Technical security should be part of a comprehensive information security management system


This month Sony Computer Entertainment Europe were fined £250,000 ($396,100) following a "serious breach" of the Data Protection Act as reported by BBC. Allegedly when it was hacked in April 2011 Sony didn’t have up-to-date security software which has led to user passwords not being secure.

A spokesman for Sony said that “Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient."

If an up-to-date technology would have prevented this incident, why hasn’t it been done? Whose responsibility was it to manage the process and ensure that networks secure?

Alan Calder, CEO of cybersecurity and compliance experts IT Govenance, comments, “Technology is the means, but it’s not the answer. Technology is managed by people. If an organisation doesn’t have an adequate information security management system, which includes procedures for ensuring networks are safe and security software is up-to-date, there will always be gaps.

“All this is covered by a single international information security standard called ISO27001. ISO27001 can serve as the bridge between technology and information security management.”
Calder adds, “You can’t help but wonder how many security incidents could be prevented if senior managers took responsibility to transition to an ISO27001 information security management system for protecting their own and their customers’ data.”
Organisations can learn more about the benefits from implementing an information security management system (ISMS) by attending the ISO27001 Foundation training course which gives an overview of the standard and implementation process. More information about the course is available at
This website uses cookies. View our cookie policy