Use ISO27001 to combat the insider threat, experts say

21/01/2015

IT Governance, the leading provider of cyber security and ISO27001 expertise, has warned that ignoring the role employees play in data breaches can expose organisations to more risks.
 
The warning comes following new research from Cisco, which revealed that just 58% of the 1000 employees interviewed were aware of security threats and the risk they pose to corporate information.
 
Ponemon Institute has made similar findings, but from the IT professional’s perspective. 78% of the IT professionals interviewed consider negligent or careless employees who don’t follow security policies to be the main reason for poor endpoint security.
 
Alan Calder, founder and executive chairman of IT Governance, says: “The insider threat is a big part of the information security challenge that organisations face. In most cases, mistakes will be made unintentionally, but the underlying message is that in order to prevent this from happening, companies must educate staff, enforce effective policies and procedures, and manage access control.
 
“ISO27001 should be the default standard that organisations turn to when addressing the insider threat and other issues, and adopting an integrated approach to people, process and technology.”

What is ISO27001?

 
ISO27001 – the international standard for best-practice information security management systems – is a rigorous and comprehensive specification for protecting and preserving an organisation’s information assets under the principles of confidentiality, integrity and availability.
 
ISO27001 also defines a requirement for continual assessment and measurable improvement, which ensures that the risks to an organisation are continually monitored and that appropriate mitigating controls are improved or implemented.
 
IT Governance offers fixed-price, fit-for-use packaged ISO27001 solutions designed to meet any organisation’s preferences for tackling ISO27001 compliance projects. Each of the ISO27001 packaged solutions is available at a transparent price that enables every organisation, anywhere in the world, to know exactly what their chosen journey to ISO27001 certification will cost them.
 
The ‘all-in’ ISO27001 packaged solutions include: ‘Do It Yourself’, ‘Get A Little Help’, ‘Get A Lot Of Help’ and ‘We’ll Do It For You’.
 
Find out more here: www.itgovernance.co.uk/iso27001-solutions.aspx.
This website uses cookies. View our cookie policy
SAVE 25% ON
FOUNDATION TRAINING