Safety Conscious: How safe is your data?
Lost information seems to have been in the headlines a lot over the last few years – only recently there have been stories about lost laptops and USB sticks holding key information and of course the hacking incident at LinkedIn where millions of accounts were affected.
In this day and age information is everything – not only from a competitive point of view but also legally too – and not many organisations can afford to lose it.
Similarly customers want to feel safe in your hands if they are going to give over their details.
But how do you know where to start and what actions to employ to increase your resilience to lost data, malicious interest from hackers or any other potential areas of vulnerability?
One avenue to explore is ISO 27001, a framework that offers a structured and systematic approach to managing security of information.
By giving you a framework to objectively think about your security policy, organisational security and also access control and other key areas, it will highlight how resilient you really are and what you might want to work on.
It is easy to think that if you haven’t lost data so far you must have everything covered, but as the environment changes, technology improves and customers get more data savvy it could be time to think again.
In the case of data risk, prevention is much better than a potentially messy, damaging and expensive clean up.
Key things to think about when it comes to data security:
- Security policies
- Organisational security
- Asset classification and control
- Personnel security
- Physical and environmental security
- Communications and operations management
- Access control
- System development and maintenance
- Business continuity management
- Legal Compliance
This was posted in Bdaily's Members' News section by idg .