DTI: Firms need secure IT system
The Department of Trade and Industry’s Bureau of Product Standards has cited the need for the adoption of standards for IT systems management.
This was stressed during a seminar by the DTI-BPS in cooperation with the International Organization for Standardization on ISO/IEC 27001 – Information Security Management Systems held recently, a Philippine News Agency report said.
“Adopting standards for IT systems management security allows organizations to put in place an effective deterrent against risk on valuable digital information,” Trade and Industry Secretary Gregory Domingo said.
“In an IT and knowledge-based economy, digital information is one the most important assets of a company which must be protected against loss due to improper handling and illegal acquisition,” he said.
As the Philippines position itself as an IT hub in the Asian region, it is imperative that companies especially IT based firms to have existing security systems that are standardized and world class.
“This is one system that investors will be looking in firms especially IT-based companies that it intends to partner with,” Domingo said.
Highlights of the three-day workshop include discussions on the overview of the 27000 family of standards, specific requirements of ISO/IEC 27001, and a comprehensive guide on its implementation towards system’s certification.
The workshop provided relevant information on how to carry out ISMS risk assessments and selection of applicable security controls, and updates on the developments of other standards in the 27000 standards family, among others.
Spearheading the workshop is an international technical expert, Dr. Angelika Plate, who will share her knowledge and provide in depth discussions on the said topics.
ISO/IEC 27001:2005 specifies the requirements for the establishment, implementation, operation, monitoring and review, maintenance and improvement of a documented Information Security Management System to efficiently and cost-effectively manage an organization’s information security risks. It covers all types of organizations including a commercial business or a government agency as well as all sizes of firms from micro to multinational businesses.
All IT and information security professionals, system administrators, telecommunication managers, safety and continuity planning managers, financial and operational audit professionals, as well as non-IT professionals involved in assessing IT operations, infrastructure and security in the private and public sectors are enjoined to participate in the said workshops.
