Risk is part of the game, but can you flip the board on cyber attacks?
Try as we might, we can never fully eliminate risk. The Internet is a playground for criminal hackers waiting to get their hands on your sensitive information.
We’ve all heard of the WannaCry ransomware attack, which paralysed the NHS and affected more than 300,000 computers across 150 countries in May 2017. Threats like this are very real for ISMs (information security managers), who face the reality of phishing scams, cracking and ransomware daily.
In our book of the month, Once more unto the Breach – Managing information security in an uncertain world, Andrea Simmons draws on her extensive experience in the cyber security industry as an information governance specialist and offers an insight into the world of the ISM.
Aimed for ISMs, the book provides invaluable advice to help you understand:
- How to pull a team together and kick-start your project;
- The key activities you should be spearheading to ensure your organisation is secure;
- How to ensure compliance runs throughout the whole organisation, including ideas to keep it alive;
- Physical security issues that can cause you difficulties; and
- The scope of activities expected of you.
Delivering a security programme
A common pitfall of security management is the assumption that cyber security is a project that can be completed and effectively a task to tick off the to-do list. This is however, a misconception. Cyber security must be woven into the very core of an organisation. It should be viewed as a programme, rather than a project, and reviewed and adapted on a regular basis to meet the ever-changing world of risk management.
Get staff to buy into you
Security management shouldn’t be the sole responsibility of an ISM. The success of a cyber security programme depends on everyone in an organisation, and as an ISM it is your duty to ensure everyone is on board.
Physical security offers a visual aid for staff and can promote a risk management attitude in the workplace. Simply walking through your office should provide plenty examples of potential security threats and risks.
Creating policy documents
Policy documents should clearly demonstrate your organisation’s stance on a particular technology, people or process issue. They should be supported by procedural documents, controls or standards.
Once more unto the Breach – Managing information security in an uncertain world discusses the challenges faced by ISMs and offers advice on how to overcome these hurdles.
*Excerpts from this post were taken from Once more unto the Breach – Managing information security in an uncertain world by Andrea Simmons.