Homepage
 
 Security
Afficher en franšais ! Login

Information security protection services

Today's information systems contribute significantly to the achievement of company's objectives such as:

  • Productivity improvement and competitive advantage gains
  • Regulation compliance (Basel II, Sarbanes Oxley act ...)
  • Services delivery in accordance to customers' expectations while achieving a defined level of availability and security.

In this context, companies of all sizes must face the challenge of protecting the flux of processed information, as it is necessary to protect other type of corporate property such as buildings and equipment.

The increased reliance on data processing equipment requires from companies extra care to ensure the integrity, availability and confidentiality of the managed informations.

The pooling of information through local area networks, and the necessary interconnection with the outside world generates security gaps and provides new possibilities for spy, pirates, vandals and other malicious individuals or organisation to compromise valuable information or simply to harm your enterprise.

 

Protection methods

Regarding security, there is no magic bullet; each individual situation requires a personalised analysis resulting in adequate protection measures corresponding to a defined level of acceptable risks. The following category of measures can be implemented:

 

  • Technical measures
  • Procedural measures
  • Organisational measures
  • People awareness measures
  • Proper treatment of the contractual and legislative aspects

The Information security and the implementation of coherent security policy are top management ultimate responsibilities. The top management is first in line in case of a damaging security failure.

The ISO 17799 / ISO 27001 standard

The ISO 17799/ 27001 standards are often misunderstood as restricted to "information technology" when in fact they provide an encompassing, structured and systematic approach for the installation of a coherent information security policy. ISO 17799/27001 is a collection of good practices covering the information security legal and organisational aspects. The deployment of a security policy is at the heart of the standard, it is an essential precondition for obtaining a BS 7799-2 compliance certification.

aComm's proposal

The security services proposed by aComm are based on the ISO 17799/27001 methodology as illustrated in the diagram below. The methodology is supported by the usage of a set of information security management tools that integrates with your organisation information system.

 

 

aComm's information security services articulation: