Information Security: The 10 Commandments of Information Security

Information Security is a vast and complex area which many IT managers get lost in. There is so much to do to protect your business, but not enough time and not enough resources. Abide by these 10 commandment s (written by IT governance experts) and you’ll be well on your way to becoming information security experts.

1. Safeguard your computer.

Be sensible – log off, switch off and shut down your computer, making sure your workstations are clean and secure.

“A clear desk, a clear mind … lock away and securely dispose of confidential data.”
Vicki Whitney, IT Governance Ltd


2. Use strong passwords

Use upper and lower case letters, numbers, punctuation and patterns in your passwords. Oh, and change them every 3-4 months.

“Passwords are like pants. Don’t let others see them, change them regularly, and don’t loan them out to strangers.”
Andy Scanlon, IT Governance Ltd


3. Update and patch your operating system.

Microsoft release hot fixes, patches and upgrades to their software as and when vulnerabilities are identified and they’ve adequately tested the new code.

“There is no patch for human inadequacy.”
Chris Hanwell & Donna Garner, IT Governance Ltd.


4. Have an up-to-date firewall

This will help stop automated hacks on your computer or laptop. Who wants their computer to be a part-time member of a massive zombienetwork used for distributed denial of service attacks, spam distribution or illegal data storing?

“Amateurs hack systems, professionals hack people.”
Bruce Schneier


5. Have up-to-date anti-malware software

Your Internet Service Provider (ISP) should have anti‐virus software installed at its Internet gateway, and this should catch the majority of virus traffic. It is not foolproof and you don’t want to rely on it alone.

“Use an anti-virus to avoid 75,000+ lurking viruses.”
Thejendra BS, author of Disaster Recovery and Business Continuity


6. Act anti-spam

A spam filter is software that tries to sort the spam from the ham: to identify and block incoming spam but let through what you do want to receive.

“Did you know? If you have a Gmail or Yahoo® account, you are already using Cloud Computing. “
Adapted from Above the Clouds: Managing Risk in the World of Cloud Computing.


7. Secure wireless networks

The keys to wireless security are encryption and authentication. A secure WLAN will have addressed both. Small businesses that set up WLANs need to set them up properly.

“Computer security is YOUR responsibility.”
Vanessa Baylis, IT Governance Ltd.


8. Be sensible – don’t take unnecessary risks

Be alert – pay attention – be sensible

“Safety is as simple as ABC: Always Be Careful”
Jamie Titchener, IT Governance Ltd.


9. Back it up

The worst thing that can happen to you is that you lose everything on your computer. This could be because of a major system crash, a major malware intrusion, or some other disaster. You need to have copies of everything available so that you can recover yourself.

“KISS – Keep It Safe and Secure.”
Angela Wilde, IT Governance Ltd.


10. Fix problems as soon as they arise.

The first step is to disconnect your computer from your network. The next step is to have your anti‐virus software run a complete system and disk scan. Close all your programs and run the scan. Wait for, and act on, the results of that scan. Further rules on all these areas can be found in our new pocket guide.

“You could say the greatest threat is not cyberattack itself, but complacency.”
Alan Calder, IT Governance Ltd.


These rules were taken from Ten Rules of Information Security for the Smaller Business, by Alan Calder.

The Standalone ISO27001 ISMS Documentation Toolkit will ensure that all your ISO27001 ISMS documentation is drafted in line with the requirements of the ISO/IEC27001 standard. ISO 27001 is the world’s first and only information security standard, which is recognised worldwide. Using real-world policy and procedure templates makes sense and massively simplifies your progress to ISO27001 certification. Join users around the world who are saving time and money by deploying this toolkit – which has now been used in more than 1,000 organisations.

View more information about this toolkit here>>