ISO27001 Working for your business

ISO/IEC27001:2013 is the international standard that provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS).

As the fear of security issues increases in business, customers are looking for reassurance from companies who are likewise seeking reassurance from their suppliers that information security is being managed to ensure protection of their data. For many companies the solution to responding to these concerns is alignment with ISO27001.

This article covers some of the key points we have found that will make ISO27001 work for your business. […]

Data leakage, this time its personal

On almost a daily basis the media share stories of confidential information being disposed of in park bins, laptops being found in taxis and passwords being published on the internet. While this is undoubtedly concerning, the findings from a global security study on data leakage have revealed that the data loss resulting from employee behaviour poses a much more extensive threat than many IT professionals believe. […]

Management Buy-in for ISO27001 Implementation

Overcome obstacles for Management Buy-In for Information Security

For any security plan to be effective, the co-operation of staff at all levels is essential. Achieving this is easier said than done, with other priorities and lack of communication often proving to be stubborn obstacles.

To ensure staff buy-in, management must be seen to fully support an information security plan and this can be a tough obstacle to overcome. Finding the best way to justify a security plan in the face of objections can be a challenge, but being prepared with the facts about the risks and benefits will be a big advantage. […]

Advanced Persistent Threats (APTs)

The term ‘APT’ usually refers to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity. It is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage using a variety of intelligence gathering techniques to access sensitive information. […]

Social Media #Friend or #Foe

Love it or hate it, social networking has firmly embedded itself into the fabric of our world. The likes of Facebook, Twitter and LinkedIn can be powerful business tools, especially for marketing, communication and recruitment purposes.

But there is also the less appealing nature of the beast. Provide employees with access to the internet and most will check their online profiles at least once during the day and the resulting downtime can quickly accumulate. But, to a business, a far greater threat than the lack of productivity is the security of what is shared online through these networks. […]

Top 3 Cyber Security Defenses

In recent months it has been hard to avoid hearing the latest business buzz phrase of cybersecurity. Unfortunately, despite searches of popular retail sites, fully functional sonic screw drivers, as used by Doctor Who to defeat the cybermen, are not yet available. However, three key weapons that are available for cybersecurity are:

  • Information Security: Ensures that Confidentiality, Integrity and Availability are appropriately addressed;
  • Application Security: Provides assurance that the systems and applications are not vulnerable; and
  • End-User Education: Potentially the most powerful weapon to prevent an attack taking hold and causing damage.

[…]

Information Security

Implementing BYOD securely

There has been a lot of recent talk about bring your own device and the way in which it can enable a business to work more effectively – but is this at the cost of efficient security?

Many companies in the UK are now looking into the possibility of adopting a bring your own device policy and the effect that this would have on the companys operations. The positive side of this is that bring your own device allows for flexible working as the device can be used anywhere, with a potential cost saving to the company and increase in employee satisfaction. The concerns would be that there could be an increase in security controls as a secure environment may need to be created on the device or a secure connection to a central environment as well as remote data removal control. […]

Information Security

BCM, Goodbye to an old friend

On 30th November 2006, the world was introduced to BS 25999-1:2006 Business Continuity Management – Code of practice and, in standards terms, quickly followed on 20th November 2007 by BS 25999-2:2007 Business Continuity Management Specification. These documents formally established the process, principles and terminology of Business Continuity Management (BCM) and BS 25999-2 specified the requirements Read more about BCM, Goodbye to an old friend[…]