Alan Calder, cybersecurity guru and Chief Executive of IT Governance, the single-source provider for information security expertise, is today urging organisations to tackle cybercrime by implementing a coherent cybersecurity strategy.
Speaking at the 3rd Annual CREST Conference in London, Calder said: “The cyber risks to organisations today are many and complex. They can include Advanced Persistent Threats (APT), organised crime and the risks from staff and the workforce. Tackling these represents a real challenge to businesses. Senior managers have to do their utmost to address these issues now or it may be too late.”
Calder continues, “Today, I am proposing a seven-step cybersecurity strategy which aims to provide the Board and the senior management with a non-technical and holistic framework for tackling cybersecurity. This strategy gives a clear overview of the possible solutions to cyber threats – from management systems based on ISO27001 through security configuration, encryption, website security and penetration testing to HR issues including staff termination, awareness training and social engineering.”
“ISO27001 should be the starting point for improving the information security in any organisation” explains Calder. “ISO27001 has many strengths including helping organisations secure the right balance of data availability, integrity and confidentiality. A further benefit of ISO27001 is the flexibility to integrate with other management standards. This point is vital – effective cybersecurity depends on establishing a comprehensive and interconnected defence strategy.”
“Penetration testing, on the other hand, is essential for ensuring that your systems are secure. It is also a vital component in any ISO27001 ISMS - from initial development through to ongoing maintenance and continual improvement. With the ever-increasing risk of external attacks to websites, the continual enhancements and upgrades to a system over time, and the continual discovery of new vulnerabilities and security holes, organisations need to conduct external penetration tests at least annually”
“Organisations often ignore the importance of the human factor when considering an approach to cybersecurity.” says Calder. “Managers must carry out staff induction and information security awareness training. Poorly trained non-technical staff may mean the organisation is wide open to phishing, pharming and social engineering attacks.”
“Finally, it is essential for the Board to understand how confidentiality, compliance and commercial issues overlap in organisational responses to cyber threats. Having a coherent overview and understanding of the nature of cyber threats and their components, will help organisations respond to them effectively.” concludes Calder.
A free white paper on cyber security can be downloaded here: www.itgovernance.co.uk/cybersecurity-standards.aspx
Interested organisations can find out more on implementing a cybersecurity strategy tailored to their needs by telephoning + 44 845 070 1750 or e-mailing firstname.lastname@example.org.