Cyber security depends on effective processes, says IT Governance


Lack of critical cyber security processes can hinder effective protection against cyber attacks, leading cyber security provider IT Governance has warned.
Adequate processes are one of the keys to an effective cyber security strategy. Processes define and explain how the many activities, procedures, work instructions, controls and technologies are used to mitigate the risks associated with cyber crime.  
Worryingly, PwC’s Global State of Information Security® Survey 2015 found that despite the rising cyber risks, many organisations have not updated critical information security processes. It also found that large companies tend to have better processes in place than small and medium-sized companies.
Alan Calder, founder and executive chairman of IT Governance, says: “Organisations are clearly under pressure to improve their cyber security posture in view of the growing cyber threats. The only sensible way to ensure cyber security processes are effective is to implement, and continually monitor and improve, an information security management system (ISMS) compliant with ISO27001.”
ISO27001 – the international standard for best practice information security management systems – is a rigorous and comprehensive specification for protecting and preserving an organisation’s information assets under the principles of confidentiality, integrity and availability.
ISO27001 also defines a requirement for continual assessment and measurable improvement, which ensures that the risks to an organisation are continually monitored and that appropriate mitigating controls are improved or implemented.
A recent survey by the British Standards Institute (BSI) has revealed that best-practice cyber security frameworks such as ISO27001 help raise awareness of risks. 52% of organisations that had implemented ISO27001 said they were “extremely confident” in their level of resilience against the latest methods of cyber attack.
IT Governance offers fixed-price, fit-for-use packaged ISO27001 solutions designed to meet any organisation’s preferences for tackling ISO27001 compliance projects. Each of the ISO27001 packaged solutions is available at a transparent price that enables every organisation, anywhere in the world, to know exactly what their chosen journey to ISO27001 certification will cost them.
The ‘all-in’ ISO27001 packaged solutions include: ‘Do it yourself’, ‘Get a little help’, ‘Get a lot of help’ and ‘We’ll do it for you’.
Find out more here:
This website uses cookies. View our cookie policy