According to recent research, eight out of ten IT departments in Ireland are suffering from a lack of investment, which they believe is holding them back. In contrast, only 61% of organisations in the UK and Canada believe a lack of investment is holding their IT departments back.
More worryingly, 89% of Irish IT departments believe that security is the area most affected by the budget squeeze. The second-biggest concern for 44% of Irish IT departments is staying secure against cyber threats, which, as recent ransomware attacks have shown, can cripple an unprepared organisation.
An organisation with a limited budget but wanting to improve its security posture should implement an information security management system (ISMS) aligned to ISO 27001, an international standard that helps demonstrate you are following information security best practice. Achieving accredited certification to ISO 27001 will also deliver an independent, expert assessment of whether your data is adequately protected. ISO 27001 is supported by its code of practice for information security management, ISO/IEC 27002:2013.
With the EU General Data Protection Regulation (GDPR) taking effect in May 2018, achieving accredited certification to ISO 27001 accreditation may accomplish two aims at once for IT departments with a limited budget. Having an ISMS certified to ISO 27001 by an accredited certification body is concrete evidence that an organisation has taken the necessary security measures to protect itself from a data breach.
ISO 27001 not only addresses the need to comply with legislation through systematic policies and processes but also offers a reference set of controls. Although these controls are not exhaustive, they can be used to provide appropriate “technical and organisational measures”, as required by the GDPR.
Now in its third edition, Nine Steps to Success – An ISO 27001 Implementation Overview will give anyone tackling the Standard for the first time the guidance and direction they need to make their implementation project a success.