Speaking at IP Expo Europe on Wednesday, Richard Knowlton – founding chief executive of the Internet Security Alliance for Europe (ISAFE), board member of the Internet Security Alliance and former group corporate security director for Vodafone – addressed the subject of enterprise security, and what corporations must do to survive.
In a seminar titled Protecting the Enterprise in 2016 and Beyond, Mr Knowlton noted that businesses in the UK lose some £2.8 billion to cyber crime each year, and yet only 10% of British companies have a cyber security policy.
Mr Knowlton pointed out that an enterprise-wide approach to security was the only sensible response to the growing threat of cyber crime. Everyone, from the board downwards needs to share the responsibility for cyber security.
“Cyber threats must be dealt with holistically,” he said.
Insider threats – whether unwitting or intentional – represent the biggest security threat to an organisation, and the best way to counter this threat is to ensure that security best practice is second nature to all staff. Companies should therefore introduce a culture of security, supported by appropriate training and awareness programmes.
The international standard for information security management, ISO 27001, addresses all of Mr Knowlton’s points.
An information security management system (ISMS) as set out in ISO 27001 provides a risk-based approach to information security that enables organisations of all sizes, sectors and locations to apply controls to mitigate the risks they face. An ISMS addresses people, processes and technology, providing an enterprise-wide approach to protecting information – in whatever form it is held – based on the specific threats the organisation actually faces, thereby limiting the inadvertent threats posed by untrained staff, inadequate procedures and out-of-date software solutions.
Priced from only €530, IT Governance’s ISO 27001 Packaged Solutions provide unique information security implementation resources for all organisations, whatever their size, budget or preferred project approach. Combining standards, tools, books, training, and online consultancy and support, they allow all organisations to implement an ISMS with the minimum of disruption and difficulty.