IS / IT Security

The Facts

Your Key Concern

You are responsible for IS / IT Security Management but you have concerns that you, or your staff, may not be complying with legal requirements, best practice, or they are unaware of organisations policies, standards and procedures. Apart from the commercial concerns, there are other reasons for protecting information. For example, you have a legal obligation to take proper care of personal information entrusted to you. Legislation such as the Data Protection Act imposes individual penalties on those who do not comply with the legal requirements. The publication of the British Standard for information security management (BS7799) provides, for the first time, a benchmark against which the quality of an organisation's controls can be measured.

An Example Situation

A disgruntled employee has had his / her employment terminated. However, management were not aware that the individual could remotely access systems from home. As a result the individual was able to continue to access systems, and because he / she had higher level access than was required for their normal duties, he / she was able to cause considerable disruption to the IS / IT systems in use i.e. removed / change customer information. Subsequent attempts to review the activity of the individual have been hampered. This is because available management / audit trails had not been activated for systems in use. The key problem was that system managers had not been notified employment had been terminated, and therefore steps were not taken to disabled or remove the individual’s access immediately they were dismissed.

Management are concerned other significant security weaknesses exist and you need some assistance in reviewing the overall security arrangements at the organisation.

What FIT Business Solutions can do for you

FIT Business Solutions Limited have extensive experience and knowledge in undertaking information security related reviews. We provide the pro-active reviews to help you with any concerns you have and provide solutions to any current problems. We will discuss with you your concerns and offer a structured way forward. This may take the form of:

• Completion of an independent review of your current IS / IT security approach;
• Assist you with addressing recommendations made by Internal Auditors or reviews completed by other agencies;
• Undertaking a gap analysis between your current position and the British Standard for Information Security Management (BS7799);
• Help you prepare security policies, standards and procedures; and / or
• Providing training to staff regarding Information Security and ways to minimise risk.

Key Benefits for You

There are a number of key benefits from contacting us. These are

• Access to knowledge and experience built up over twenty five years in this crucial area.
• We are responsive to your organisations specific requirements and provide cost effective and appropriate advice.
• Our work with you will take into account any local approved policies and procedures as appropriate.
• Help you implement approved British standards, best practice and where necessary relevant law.
• Help your organisation reduce the security risks to key IS / IT operations.
• Finally our reviews provide excellent value for money and our fees are both affordable and competitive .