Methods Of Information Protection
"Information is an asset that, like other important business assets, is essential to an organization's business and consequently needs to be suitably protected. This is especially important in the increasingly interconnected business environment. As a result of this increasing interconnectivity, information is now exposed to a growing number and a wider variety of threats and vulnerabilities," states ISO/IEC 17799-2005 "Information Technology, Security Techniques, Code of Practice for Information Security Management".
As the standard defines, we protect information by means of:
- Strict information security responsibilities
- Confidential agreements with employees and partners
- Background checks and screening of employees
- Information security education
- Physically secured perimeter and security areas
- Configuration and change management procedures
- Proactive capacity management
- Controls against malicious code
- User access control and monitoring
- Cryptographic controls
- Proactive incident management
Information we receive from our customers and data created during a project are labeled and stored in authorization-required databases and file systems. User access to such information is granted only by our director.
