ISO27001 Information Security Management Executive Overview
- Posted on
1.1 A reliable state-owned Security business in my country promotes the emphasis on the 3 Ms – Guy, Approaches and Machines, in its safety and security management method. In my view, an additional means of placing it is: the 3 Items – (1) Tough Ware – gain access to control system as well as CCTV and etc, (2) Soft Ware – the protection systems as well as processes, the plan and procedures as well as the (3) Individuals Ware, the Monitoring, the staff members, the clients and the security pressure. Together the three W’s kind the essential whole of the security management in an organization.
2.1 When we talk about Hardware, we are often attracted and also dazzled by the schedule of contemporary and also state-of-art safety devices and also devices using the best in modern technology. Whichever the situation, my view often fixates the actual demand for modern technology – not for technology purpose – to support security. Below, I would certainly try to elaborate my perspective on the deployment of Hardware with some instances from my previous jobs as Protection Supervisor.
2.1.1 As very early as eight years ago, when I used up the post of Security Supervisor with a public listed business, we were checking out the topics of combination and inter-operability of safety and security systems and also devices.2.1.2 Human Resource (HR) desired the access control system to be able to sustain time monitoring and pay-roll feature. There was already research study in the security market of incorporating safety accessibility control system and CCTV system with human resources payroll/time monitoring, supply control as well as delivery features.
2.1.3 The issue of re-laying cables whenever we require to re-configure the accessibility control, CCTV and also alarm system compelled us to look into different other choices such as cordless modern technology, existing telephone and LAN cable television systems. Additionally we selected suppliers who were ever before ready to tailor-make their protection system to utilize whatever existing practical systems to cut down cost in re-wiring and also installation of equipments.2.1.4 My firm was the first among the CD manufacturers to make use of walk-through metal detector matched by hand-held scanners. We were checking into installing RFID chips right into our CD to avoid interior pilferage. Using X-ray machines was likewise explored.
2.1.5 To stop the unauthorized replication of Stampers – the master moulds for replicating CDs and also DVDs; we generated a modern technology to determine the amount of electrical energy taken in to co-relate it with the variety of stampers created. Protection audited the everyday submissions from the Stamper space to tally the variety of stampers produced or NCMR (Non Conforming Material Denies) with the power of power taken in as videotaped in the meter mounted at the duplicating makers.2.1.6 We were studying not just carrying out the documents registering keystrokes in the computer systems used in the Stamper area but having off-site tracking so that the tampering of these data in the end-user website might be found.
2.1.7 Biometrics modern technology was then considered as cumbersome due to the fact that it was sluggish in control accessibility of a lot of workers moving in and out of the restricted areas. Yet, it served in managing access to small premises such as the stamper lab, MIS and also WIR storage room, and accessibility to delicate computer workstations.2.1.8 To regulate the seasonal problem of piggybacking at the main entrance/exit factors, we not only use CCTV insurance coverage but likewise set up turnstile with accessibility control.
2.1.9 We used computer system with the currently out-dated universal product code innovation to track the manufacturing as well as disposal/destruction of stampers, together with hands-on recordings.2.1.10 We made use of the accessibility control visitors and also border CCTV cameras to change the guard clocking system. Not only we reduced price on acquiring as well as preserving different clocking system yet the use of motion identifying CCTV and access control viewers were effective in keeping an eye on the guards on patrol in the properties.
3.1 My exploration of the subject Software is extra inclined in the direction of providing the safety and security audit and consulting services. Neverthless, I am convinced that it is also suitable to those security specialists who handle safety within business as well as industrial organisations. I feel that more proactive technique and resourcefulness, as well as the deep understanding of the industrial needs are crucial ingredients if we are to prosper in this rapid altering location of interfacing IT, modern technology and also safety. In this respect, it would be best if a safety and security monitoring company has in its steady hands-on experts of Protection Management that are not only clever however additionally reasonable and also sensitive to the dominating market needs in general and also customer requirements in certain. We offer only what our consumers wish to acquire.
3.2 In the real business feeling, much more credible security administration business in my nation Singapore have yet to establish a domain name for itself as a supplier of Total/One Quit protection solutions and also services. The commonplace impression of some top notched safety and security business is that they are companies that provide uniformed armed as well as unarmed guards. I recommend the concept that there ought to much more room to surpass the harmony within these organizations. Usually, there are the unpleasant uncertainties that each inner arm of the protection administration companies focus much more on its own sectional interest and also complete versus each other for the limited inner sources, which often the right hand does not recognize what the left hand is doing.
3.3 I use the instance of one security Administration Firm which I had actually as soon as offered. In its set-up, there is a Protection Consulting (SC) Department, which has for years labored under the stigma that it is a money losing entity. Checked out from a much more rejuvenating perspective, why can not SC be considered a door opener to other services rather? With SC, which secures the beachheads, their customers must be made known of various other safety and security services readily available within its moms and dad organisation. It is commonsensical that a Protection Audit would certainly cause recommendation and also execution where other solutions are additionally offered. Consultants ought to not really feel ashamed or really feel that they have to be impartial when it comes to selling various other solutions supplied by their own firm, gave these services are additionally as much as the competitive mark vis-à-vis other competitors in the market. Instance, SC can help market the debugging solutions of its examination arm in their security consultancy deal with their customers. (Vice versus, Investigation attire in its business instigation jobs might additionally recommend to their Customers to use up security audits provided by SC).
3.4 Security Consultancy on its own need to also be highly attuned to the demands of the consumers, and also avoid offering the impression that they are guilty of applying industrial layouts. In my experience, as an example, some customers – contract suppliers – are driven by their principals to have sound and thorough safety and security management program to secure their services and products. Microsoft with whom I had handling my previous task is one such example where it has a strict set of security need implemented on its contract suppliers, which are additionally subject to periodic pre-informed and also shocked protection audits. Visa, the various other example, has additionally a very professional set of certification programme for its suppliers so much so it has actually become a reputation in the market to have a VISA certification (for which an annual cost of US$ 45K is chargeable by VISA). In relevant blood vessel, some clients are utilizing safety and security as a pressure multiplier in marketing its services – particularly in the IP relevant fields to amass even more sales from their principals. This is an additional dimension we should attend to as opposed to the traditional protection preventative as well as safety strategy that is extra slanted towards counter intruders/external hazards.
3.5 An additional point, which Safety Working as a consultant needs to remember, is the need to pay some attention to work or manufacturing procedures of the customers in evaluating as well as recommending them safety programmes. Below is where oft-used protection templates are insufficient to serve the purpose. The specialists in their initial risk evaluation has to critically recognize, define and also focus on the safety susceptabilities of their clients’ companies – whether they are from within or without, as well as recommend and also design the safety solutions as necessary. A lot of the time, the problem comes from interior – staff member thefts, sabotage as well as various other occupational misuses but generally the referrals wrongly focus on protection against intruders. As well as in considering the safety defense of the product or services, focus has to be clear regarding whereupon of making process the product assumes a street worth and also comes to be susceptible to be stolen. One example of protection recommendation in relation to item cycle or production process is the intro of tourist’s log which monitor the circulation of the products from one indicate the various other, documenting and also validating their correct handing as well as taking over at each terminal. The other is to give attention to the handling and disposal of NCMR – non-conformance Material Turns down or throws away.
3.6 An effective security administration program is never complete without a thorough set of protection guidebook – encapsulating all the safety and security policies and also detailing the security treatments. As a result the preliminary crafting of this manual is necessary as it is intended to offer the connection of the whole safety administration programme throughout the lifetime of the organization regardless of the adjustments in safety and security management and also workers. Additionally, the hand-operated requirements to be constantly examined and also updated to meet modification and brand-new difficulties in running atmosphere. All decisions that influence safety and security application as well as implementation made during meetings should be plainly recorded filed and any place possible reflected as changes or amendments to the existing safety guidebook which contain the plans and treatments. This is essence is the Software facet of Security.
4.1 As well as, it is frequently individuals Ware that creates the whole security administration system to crumble, despite the accessibility of the very best Hardware and Software. In my application of safety and security in my previous firm, to deal with the troubles caused by the aspect of People Ware, I put a great deal of stress on the following: –
4.1.1. Safety and security has to be fully supported by Monitoring – suggesting there is rather a direct line of reporting between the Security Management and also the Senior Management. (I reported to the chief executive officer in my previous tasks as Protection Supervisor).
4.1.2. There must be a sense of ownership among the exec degrees – the head of departments – when it comes to application of safety. For example, in my previous firm I implemented weekly security as well as ops co-ordination conference where the Heads of Department were made to discuss safety and security concerns as well as recommend protection procedures. (I really piggy-backed the safety and security portion on the regular ops conference by making the GM of the plant to chair it otherwise I would never ever achieve success in getting all the Dept Heads with each other to discuss safety associated issues.).
4.1.3. Security recognition programs are consistently held to share them to the staff members, for instance in alignment and induction programmes for new staff member’s safety and security instruction is necessary, besides regular postings of notices as well as safety posters.
4.1.4. The Safety and security force – be it the in-house officers or agency hirees, or a matrix consisting of both – should be extremely motivated and also trained to enforce the security treatments and actions. There is close hand guidance of the Security pressure as well as routine dialogues with the Company reps to ensure that the workforce is maintained excellent problem.
4.2 In offering of security manpower solutions, customers are usually controlled by the need to resource for least expensive cost initially. Yet with all-time low costs, customers have to be made to recognize that they are not getting quality services. After that they CISM certification will quickly realize that they would need to birth the aggravation of having to change safety and security agencies every now and then when they are found lacking in their solutions or providing sub-standard workforce. So, we require to enlighten client that for a costs over the remainder of the various other service providers they are obtaining value for cash solutions – trained and also trainable men, minimal disruption caused by absenteeism, and also a round-the-clock open line of ground communication with monitoring agent of the safety and security force. Easier stated than done? From my experience, having actually depended on both sides of the fencing, as a security guard company driver as well as safety and security supervisor, the essential number is the middle level manager and supervisor. For, the high quality of the guard pressure is ever predictable and also restricted by the supply swimming pool throughout the safety and security market. It is the operation exec, the manager or the ground agency supervisor that make the distinction – desire to maintain an excellent ground connection with their customers, reacting quickly to their needs and having great ingenuity in encouraging the guards as well as juggling the numbers to meet shortage and quandaries.
4.3 So, the focus must hinge on not frantically securing brand-new contracts, and shedding them as quick as you would certainly capture them. Rather, the effort needs to be improved securing existing work, combining and also surpassing them so that the clients would continue to engage the solutions in spite of higher price. Only after that, with credibility as well as integrity build up, new agreements could be earned.
4.4 When I was in the States attending the AMD Protection Manager workshop, the expertise as well as wise turn out of the firm protection pressure impressed me. I felt that they took pride in their work and also recognized very closely with the company – AMD – that involved them extra as contract team. The response I found out later on depended on a sound monitoring approach translated into practical ground implementation which they happily called “partnership programme”. Under this program, the guard force were dealt with as if they came from AMD – discrimination in between them and regular workers were reduced and also they were made to join sporting activities as well as well-being programmes of the firm. And also, back in Singapore, exercising from my end as Safety Supervisor, I attempted to mimic this programme with the guard force provided by the Company in both type and also material. It worked to a certain extent as I took care of to retain one single firm for years and had a couple of loyal guards who picked to remain in their message over long term period. Example: when I took over I re-designated all safety and security personnel from security guards to gatekeeper, also relabeling the guard message as security message. This was a true morale booster, as well as served well to push them to be extra pro-active in examining staff members, and devoted to their duties as well as features.