^

Freeman Cebu Business

Managing cyber security

EUROPE BEAT - Henry J. Schumacher - The Freeman
November 18, 2016 | 12:00am

Cyber threats continue to be widely reported in the media, putting organizations and businesses at risk. It is more important than ever that organizations protect their information and clients by considering security measures to be implemented.

Cyber security risks can only be clearly understood by evaluating the nature and severity of threats and vulnerabilities to information and critical assets, and also taking into account the cost to reduce or mitigate the risks to those assets. Without understanding the risks, it will be challenging to implement the right and effective controls to reduce or mitigate the risk and more importantly to convince the top management to invest in such.

In order to understand the security posture of any organization, a risk management process including policies and procedures must be defined and communicated to all staff including senior management. Every security-related implementation should be comprehensive, effective and straightforward – from gaining management support, identifying assets, understanding the risk to those assets, deciding to accept or treat the risk, getting approvals for treating the risk, examining residual risk and reporting.

Also, no organization or business will consider investing time and money on security if they have no risk or any conditions that can have adverse effects to their operations.  Web applications vulnerabilities, malware infections, data breaches, information theft, social engineering, unauthorized access are some of the common threats today, and it all boils down to studying the likelihood and the severity of a threat happening to the organization or business. How these affect the organization or business must be justified to senior management for their support.

The ISO standard for information security, ISO/IEC 27001, has become a de facto standard for managing information security and defines security requirements based on international best practices, covering from gaining management support to monitoring the implemented security controls. By complying to this standard, organizations and businesses will be able to establish and demonstrate using a ‘common’ understanding that their information assets are well managed and protected, and at the same time meeting expectations of stakeholders, partners, interested parties, suppliers, industry laws and regulations and related requirements.

Achieving ISO/IEC 27001 compliance can give organizations and businesses tangible and intangible benefits as follows:

* ISO controls improve the information systems availability and reduce the risk of vulnerabilities being exploited, while increasing the reliability and security of systems.

* Periodic audits and the re-certification process help to keep the security controls up to date.

* The ISO compliance ensures the organization that they can be trusted to secure customer’s data as well as their own. This increases customer confidence which in return gives more business, more revenues and profits.

* Cost effective and consistent information security policies, procedures and practices help organizations to meet and exceed industry standards.

* Information systems can be prioritized to meet business requirements.

* Compliance with legislations

* ISO defines responsibilities and duties and therefore strengthens the internal organization.

* Attaining ISO 27001certification demonstrates the preservation of confidentiality, integrity and availability of the critical business information systems.

* Improved management control and security leadership.

* Improved risk management and contingency planning. The ISO 27001v compliance provides a more structured approach to risk management.

In summary, by complying to ISO/IEC 37001, an organization will become more attractive to stakeholders that want to work and cooperate with partners where their information assets are well protected and maintained.

vuukle comment

EUROPE BEAT
Philstar
x
  • Latest
Latest
Latest
abtest

Cebu City partners with PLDT Enterprise to push digital goals

By Ehda M. Dagooc | 5 days ago
The Cebu City government and PLDT Enterprise have strengthened their partnership to push for the city’s digital transformation goals.
5 days ago
Freeman Cebu Business
fbtw

Trust issues hinder Charter change?

By Fidel Abalos | 5 days ago
“Change is inevitable. Change is constant.”
5 days ago
Freeman Cebu Business
fbtw

48 MSMEs to join DTI-7’s online training

By Ehda M. Dagooc | 5 days ago
The Department of Trade and Industry has introduced 48 micro-small and medium entrepreneurs to join the roster of participants for the 2024 Kapatid Mentor Me - Money Market Encounter Online program in Central...
5 days ago
Freeman Cebu Business
fbtw

Alliance Global expects policy rate cuts to boost economy

By Ehda M. Dagooc | 6 days ago
Alliance Global Group, Inc. (AGI), the holding company of tycoon Dr. Andrew L. Tan, anticipates policy rate cuts, as inflation decreases. This is expected to boost the economy and consumer spending, particularly...
6 days ago
Freeman Cebu Business
fbtw

Contact center and business process sector gathering set

By Ehda M. Dagooc | 6 days ago
The Philippines’ contact center and business process sector is set to hold its 18th Contact Island Conference in Cebu City on July 24-26, 2024. The conference will spotlight the opportunities presented by Artificial...
6 days ago
Freeman Cebu Business
fbtw

The Reading Mind

By Henry Schumacher | 6 days ago
I’ve always loved reading. Novels, history books, magazines, and newspapers.
6 days ago
Freeman Cebu Business
fbtw
Recommended
Are you sure you want to log out?
X
Login

Philstar.com is one of the most vibrant, opinionated, discerning communities of readers on cyberspace. With your meaningful insights, help shape the stories that can shape the country. Sign up now!

Get Updated:

Signup for the News Round now

FORGOT PASSWORD?
SIGN IN
or sign in with