Information Security Principle 5

Principle 5 - Enhancing Societal Values

Following this principle will contribute greatly to the successful implementation and maintenance of information security in your organisation.

The values that you should consider enhancing may be:

• Honesty – being genuine and ethical
• Fairness – being equitable and just
• Respect – treat people with dignity
• Trust – keep your promises
• Caring – listen and show kindness
• Courage – take responsibility for tasks

This is not an exhaustive list, nor is it a compulsory one.  These values are just a starting point.  You may already have some of these values, or you may have different ones.  If you have no values written down, then now is the time to start.  You’ll need to do your own research and come up with values that suit your business.

So you need to determine your company values and how they will enhance society.  If they diminish society, then now is the time to upgrade them so they will enhance society.

You can express these values in a mission statement and/or a values statement.  Your ISMS should reference this statement in such a manner that you will abide by and obey these principles.

Two things are important to note here:

1. It’s very important that you get these values right. The values need to actually be important to your organisation, and not be plucked from a focus group or adopted because they make a good sound bite. In the long run, these values will influence everything your business does.  You’re going to be working with these values in some way every single day so they need to be something you believe in and can back up with action.

2. You must do more than just pay lip service to your societal values. If you get them wrong and they don’t fit the business’s culture then you can will struggle to reach an effective ISMS.

Learn More:

1. Information Security - Principle 1 - Analysing the Protection of Your Information and then Applying Controls
2. Information Security - Principle 2 - Awareness of the need for information security
3. Information Security - Principle 3 - Assignment of Responsibility for Information Security
4. Information Security - Principle 4 - Incorporating management commitment and the interests of stakeholders
5. Information Security - Principle 6 - Risk assessments determining appropriate controls to reach acceptable levels of risk
6. Information Security - Principle 7 - Security incorporated as an essential element of information networks and systems
7. Information Security - Principle 8 - Active prevention and detection of information security incidents
8. Information Security - Principle 9 - Ensuring a comprehensive approach to information security management
9. Information Security - Principle 10 - Continual reassessment of information security and making of modifications as appropriate