« November 2008 | Main | November 2009 »

December 07, 2008

ISO 27001: Information Security

security.jpgWhat a difference the right person makes. During my first year at university I endured some impenetrable lectures on thermodynamics. The text book the lecturer recommended was equally gnomic. A change of course and a year later enter Dr. Hinchcliffe. His lectures were paragons of clarity which made the whole subject seem easy—enjoyable even.

After a period in the UK where CDs, zip drives and laptops containing large numbers of confidential data have been mislaid at a mind boggling rate it is hardly surprising that information security is now at the top of the agenda of many health organisations and their suppliers. I have recently been engaged in work for clients on information security particularly related to the ISO/IEC 27001 and 2 standards.

At the word standard eyes glaze because we assume they are as impenetrable as my first year thermo lectures. But if you want impenetrable try reading some of the books that are supposed to make the subject more accessible for your average manager or board member. They make the standards look like models of clarity.

If you are seeking to review your information security using ISO 27000 as the basis take my advice and read the standards, and, if necessary, get the right person who understands how they are applied operationally to help in any risk assessment and implementation. Don’t waste your money on derivative books.