Preparing to take responsibility over your data? Start with a risk assessment

As Neelie Kroes, the Vice-President of the EU Commission on the Digital Agenda stated in a speech delivered at a cyber security conference on 10 March 2014, “The Internet is no longer about emails.”

Cyber security has become a business-critical issue, and nobody is safe from cyber attack.

Deutsche Telekom reports 800,000 attacks a day on their networks. That’s almost 10 per second, all day, every day.

According to Kroes, each incident can cost up to €50 million. For critical infrastructure, the cost of a breakdown could be as high as a quarter of trillion dollars. That is apart from the obvious reputational damage and subsequent loss of customer trust due to data compromises.

“Whatever sector you’re in – online security needs to be part of your business model. A habit as automatic as locking your front door,” Kroes continues.

The European Commission has tabled proposed legislation on Network and Information Security that it intends to finalise in 2014, in a bid to protect businesses, citizens and governments.

This EU directive will require companies and governments to take responsibility for their data. “A voluntary approach is not enough: not any more. A weak link lets down the whole chain; weak legislation lets down our economy.” Said Kroes.

How safe are your networks, systems, web applications and data?

To get started with establishing how secure your information is, an information security risk assessment is usually recommended by the experts.

vsRisk is the definitive information security risk assessment tool, and provides the framework and methodology for you to conduct a risk assessment easily and quickly in your organisation – without the help of consultants.

It also provides a set of recommended controls that you can apply to minimise your risks, in addition to advanced risk assessment and management reports that can be used to present to your management team and auditors.

An assessment of your information security posture may require a more advanced type of assessment in the form of a penetration test or vulnerability assessment.  These tests are conducted by trained, professional ‘ethical hackers’ who are able to examine how effectively your systems and networks are protected, establish where your vulnerabilities lie, and provide you with recommendations that will help you to close any holes quickly.

For the month of March 2014, all IT Governance penetration tests and vsRisk software products are discounted by 20%.

vsRisk Standalone: 

https://www.itgovernance.co.uk/shop/p-1228-vsrisk-standalone-basic-the-cybersecurity-risk-assessment-tool.aspx

vsRisk Multi-user:

https://www.itgovernance.co.uk/shop/p-1534-vsrisk-multi-user-the-cybersecurity-risk-assessment-tool.aspx

Infrastructure Penetration Test

https://www.itgovernance.co.uk/shop/p-793-infrastructure-network-penetration-test-level-1.aspx

Wireless Network Penetration Test

https://www.itgovernance.co.uk/shop/p-1573-wireless-network-penetration-test-level-1.aspx