Modern threats demand modern answers demanded
The information security incidents concern not only large companies, but also small and medium-sized enterprises, and governmental sector. abuse with data could cause a serious problem in the IT field, but we either should ignore areas outside their. Although nowadays managing data electronically in large measure, the content of paper documents, photos, orally or coversations by telephone detour into unauthorized hands can mean financial and moral damage/losses for enterprise’s staff, customers. Modern menaces demand modern answers.

The reduction of risks resultive from theft and other abuses expansively,could achieved  by the introduction of a management system, with which conscious, planned and continuously controlled operation can provide instead of partial solutions. The security of require information is not the only, or  some  security dispatch, and  not concern only the IT area, but also organizational clues, resource management, physical security, and legal protection, among others. By the support of Information Security Management System (standard ISO 27001) information security can manage on risk base, protect against potential threats, ensuring their availibilty, integrity and confidentiality. Information security is not equal to information technology (IT) securit. To the information security should identify in the company  those critical areas that you want to protect, they may be processes, technologies, departments, Information Systems, but the whole organization can also fall within the scope of information security. By a specific position paper (survey) the functional strengths and weaknesses can be mapped.

In order to be able to determine accurately int he whole company the damageable information tools, potential threats, vulnerabilities and potential consequences that may occur,   analysis and evaluation of risks are essential /neccesary. There are several methods available, according to which fits most of the expectations, which method’s result give principally opportunity for estabilished decisions. The information resultant from the risk assessment must be handled with watchfully as based on these dispatches can draw up, respectively the assessment may raise several further questions.

However, in many cases, non-technological modifications or investments should be made, but the employee’s habits should be changed.  It need to be known and foreshown recognize how to use of Information technology watchfully and safety. There an internal regulation is nessesary that contains clear policies and tasks for all employees. In accordance with the company's information security objectives expansively define the direction and principles, which is attentive with the current operational, legal and regulatory requirements and contractual security obligations. In the practical implement/ realization of information security policies (also) plays a key role of the Board. The first most important is to keep the important rules for themselves, the second is to make it understand with all colleagues the importance of this. By supporting the management can be successful such project and together with this can be achieved, that security efforts would be helpful in everyday work.