Our Objective
Information Security (InfoSec) is a complex subject. It spans and affects every part of the organisation and can change the way an entire organisation, division, department functions; or can change the way an entire business operates.
Having seen many different security implementations or how different organisations interpret information security requirements. I felt there was a need to ensure a clear definition of Information Security was made available for all. It is this reason that this website was established – to share information on security. It is not intended to have all the answers, but just help those who are looking for the first time to understand Information Security and hopefully point them in the right direction.
We hope this website is useful and is used as intended – a simple reference point where we in the industry can share our information wealth.
Upon completion of the web site tour, you should come away with a reasonable level of knowledge – and able to demonstrate:
- Knowledge of the concepts relating to InfoSec management (including confidentiality, integrity, availability, vulnerability, threats, risks and countermeasures)
- Understanding of current legislation and regulations which impact upon InfoSec management in the UK (and USA);
- Awareness of current national and international standards, frameworks and organizations which facilitate the management of InfoSec (ISO27001, PCIDSS, COSO, SOX, SB1386, HIPPA, COBIT, ITIL, ISO9001);
- Understanding of the current business and technical environments in which InfoSec management has to operate;
- Knowledge of the categorisation, operation and effectiveness of controls of different types and characteristics;
- Business benefits, ROI, justification for InfoSec.