-
Notifications
You must be signed in to change notification settings - Fork 1
Project Research
Information Security Management is something that has become very important in the modern world as more and more people and companies value their data privacy and security online. Companies specifically take this very seriously if they would like to comply with the rules and regulations that are set out by various security and online privacy frameworks such as ISO 27001 (Information Security Management Systems), GDPR (General Data Protection Regulation) and the POPI Act. It has in the past proven to be a challenge to keep a handle on data and security measures and it is very important that companies do not have a data breach or unauthorized personnel gaining access to company files or hardware. Thus the opportunity presents itself to be able to streamline their Information Security Management Systems. This project will benefit the company greatly in terms of efficiently managing projects and data scopes as well as keeping track of assets and hardware within the organization. The application will neatly store all the relevant data of users, tasks, data-scopes, risks and assets all in one place. It will also help alleviate admin intensive tasks, repetitive and work tedious tasks, help streamline important workflows and thus allow employees to spend their time on more important tasks within the business.
SO/IEC 27001 stands as the most widely recognized global standard for Information Security Management Systems (ISMS). It outlines the essential requirements that an ISMS must adhere to. This standard, ISO/IEC 27001, offers companies of all sizes and across various industries comprehensive guidance on how to establish, implement, maintain, and continually enhance their information security management systems. Achieving compliance with ISO/IEC 27001 signifies that an organization or business has implemented a system to effectively manage risks pertaining to the security of data under its control, following all the best practices and principles outlined in this international standard.
In an era where cybercrime is on the ascent and new threats emerge regularly, managing cyber risks may appear daunting or even insurmountable. ISO/IEC 27001 assists organizations in developing a heightened awareness of risks and proactively pinpointing and rectifying vulnerabilities. This standard advocates a holistic approach to information security, encompassing the assessment of individuals, policies, and technology. An information security management system built in accordance with ISO/IEC 27001 serves as a tool for risk management, bolstering cyber resilience, and fostering operational excellence.
The General Data Protection Regulation, often abbreviated as GDPR, stands as a significant European Union regulation concerning the protection of information privacy within the European Union (EU) and the European Economic Area (EEA). This regulation is a crucial element of EU privacy and human rights law, with particular reference to Article 8(1) of the Charter of Fundamental Rights of the European Union. Moreover, it presides over the transmission of personal data beyond the boundaries of the EU and EEA. The fundamental objectives of the GDPR are to empower individuals by granting them greater control and rights over their personal data while simultaneously streamlining the rules for international business. Notably, it replaces the Data Protection Directive 95/46/EC and, among various other changes, simplifies the terminology employed in data protection regulations.
The Protection of Personal Information Act, often referred to as the POPI Act or POPIA, has been necessitated by the growing incidents of personal information theft and misuse, emphasizing the importance of safeguarding individuals' privacy rights. The POPI Act establishes the minimum standards for the handling and "processing" of personal information belonging to others. In this context, "processing" encompasses activities like collecting, receiving, recording, organizing, retrieving, using, distributing, or sharing such information. In terms of the Act, personal information encompasses any data that can be used to identify an individual, including but not limited to their name, surname, identity number, contact information, email address, religion, medical history, education, financial details, or any other particulars specific to that person.
International Organization for Standardization. (2022, 10). ISO/IEC 27001:2022. Retrieved from ISO: https://www.iso.org/standard/27001
Western Cape Government. (2021, May). An introduction to the Protection of Personal Information Act (or POPI Act or POPIA). Retrieved from Western Cape Government: https://www.westerncape.gov.za/site-page/introduction-protection-personal-information-act-or-popi-act-or-popia#:~:text=The%20POPI%20Act%20sets%20out,sharing%20of%20any%20such%20information.
Wikipedia. (2023, 10 23). General Data Protection Regulation. Retrieved from Wikipedia.org: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
Please feel free to contact us directly at our email address should you require any further information