Cyberspace has revolutionised how many of us live and work. The internet, with its more than 3 billion users, is powering economic growth, increasing collaboration and innovation, and creating jobs.
Protecting key information assets is of critical importance to the sustainability and competitiveness of businesses today. Companies need to be on the front foot in terms of their cyber preparedness. Cyber security is all too often thought of as an IT issue, rather than the strategic risk management issue it actually is.
Companies benefit from managing risks across their organisations - drawing effectively on senior management support, risk management policies and processes, a risk-aware culture and the assessment of risks against objectives. There are many benefits to adopting a risk management approach to cyber security, including:
Corporate decision making is improved through the high visibility of risk exposure, both for individual activities and major projects, across the whole of the organisation.
Providing financial benefit to the organisation through the reduction of losses and improved “value for money” potential.
Organisations are prepared for most eventualities, being assured of adequate contingency plans.
Article 25 of the General Data Protection Regulation (GDPR) stipulates that “the data controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.”
In essence, this invokes the need for a comprehensive risk management approach to securing personal data, in order to determine the necessary safeguards required to adequately protect critical personal data. To expedite achieving compliance Octree has developed its own Information Security Audit Framework, Securaprotm, to allow organisations to carry out a high-level gap analysis of their security profile, identifying areas that need addressing. Based on a number of standards and certifications, including ISO27001, CyberEssentials and the Government’s 10 Steps to Cyber Security, it is a comprehensive yet easily understandable plain English programme designed to significantly reduce, or even remove, the confusion surrounding data protection and compliance.