Information Security Principle 9

Principle 9 - Ensuring a comprehensive approach to information security management 

As soon as employees see terminology like “information security” their immediate reaction is that this is IT-related and therefore only belongs in the IT Department. Information security involves all areas of your business.

Your information assets will not only reside in your IT department.  Your information assets are all over your business.

So when developing and implementing your systems, be sure to highlight the fact that information security is across the whole organisation.  From top to bottom and for everyone in between.

Therefore take a comprehensive approach to everything you do when creating your information security management system.

That doesn’t mean documenting everything and anything.  It just means that you need to consider your whole organisation and everyone that works there, including your suppliers and your contractors.

Learn More:

1. Information Security - Principle 1 - Analysing the Protection of Your Information and then Applying Controls
2. Information Security - Principle 2 - Awareness of the need for information security
3. Information Security - Principle 3 - Assignment of Responsibility for Information Security
4. Information Security - Principle 4 - Incorporating management commitment and the interests of stakeholders
5. Information Security - Principle 5 - Enhancing Societal Values
6. Information Security - Principle 6 - Risk assessments determining appropriate controls to reach acceptable levels of risk
7. Information Security - Principle 7 - Security incorporated as an essential element of information networks and systems
8. Information Security - Principle 8 - Active prevention and detection of information security incidents
9. Information Security - Principle 10 - Continual reassessment of information security and making of modifications as appropriate