5. Information Handling
Following on from the results of ISBP 2009, the area of 'Information Handling' is one that
clearly needs particular attention. After agreeing the Information Security policy this
will be one of the major focuses of the project. The role of the Advisory Group in this
instance will be to advise on a suitable approach though it is envisaged that this will be
based on identification and analysis of assets and the risks to those assets. This is
necessary in order to decide how best to meet the security requirements laid out in the
Information Security policy. Therefore, as part of the objectives concerning Information
Handling the Advisory Group may look at:
- Appropriate approaches towards risk assessment
- Identification and analysis of risks
- Identification and evaluation for the treatment of risks
The last of these three points will result in analysis of certain technical solutions
(e.g. for encryption of data) and will involve the scoping of any potential
future projects (e.g. provision of certain central services and/or
documentation such as central logging, encryption, incident handling guidelines etc.).
It is currently beyond the scope of this project to actually trial or begin implementation
of any such projects. These may, however, be the subject of future bids that result
from the investigations of ISBP 2010.
Up: Contents Previous: 4. Information Security Policy Next: 6. Best Practice and ISO27001-27002
