ICAEW.com works better with JavaScript enabled.

The ICAEW Guide to information security

Archived content

This page has been archived because it is no longer current information but is still relevant, or it is current but over 12 months old
  • Publish date: 29 July 2014
  • Archived on: 29 July 2015

Information security, including cyber security is concerned with protecting the information assets of an organisation. It aims to ensure the confidentiality, availability and integrity of information and good information security underpins the effectiveness and value of IT systems.

The information assets of an organisation are its data, in any form, whether physical or electronic. Defending those assets from threats such as unauthorised access, use or destruction, whether internal or external, deliberate or accidental is a key component of an organisation’s risk management planning.

Historically, information security management systems addressed employee behaviour and focused on internal policies, procedures and controls. Issues of cyber security now force the adoption of policies that expand the scope of internal controls and deal with the increased risk of threats from outside.

ICAEW’s Audit Insights into Cyber Security highlights the fact that Potential threats now come from around the world and can involve organised criminals, corporate spies and hacktivists, as well as disaffected or careless employees. Also:

  • Security weaknesses can be found throughout a supply chain, not just within a single business.
  • The impact of security failures can extend across every aspect of a business, including disruption of operations and customer service, interference with production control systems, damage to brand and reputation, theft of intellectual property or commercially sensitive information and regulatory fines.

The international standard ISO 27001 sets out the requirements for creating an information security management system. ISO/IEC 27002:2013 offers guidance on the associated information security management practices including the selection, implementation and management of controls.

The ICAEW’s IT Faculty maintains a resource centre providing a focal point for ICAEW members looking for support in managing cyber risks, including links to thought leadership reports such as Cyber-Security in Corporate Finance and 10 Steps to cyber security for the smaller firm.

Your gateway to resources for business

Access a range of business-focused support, advice and information from a range of sources in our business resources area. If you’d like any further information on this topic or to give any suggestions or feedback on how we can improve your membership, please get in touch: business.members@icaew.com