by Anthony Lopreto, CEO - Fynix Security Inc.
In today’s technical environment,
organizations have become extremely dependent on their information
systems. Most companies consider their information systems the crown
jewel of their business. The public has become increasingly concerned
about the proper use and protection of personal information. As organizations
increasingly rely on electronic information, the more criminals, terrorists,
and hackers look to uncover ways to exploit that information. The cyber
criminal was once motivated by mischievous actions and recognition; now their
intent is to cause catastrophic damage, widespread leakage and monetary gains
at the expense of your customers’ personal information.
Organizations
need to fully understand their responsibility to protect information and the
consequences if a breach were to occur. Security breaches make the news
on a regular basis. Hundreds of
incidents never make the news and go unreported. When a company or government
agencies security is breached, it leads to the loss of personal information,
trade secrets, confidential and other information. These types of breaches can affect millions
of data records, millions of people and clients, and can cost the organization
millions of dollars as well as loss of business and reputation.
Organizations
can take several steps to help protect their information systems. Many
industries must adopt and abide by the requirements of the particular industry
they are doing business in. Most companies will voluntarily adopt a code
of best practices in order to affirm their commitment to protect personal
information. The ISO 27002 is one of the most widely adopted standards used
by organizations who are proactively taking steps to protect electronic
information. The ISO 27002 addresses the
following categories we call domains:
·
Risk assessment
·
Security policy
·
Organization of
information security
·
Asset management
·
Human resource
security
·
Physical and
environmental security
·
Communications
and operations management
·
Access control
·
Information
systems acquisition, development and maintenance
·
Information
security incident management
·
Business
continuity management
·
Compliance
The primary
goal of these domains is to provide a secure information system environment
while at the same time ensuring Confidentiality, Integrity and Availability
(CIA). Here are a few key benefits that following
these standards provides:
·
Identifies
and determines the value of all company assets
·
Comprehensively
reduces the probability of unrecognized information security threats and
vulnerabilities
·
Increases
information security awareness throughout the organization
·
Centralizes
the security objective by management into a clear and concise policy
·
Provides
a strong foundation in order to build system specific security controls
·
Creates
a generally acceptable practice and re-usable across multiple departments
·
Satisfies
the requests of most partners/suppliers to substantiate information security
controls without having to service individual enquiries or provide confidential
information
·
Promotes
the company image as a secure business partner
Adopting a
standard such as the ISO 27002 can help minimize the risk and related
consequences of an information security breach, as well as satisfy the
requirements of service providers, vendors and partners. Applied correctly, it can give your
organization a competitive and marketing advantage over competitors who may not
have a secure foundation.
Anthony
Lopreto - CoFounder and CEO - Fynix Security Inc.
