The three pillars of information security

Information security is often perceived to be all about technology. Although technology is a key element in any organisation’s security measures, on its own it cannot protect you from modern cyber threats. Instead, it is one of the three pillars on which an effective and robust ISMS (information security management system) is built.

Let’s look at each of these pillars.

  1. People

Everyone in an organisation must play their part in preventing and reducing cyber threats. This includes having an awareness of how to handle sensitive data, locking computers when leaving workstations, complying with a BYOD (bring your own device) policy and understanding how to spot phishing emails.

Professional cyber security teams need to stay up to date with the latest skills and qualifications. They should also be aware of emerging technologies in the field, which can be incorporated in the information security framework to fight the latest cyber threats.

Cyber security staff who don’t meet these demands affect the organisation’s ability to mitigate and respond to cyber attacks. Our Information Security & ISO27001 Staff Awareness eLearning Course provides employees with a better understanding of information security risks and compliance requirements, thereby reducing the organisation’s exposure to security threats.

  1. Processes

An organisation’s processes define how its activities, roles and documentation are used to mitigate the risks to its information. Cyber threats evolve rapidly, so organisations need to review their processes continuously, so they can adapt to the dynamic environment. However, these processes will be meaningless if staff don’t follow them.

  1. Technology

Once an organisation has identified the cyber risks it faces, the next step is to employ the necessary controls and technologies it needs to minimise those risks. Implementing technological defences can minimise the threats outlined by the risk assessment.

ISO 27001 – the standard that advocates the three pillars of information security

ISO 27001, the international standard that describes best practice for an ISMS, advocates the combination of these three pillars.

By maintaining an ISO 27001-compliant ISMS, an organisation can make sure that every aspect of cyber security is addressed. ISO 27001 compliance is being adopted by organisations across the globe, and is growing at a rate of 19% in the Asia-Pacific region.

Our ISO27001 Do It Yourself Package offers a flexible way of implementing ISO 27001. You can select the package that best suits your needs – whether you’re looking for implementation guides, toolkits, training courses or consultancy.

Find out more about our ISO27001 Do It Yourself Package >>