ISMS Archive
The Realtime IT Compliance blog carried a significant post the other day – the first signs of US civil lawsuits against companies losing customer data. In this case, it is a $54 million claim against Best Buy for losing a …
Businesses and organisations operating within the United States face particular challenges when it comes to regulatory demands. This is keenly felt in the area of information security, where it is necessary to satisfy a complex web of regulations. ISO 27001 …
The increasing incidence and serious nature of internal threats to the security of corporate information is well demonstrated by the recent need for Cable & Wireless to injunct a former executive to hand a 100,00-strong customer database back to her …
In his ComputerWeekly blog David Lacey gives welcome airtime to the need for ISO security certification to be the cornerstone of an enterprise security programme. With organisations like Camelot, Misys, Nokia, The Co-operative Bank, COLT, Serious Fraud Office and Halifax …
One of the great virtues of an information security management system is that it helps steer you around the pitfalls of your own preconceptions. By having a rigorous process that reaches across the organisation and involves people at every level …
ZDNet reports that new research from IDC is predicting a sixfold increase in the amount of digital information created over the next four years, which could have serious implications for compliance and IT departments. The report, entitled ‘The Expanding Digital …
As this post by Michael Farnham at Computerworld highlights, many more companies are likely to be attacked in 2007 and too few are implementing robust procedures to counter this. As he says: “It comes down to whether or not companies …
Confirmation from PriceWaterhouseCoopers that small and medium-sized firms are underinvesting in IT security and suffering for it. PWC calls the difference in preparedness between large and smaller companies ‘a tale of two cities’, which seems pretty apt. As they say, …
The FSA Handbook sets out clear requirements for the management of information security within its regulated sectors. The requirements are best met by implementing and maintaining an ISMS that meets the ISO27001 standard – ISO27001-certification is clear evidence that the …
Yoo Cheng Hwee told a HCMC conference on information security that more than 80% of of companies trying to implement an ISO 27001 ISMS had failed because they thought of the exercise as a one-off investment, rather than just the …