Data security and incidents where data systems have been hacked are again in the news. The damage in reputational terms can be enormous, and in some cases can destroy an organisation; this does not take into account the fines that can be levied by ICO (Information Commissioner’s Office).
Some of the higher profile cases often occur because of computer issues such as poor anti-malware and anti-virus systems, poor software patching or simply human errors because of a lack of training and awareness.
There are a number of ways that organisations can improve their data security:
- Incorporate cyber essentials or cyber essentials plus which adjusts computer systems to protect against improper access. It also provides encryption of hard disks to make it harder to read data files.
This is commonly known as computer hardening.
- Incorporate a management system for data security; Commonly ISO 27001 & 27002 ISO 27001: 2013 is the certifiable Standard and 27001:2013 is the code of practice covering the standard
These management systems put systems in place to enhance security in a number of areas:
- Management direction for information security;
- Organisation of information security;
- Human resources security;
- Asset management;
- Access control;
- Physical & environmental security
- Operations security;
- Communications security;
- System acquisition, development and maintenance;
- Supplier relationships;
- Information security incident management;
- Information security aspects of business continuity management;
This Standard is not easy to put into place and it is a somewhat lengthy process, but once fully practice it does give a degree of comfort to the management of the organisation that good professional; data security protection has been put into place.
Naturally the organisation must undertake regular internal audits and the system is assessed and surveillance visits carried out by an accredited certification body to ensure continued compliance with the Standard.
We have been helping organisation set up ISO 27001 systems and then make sure they pass assessment, and at the first go.
Once certified Quality Matters can offer internal audits and consultancy to make sure that the certification remains fully valid and the surveillance visits pass without problem.
Please see our web-site for details.
Consultancy, Quality Matters Limited.