal or civil law, statutory, regulatory or contractual obligations and of any security requirements.
  2. To ensure compliance of systems with organisational security policies and standards.
  3. To maximise the effectiveness of and to minimise interference to/from the system audit process.

Personal Security

The objectives of this section are:

  1. To reduce risks of human error, theft, fraud or misuse of facilities
  2. To ensure that users are aware of information security threats and concerns, and are equipped to support the corporate security policy in the course of their normal work.
  3. To minimise the damage from security incidents and malfunctions and learn from such incidents.

Security Organisation

The objectives of this section are:

  1. To manage information security within the Company
  2. To maintain the security of organisational information processing facilities and information assets accessed by third parties.
  3. To maintain the security of information when the responsibility for information processing has been outsourced to another organisation.

Computer & Network Management

The objectives of this section are:

  1. To ensure the correct and secure operation of information processing facilities
  2. To minimise the risk of systems failures
  3. To protect the integrity of software and information
  4. To maintain the integrity and availability of information processing and communication
  5. To ensure the safeguarding of information in networks and the protection of the supporting infrastructure
  6. To prevent damage to assets and interruptions to business activities
  7. To prevent loss, modification or misuse of information exchanged between organisations.

Asset Classification and Control

To maintain appropriate protection of corporate assets and to ensure that information assets receive an appropriate level of protection.

Security Policy

To provide management direction and support for information security.