Tel: +44(0)1529 306284

Compliance – IT Security Management

Compliance – IT Security Management

Compliance with information security policies and procedures is essential to the safeguarding of business continuity. Preventing or minimising the impact of security related incidents allows data to be shared in an effective manner. Ensuring the protection of personal and corporate data alike.

Information takes many forms, whether the spoken word or data created, processed or stored on electronic devices. The confidentiality, availability and integrity of corporate data is essential considering the increased reliance on electronic devices within our daily lives. Consequently, business information, the I.T. systems and networks that support it, are vital assets.

The growth in networking, combined with ‘smart devices’ and e-commerce whilst providing drivers for new markets, also provides new opportunities for hackers. Similarly, the trend of utilising ‘cloud technologies’, tends to place a greater reliance on those third parties responsible for storing and maintaining that data.

Compliance | Security Audits | Training | Computer Security | Computer Crime

At CCC we can help to develop effective and workable policies and procedures to enable maximum business potential with the minimum of risk.

Policies and Procedures

Within most of the modern world, electronic data now has a similar legal status to physical assets. Consequently, workable policies and procedures need to be applied, to ensure compliance with obligations are maintained.

IS7799 / IS27001 provide the current standards for information security. A risk analysis, will allow for; workable, tailored policies and procedures to be adopted that meet your specific needs.

When, either creating new or measuring existing policies and procedures factors that need to be considered which are often overlooked, include:

  • Does management support and an understanding of the risks?
  • Are they workable or do they hinder employees and as consequence, staff try to find short cuts?
  • Has the correct balance been found?

A common example of balance is where users are unnecessarily required to change their passwords regularly, such as monthly. Irrespective of whether the hash algorithm being used, together with the quality, would make it impossible for an attacker to decrypt within the given time frame. Consequently, users tend to create sequential passwords which may comply with policy but are easier to remember and decrypt, such as:

  • JanuaryPassword@work01
  • FebrauryPassword@work02
  • MarchPassword@work03

We have often found that where effective policies and procedures have been adopted correctly. In the long-term, not only do they protect business critical data but are also cost-effective, in that they:

  • Reduce the number of security incidents and associated overheads, with incident response
  • Secure servers require less maintenance over their life-span.
  • Server life-span tends to increase.

 

“Systems, are only as secure as their weakest link.”

Compliance & I.T. Security Audits, offer a method by which organisations can establish whether measures in place provide adequate security to maintain the integrity, availability and confidentiality to information. Audits need to cover both technical and non-technical elements and their associated risks.

For more information on the Compliance & Audit Services we are able to provide.
Tel: +44 (0) 1529 306284. or Email: contact@ccc-ltd.com
For examples of projects and cases undertaken: Click Here...