ISEC Information Risk Management programmes provide organisations with the testing and security management procedures to ensure that all security risks are identified and contained. Asset Identification Before designing and implementing a security policy, an organisation must understand the assets (e.g. property, people and information) it is trying to protect. ISEC will undertake a detailed analysis of the assets to be secured, their associated value to the organisation and the impact to the organisation if they are violated. Risk Analysis - Threat Assessments The task of preventing unauthorised people from compromising the confidentiality, integrity, or availability of sensitive information, is increasingly difficult in the face of the growth in Internet use, the increasing skill levels of attackers and the technological advances in their tools and methodology. ISEC will undertake detailed scenario based threat assessments to provide the basis for Information Security Policies. This process will develop a number of key scenarios and include a realistic assessment of the probability and impact of each threat or attack. Preventative measures and loss recovery options can then be identified and costed before the comprehensive risk management programme is initiated. Mitigation A successful security programme begins with senior management's understanding of the risks associated with networked computers and a commitment that information security will be given a high priority. Information Security Policy The information security policy is essential to the success and integrity of information security in any organisation. ISEC working with the client will produce polices which are compliant with BS7799. It will provide all staff with operating guidelines that detail all aspects of security. It also drives technical and management staff when dealing with an incident. Physical and Procedural Reviews In addition, physical security policies and procedures must also reflect this philosophy and guide implementation of the organisation's overall security programme as well as the security plans for individual installations. ISEC policies will set minimum standards and requirements for key security activities and clearly assign responsibility and accountability for ensuring that they are carried out.