Author Box
Articles Categories
All Categories
Articles Resources

Are Your Information Security Controls Effective?

June 26, 2012 | Comments: 0 | Views: 185

Pretty much all modern businesses deal with information of some description. Whether its basic day-to-day accounting data on your own business, financial records of other businesses and individuals, or detailed personal and medical files on thousands of people, information exists within your business.

Unfortunately, whatever information you have in your business there's a pretty good chance that someone else wants it. These people could be simple criminals out to make a fast buck, organised crime gangs running a profitable if somewhat corrupt operation, competitors willing to try a little industrial espionage, or even nation states using your business to gain international advantage.

And your size and stature doesn't always have to be substantial - indeed the Information Commissioner's Office here in the UK considers smaller businesses a weak link precisely because they are small and often unwilling to invest in effective information security controls, and because they frequently supply to or work on behalf of major corporations.

So we've established that your business handles information, and that a threat exists to that information. The next question is what are you currently doing about it?

If you have existing security controls in-place, are they effective, both in terms of costs and protection? Do your staff understand their role in protecting information? And can and should you be doing more?

Now unless you have an effective system for testing and assessing your information security controls it's doubtful you can answer these questions with any degree of certainty.

So how do you go about measuring the level of information security within your business?

The 1st option is to trust in fate and hope that you never experience a breach. The problem with this approach is that it relies on your organisation never being targeted. Now of course it may indeed never be targeted directly. But I'm sure you would agree that's not the most sensible approach. Especially when all evidence suggests such attacks are on the increase.

Another option is to implement a process of measuring your own security controls. If you have the skills and resources this might appear the best solution and that way you're not exposing your soft underbelly to 3rd parties. The downside of this is that like any internal process, you may be the victim of politics where the judgements and test results end up being skewed by internal issues and rivalries, making the results unreliable.

In addition, if reduced risk and improved security is your goal, with a long-term objective of possibly gaining some kind of certification (such as ISO-27001), then you really need an objective, unbiased opinion from a trusted business partner.

Which brings us to the 3rd option - find a suitable security assessment provider and have them do an assessment of your business.

Now obviously there are a number of solutions in this area. Many companies have fixed-price services that are primarily designed for small- and medium-sized organisations. If you are a large business or need something more thorough you might opt for an assessment performed on a consultative basis by an experienced individual or business.

If you wish to go down the route of certification you might need help in choosing an appropriate certifying body and then assistance implementing the controls, policies and systems needed to obtain certification.

Whichever option you go for in the end you are far better off ensuring you properly assess your information security controls than simply crossing your fingers and hoping for the best. Your business and your customers are depending on you!

Lee Hezzlewood is the founder of Secure Thinking, a UK company providing specialist services in Data Protection and Cyber-Security. For more information on information security for SME businesses take a look at our Managed Security Services.

Source: EzineArticles
Was this Helpful ?

 
0
 
0
 
Rate this Article
 vote(s)
Feedback
Print
Re-Publish

Article Tags:

Security Controls

,

Information Security

,

Information Security Controls

,

Effective Information Security

In India, employment opportunities are set to grow by a good margin in the coming year, a phase which was started in the turn of the second decade of the 21st century. organisation, candidates with

By: Sarkariexam l Business > Careers Employment l April 01, 2013 lViews: 11720

Sometimes it is amazing to see that certain jobs can precipitate huge turnouts in the recruitment drives. It is as if thousands of people were waiting for the vacancy advertisements and the moment

By: Sarkariexam l Business > Careers Employment l December 30, 2012 lViews: 692

In recent times, jobs in healthcare segments have grown tremendously. It is anticipated that this growth curve will continue for the times to come. Various factors are responsible for this

By: Sarkariexam l Business > Career Advice l December 27, 2012 lViews: 449

Are you in a dilemma whether to choose web based CRM or not? If yes, don’t worry. You aren’t the sole person having this doubt.There are numerous firms trying to make out whether investing in a

By: Reneta Vasileva l Business > Customer Service l December 23, 2012 lViews: 410

If you think about it you will realize the fact that each business has its own set of risks that are involved in it.The trade secrets that you have and the information related to the business is what

By: brumbrum1 l Business > Risk Management l December 23, 2012 lViews: 264

As the time is changing, concierge management services are now growing despite the slowing economies of the world. The main reason of it is the need that is highly specific to the people who like to

By: willsmith10 l Business > Management l December 23, 2012 lViews: 334

Businesses are recognising the importance of the information they manage, and more companies than ever deal with sensitive information on a regular basis. So whether you are a one-man-band or a

By: Lee Hezzlewoodl Business > Securityl June 26, 2012 lViews: 215

Social Engineering poses a real threat to businesses and their data. This short story highlights a very real social engineering scenario.

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 183

Information security and data protection is important to small and medium businesses, but many don't understand the threats and risks. Here we outline some of the primary issues and attempt to show

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 174

Too many organisations, particularly in the small-medium category, seem to think information security is about IT and technology. But information security isn't just about IT and businesses need to

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 185

Fire resistant doors are very popular for being fully safe and are able to control fire to a great extent. Not just any manufacturer can make these doors and one has to pass the competency test in

By: Alicia Tanl Business > Securityl June 22, 2012 lViews: 206

One type of professional is important for lock installation, lock changes, key making and, frankly, lock opening. Most people don't even think of a locksmith until they lock themselves out of

By: Antoinette Ayanal Business > Securityl June 22, 2012 lViews: 205

Businesses are recognising the importance of the information they manage, and more companies than ever deal with sensitive information on a regular basis. So whether you are a one-man-band or a

By: Lee Hezzlewoodl Business > Securityl June 26, 2012 lViews: 215

Social Engineering poses a real threat to businesses and their data. This short story highlights a very real social engineering scenario.

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 183

Information security and data protection is important to small and medium businesses, but many don't understand the threats and risks. Here we outline some of the primary issues and attempt to show

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 174

Too many organisations, particularly in the small-medium category, seem to think information security is about IT and technology. But information security isn't just about IT and businesses need to

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 185

Location-based services are increasing in popularity all the time. But are we opening ourselves up to a world of pain and potential abuse through the use of such services?

By: Lee Hezzlewoodl Internet Businesses > Securityl June 23, 2012 lViews: 168

Organisations with an online presence need to consider the security of their websites as well as it's look and feel, functionality and usefulness as a marketing tool. Otherwise there could be serious

By: Lee Hezzlewoodl Internet Businesses > Securityl June 23, 2012 lViews: 179

Discuss this Article

comments powered by Disqus