A Base Measure is a fundamental security control or action implemented to protect an organisation’s information assets. Think of it as a foundational or essential building block of a security system. These are not just best practices, but rather the initial steps taken to create a secure environment, often addressing the most critical risks first. They form the bedrock of a strong Information Security Management System (ISMS) and are crucial for ensuring the confidentiality, integrity, and availability of information.
Examples
- Data Classification: Categorising data based on its sensitivity (e.g., public, internal, confidential) to ensure appropriate controls are applied.
- Incident Response Plan: A documented procedure for handling security breaches to minimise their impact and ensure a swift recovery.
- Regular Security Awareness Training: Ensuring all employees understand security risks and their responsibilities in protecting information.
- Access Control Policies: Defining who can access which assets and under what conditions.
Context
Base measures are a key element in aligning with the requirements of ISO 27001. By identifying and implementing these measures, an organisation can effectively mitigate risks, improve its overall security posture, and prioritise its security efforts.
