20 FeatUre How Well is Your Company Protected Against Cyber Attacks by Raj Kumar Cyber Intelligence Sdn Bhd Managing Cybersecurity risk using IEC ISO 27001 Information Security Management System Pt 2 Cyber threats continue to be widely reported in the media putting organisations and businesses at risk It is more important than ever that organisations protect their information and clients by considering the security measures to be implemented Cybersecurity risks can only be clearly understood by evaluating the nature and severity threats and vulnerabilities to information and critical assets and also taking into account the cost to reduce or mitigate the risk to those assets Without understanding the risks it will be challenging to implement the right and effective controls to reduce or mitigate the risk and more importantly to convince the top management to invest in such In order to understand the security posture of any organisations a risk management process including policies and procedures must be defined and communicated to all staff including the senior management Every security related implementation should be comprehensive effective and straightforward from gaining management support identifying assets understanding the risk to those assets deciding to accept or treat the risk getting approvals for treating the risk examining residual risk and reporting Also no organisation or business will consider investing time and money on security if they have no risk or any conditions that can have adverse effect to their operations Web application vulnerabilities malware infections data breaches information theft social engineering unauthorised access are some of the common threats today and it all boils down to studying likelihood and the severity of a threat happening and to the organisation or business How these affect the organisation or business must be justified to the senior management for their support The International Standards Organisation ISO s standard for information security ISO IEC 27001 has become a de facto standard for managing information security and defines security requirements based on international best practices covering from gaining management support to monitoring the implemented security controls By complying to this standard organisations and businesses will be able to establish and demonstrate using a common understanding that their information assets are well

Hinweis: Dies ist eine maschinenlesbare No-Flash Ansicht.
Klicken Sie hier um zur Online-Version zu gelangen.