Information Security encompasses data stored in digital fashion, trade secrets, know-how, intellectual property rights, historical data, information on data access, policies and procedures laid down, compliance & standards established within the organisation, plans and budgets, financial and management data, employee information and so on and so forth.

Information Security includes the organisation's policy on IT Security, Internet Security, Enterprise Data Security, etc.

To put it in other words, it looks at protecting/safeguarding information and Information Systems from anyone including employees, consultants, suppliers, customers and of course, malicious hackers.

How does Information Security Differ from IT Security?

Information security is a broader term than IT Security or Internet Security or Enterprise Data Security. People often confuse information security with IT Security. IT Security is a term which is more concerned with the protection of hardware, software, and a network of an organisation, from the perils of disaster and external attacks i.e. viruses and hacking. It is more to do with the electronic data, and is covered in the IT Policy of an organisation, whereas Information Security policy goes beyond the network and applies to the organisation as a whole.


Who is responsible for Information Security?

Information security should be governed by the exec management through goals, strategies and finally as policies.

Information security is driven from the executive management of the organisation. It is about managing business risk, and is critical that it is incorporated into all aspects of the organisation.

The technological side of Information Security is left to specialists. This includes physical security, logical security, access controls, disaster recovery and business continuity, HR and information management.

Protection of Information Assets

Information Security is all about protecting the confidentiality, integrity, and availability of information.

Do you have information that needs to be kept confidential? Or accurate? Or available?

You likely answered yes if your company has any or all of the following:

- Intellectual property
- Financial data
- Customer data
- Human Resource information
- Business Intelligence
- Compliance obligations
- Future planning information

The lack of security control often has an impact on the bottom line (your profits) which leads to consequences.

Is your organisation at risk?

In order to effectively protect your business, a Security Assessment is required to establish the current security risks. The Security Assesment also identifies the most effective course of action to mitigate the risks based upon your business objectives.

ICT Worldwide's Information Security Assesment provides a comprehensive evaluation of your information security posture based on the ISO/IEC 17799 security standard, which provides best practice recommendations on information security management. We complete a range of security assessment tests and analysis at your site, identify threats and vulnerabilities, and provide a comprehensive report outlining the risks identified, with recommendations for improving the overall security posture. ICT Worldwide also completes a security strategy that clearly defines the roadmap to achieve a secure business infrastructure.

The Information Security Assessment includes:

- Terms of Reference and Project Planning
- Review of Network Security Architecture
- Review of Security Policies & Procedures
- Review of Access Controls and Mechanisms
- Internal Vulnerability Scanning
- External Vulnerability Scanning
- Risk Analysis
- Security Recommendations
- Full Report & Presentation
- Information Security Strategy

To find out more about how an independent Information Security Assessment could be conducted for your organisation contact ICT Worldwide on 09 358 3340 or email info@ictworldwide.com.