Over the last decades we have witnessed a massive growth in the use of technology. In that same time, many new words and phrases have materialised, one of them being IT security.
As terms and meanings go, it can be convoluted, and not all terms have the same meaning for all people! For the purpose of this article and because we pride ourselves on a positive and pragmatic approach, we are going to take a broad stance, to mean, a set of strategies that prevents unauthorised access/use of your organisational assets, such as computers, networks, and data.
The aim is to achieve and maintain ‘Organisational Resilience’ and ‘Cyber Resilience’ protecting confidentiality of sensitive information and preventing brand reputational damage as a consequence of a data breach!
Hackers are getting smarter and the technology they are using, more powerful and sophisticated. Anecdotal evidence suggests they are using the power of well-known web services, so there is an even greater need to protect your digital assets and network.
It’s a little bit clichéd…If you think providing IT security can be expensive, then look again at the costs of a significant breach. According to a research report from Capita  in 2020, the average cost of a data breach in the US was $3.6 million…and that doesn’t include any losses from reputational damage.
So, what’s the best ANGLE?
Of course, it would be using a tablet, but one that uses chalk…the advances in technology and the ability to transform a business through digitisation is clear to see, so it’s understanding how to mitigate the risks.
A N G L E
A pplicability – the statement of Applicability, the main link between your information security risk assessment and remediation work, highlighting ‘where’ you have chosen to implement information security controls and this is used to achieve ISO standards ISO 27001:2013 and recently ISO27701 which is a subset if ISO 27001 – both of these are ‘badges’ and further proof that you take Information Security seriously and definitely worth considering if your organisation is growing and looking to conduct business internationally.
N etwork – Network security is used to prevent unauthorised or malicious users from getting inside your network. This ensures that usability, reliability, and integrity are uncompromised. This type of security is necessary to prevent a hacker from accessing data inside the network. It also prevents them from negatively affecting your users’ ability to access or use the network.
Network security has become increasingly challenging as businesses have increased the number of endpoints, as most organisations have a remote workforce and have migrated services to the cloud, think O365…
G overnance – Data governance is all about supporting an organisation’s overarching data management strategy. A framework, taking a holistic approach to collecting, managing, securing, and storing data. Good data governance would include:
Data storage and operations: Structured physical data assets storage deployment and management
- Data security: Ensuring privacy, confidentiality, and appropriate access
- Data integration and interoperability: Acquisition, extraction, transformation, movement, delivery, replication, federation, virtualization, and operational support
- Documents and content: Storing, protecting, indexing, and enabling access to data found in unstructured sources and making this data available for integration and interoperability with structured data
- Reference and master data: Managing shared data to reduce redundancy and ensure better data quality through standardized definition and use of data values
- Data warehousing and business intelligence (BI): Managing analytical data processing and enabling access to decision support data for reporting and analysis
- Metadata: Collecting, categorizing, maintaining, integrating, controlling, managing, and delivering metadata
- Data quality: Defining, monitoring, maintaining data integrity, and improving data quality
L egal Compliance – by aligning the organisation to GDPR / DPA 2018, dependent on what has been negotiated with Europe, ensures you have taken the necessary steps to prevent security breaches and subsequent data loss of personal identifiable information (PII). In essence, it’s an undertaking on principles, user rights and the obligation of the organisation to protect PII and honour peoples’ rights.
E nd point security – provides protection at the device level. Devices that may be secured by endpoint security will include mobiles, tablets, laptops, and desktop computers. To have Endpoint security further prevents devices accessing malicious networks. This can often be achieved through email phishing campaigns and even Smishing and Vishing, all of which are designed in a way to gain access to that may be a threat to your organisation. Advance malware protection and device management software are examples of endpoint security.