Whether you’re just getting started or you have information security processes truly embedded, find out where you are in the journey and how you can move forward with our free Information Security Infographic. Click the image below to view and download.
Get a free Information Security Risk Self-Assessment
Business risk can have severe consequences if not properly managed. Every business has its own set of assets and risks, and an Information Security Risk Self-Assessment form should be completed to identify the business assets and the risks to them.
We can give you a free Information Security Risk Self-Assessment template – just get in touch with us here.
Every organisation has already invested in security, installing basic cyber tools like anti-virus and patching vulnerable operating systems. Hopefully. But this is just the beginning of your journey. A journey to bring maturity to your security.
A truly effective security program involves identifying and locating all of your information assets and putting controls in place to protect them all. A risk register and gaining recognised accreditations further demonstrates to everyone that you are taking it seriously.
Why are you on this journey?
The journey to maturity is often driven by external factors. Your customers require it before they will buy your products or services, legislation mandates it, you have been the victim of a cyber-attack or you are aware of the increased risk present today.
The journey ahead of you
As mentioned earlier, it should start with identifying and locating all of your information assets. Remember that not all information is stored digitally. Once you have identified your assets, you can now consider all of the risks. You can then align the tools that are already deployed. Cyber Essentials is an external accreditation and a first step to proving that you are serious, even if it is self-certified.
The journey can then continue as you broaden the impact of your Information Asset Risk Register, introducing new cyber tools, staff awareness training and enhanced organisational policies to govern the businesses approach to security. Cyber Essentials Plus demonstrates further commitment as you have invited an external body to audit the controls that you have in place.
ISO 27001, an internationally recognised information security certification, shows that your security governance is fully embedded in the business. At this stage the management system, policies and controls are fully ingrained, aligned to the business objectives and subjected to rigorous external audit. Your approach is fully matured and shows staff, customers and suppliers that you are serious.
At On Line Computing information security is at the very core of the services that we provide to our customers. We have given advice and guidance to hundreds of organisations, helping them to improve their information security and achieve recognisable accreditations. Whether you’re just beginning your journey or you’re ready to take on the next stage we are here to support you. Check out our case study about how we helped a global consultancy firm achieve their ISO 27001 accreditation.
Everyone’s heard of Cyber Security. Breaches of security create great headlines, especially when personal information is involved. Cyber crime is the new frontier with the perpetrators seeking information that has a value to be exploited for financial or political gain. The typical reaction is to deploy technology tools to protect against known external and internal threats, or the threats that the Cyber Security sector is telling you about. It’s a great way to sell stuff.
But, is Cyber Security the whole picture? What about Information Security? What’s the difference between the two?
Cyber Security vs. Information Security
Cyber Security focuses on protecting and recovering hardware, networks, devices and applications. It is a technology solution to protect your technology assets.
Information Security, on the other hand, is a more comprehensive approach to protecting your data and assets. It does involve software tools (that’s the cyber piece) but focuses on all the other areas where threats exist. It starts by identifying all of your information assets and considers the confidentiality, availability and integrity of these assets. In addition to the technology assets like network, hardware, applications, databases and devices; information assets include things such as personnel, buildings and office spaces, and suppliers. Each of these can present just as big, if not a bigger risk to your business if not properly considered. These assets may be subject to different threats. Think about paper-based assets, they may contain confidential information. Are they left lying around the office or disposed of without due thought to the risks?
Information Security enables you to consider the risks to all your information assets no matter where they are or what they are being used for. It is an approach that helps determine the right tools or other measures to provide the appropriate protection. You will know where your information assets are and your users will be aware of the threats that could be targeting them or your organisation so that you can put measures in place to reduce the risk.
6 steps to improving your Information Security
ISO 27001 is an Information Security standard. It requires a great deal of effort to achieve certification and it’s not for everyone. There are some steps you can take without embracing the whole thing that will greatly improve your security.
- Identify all of your information assets
- Categorise them
- Assess the risk to each category, remembering confidentiality, integrity and availability
- Apply measures to appropriately protect the assets. This will include Cyber Security tools, policies and procedures
- Make sure all of your staff are aware of the risks and how you are mitigating them
- Periodically review
Cyber Security is a necessary part of our lives and protects our businesses from criminal activity enabled by the internet. But solely relying on Cyber Security tools may leave a chink in your armour. An Information Security approach will help you have a better understanding of your business and identify and patch vulnerabilities you will uncover in the process.
Find out more about Information Security or get in touch with us. Our team are more than happy to answer any of your questions surrounding Cyber Security or Information Security.