Someone recently asked us: “Will my organisation be breached if we implement ISO 27001?”
At first we thought they meant ‘will implementing ISO 27001 make me susceptible to data breaches?’ to which the answer is obviously ‘no’. ISO 27001 is the international standard for information security, and it’s specifically designed to prevent data breaches and protect organisations from cyber attacks.
That’s when we realised this person was actually asking ‘will ISO 27001 make me immune from data breaches?’
Unfortunately, the answer to that is ‘no’ as well.
As much as the Standard helps organisations stay secure, no solution is 100% effective. Everyone suffers data breaches, and if you think your organisation is different, you’re probably not looking hard enough.
So instead of asking yourself how you can immunise yourself from information security incidents, the better question to ask is ‘how can we get better at identifying data breaches and reduce the risk of them occurring?’
The answer is in the Standard
You can find out everything you need to protect your organisation from data breaches by reading a copy of the ISO 27001 standard.
There are many tools and services to help you understand and implement its requirements, but nothing can substitute for reading the text itself, which you can purchase for £100.
It encourages in-depth defence and resilience in the form of an ISMS (information security management system). This is a centrally management framework consisting of policies, processes and technological measures designed to secure information in all its forms.
It’s only once you understand what the Standard advocates that you can properly implement its requirements.
You can find out how much work is required for your organisation to achieve effective information security by taking our self-assessment questionnaire.
This test takes less than a minute to complete, giving you a snapshot of your cyber security preparedness and tips on the steps you can take to address gaps in your defences.
The assessment is part of Operation Cyber Secure, our new framework to help organisations win the war on cyber crime.
Those who enlist will receive weekly emails explaining how they can meet specific information security best practices.