Cyber Security

ISO 27001 | ISO 27001 Toolkit | ISO 27002 | Infosec e-Learning

On this page: Free White Paper: Cyber Security - A Critical Business Risk ISO 27001 - The Cyber Security Standard Information Security, Risk Assessments & vsRisk Cyber Resilience Cyber Security – An Issue Of National Importance Effective Cyber Security

Cyber Security Assessment Tool Find out how cyber secure your business is today

In today’s modern economy the protection of information assets, or information security, is of paramount importance to all businesses. In a world where IT and the internet is critical to all organisations, the long term competitiveness and survival of organisations is dependent upon the security of their information assets.

Free White Paper: Cyber Security - A Critical Business Risk

All organizations have to face up to the fact that at some point they are going to come under cyber attack. Organizations need to ensure they have robust systems and networks and that staff are are adequately trained in their information security responsibilities. Alan Calder, IT Governance CEO, and expert in ISO27001 and information security, has written a white paper on 'Cyber Security: A Critical Business Risk'. This free white paper sets out a Seven Step Strategy that all organizations should adopt.

>>> Download our free white paper 'Cyber Security: A Critical Business Risk'

Do you know how cyber secure your organization is? The cost-effective Cyber Security Assessment Tool will enable you to quickly assess which areas of your business are secure and which need attention.

ISO 27001 - The Cyber Security Standard

ISO/IEC 27001 is the only internationally recognized cyber security management standard for an Information Security Management System (ISMS). ISO27001 helps business create a best in class ISMS which can be independently audited and certified. Creating an ISO27001 compliant ISMS will assist your organization in meeting the information security-related regulatory compliance requirements including the FISMA, BLBA, HIPPA and PIPEDA.

ISO27001 is part of the ISO27000 family of international information security standards that will be the foundation of IT protection over the next 10 years. Information security should be a key focus for all businesses. If you are new to ISO27001 and information security we recommend these titles:

• A Business Guide To Information Security
• Information Security: A Strategic Approach
• ISO27001 Complete Pocket Guide Set
• ISO27001 is also closely allied with the ISO27002 Code of Practice

Implementing ISO/IEC 27001 and creating an effective information security management system for the first time can be challenging. The No 3 ISO27001 Comprehensive ISMS Toolkit has everything you need to carry out your own ISO27001 project. This toolkit contains practical and informative books, documentation templates which are customizable to your business, support guides and vsRisk, the definitive risk assessment tool. Save time and money and accelerate your ISO27001 project with this toolkit. Read more here >>>

Accredited Certification to ISO27001 gives an organization internationally recognised and accepted proof that its system for managing information security – its ISMS or cyber security readiness – is of an acceptable, independently audited and verified standard.

See our comprehensive range of information, books and tools for achieving ISO27001 certification.

Information Security & Risk Assessments

Organizations can use risk assessments to assess the potential threats to their information system. By carrying out this process you can determine what appropriate controls are required to reduce the levels of risk to. Risk assessment is therefore the core competence of an information security management system (ISMS).

vsRisk - The definitive risk assessment tool

Risk Assessment is a integral part in creating an ISO27001 compliant ISMS, however carrying out a risk assessment is extremely difficult without using a specialist tool. vsRisk is a unique software tool designed to guide your organization through the process of carrying out an information security risk assessment that will meet the requirements of ISO 27001:2005.

vsRisk automates the risk assessment process and will help you identify, analyse and control risks in line with your business objectives.
Read more and downlaod a free trial version of vsRisk here >>>

IT Governance offers a range of information security risk management products including:

• Information Security Risk Management for ISO27001/ISO27002
• Risk Assessment for Asset Owners: A Pocket Guide (Soft Cover)
• Cyber Resilience Standards Kit
• All our information security risk management products >>>

Cyber Resilience

Cyber resilience is a key principle that underpins ISO27001. Cyber resilience is how an organizations systems and processes are resilient to an outside attack or a natural disaster. There are four international standards that set our best practice for managing cyber resileince, these can all be bought together in the Cyber Resilience Standards Kit, and are:

1. ISO/IEC 27001:2005 (Download) - the specification for an information security management system
2. ISO/IEC 27002:2005 (Download) - this standard details how to go about initiating, implementing maintaining, and improving information security management within an organization
3. ISO/IEC 27031:2011 (Download) - ISO/IEC 27031 deals with how organizations can ensure their IT processes and systems are prepared should a incident occur and enable business continuation
4. ISO/IEC 27035:2011 (Download) - this standard provides a guideline of how to cope should an information security incident occur

Business continuity is an essential part of cyber resilience and businesses should ensure they have a robust and effective business continuity management system (BCMS) aligned with the BS25999 Business Continuity standard. BS25999 provides a set of best practice for business continuity management. It details how to go about designing, implementing & maintaining business continuity management system (BCMS).

The US Department of Homeland Security Security Therefore business continuity and disaster recovery planning is fundamental to an effective ISMS.

There are three core standards for business resilience – two of them are American and one British. The three standards which have been adopted by the US Department of Homeland Security, for the Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep), are.

Visit our designated business continuity page here >>>

Cyber Security – An Issue Of National Importance

In a speech in May 2009,  President Obama has declared that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America’s economic prosperity in the 21st century will depend on cybersecurity.”

Two years later, in May 2011, the US Government has proposed a legislative package focused on improving cyber security for the American people, the Nation’s critical infrastructure, and the Federal Government’s own networks and computers.

This document recognizes that the cyber security vulnerabilities in the US Government and critical infrastructure are a risk to national security, public safety, and economic prosperity.

A fact sheet on the legislative package states that more transparency will be required from critical-infrastructure operators and they will be accountable for their cyber security. Moreover, the cyber security risk mitigation plans of each critical-infrastructure operator will be assessed by a third-party, commercial auditor.

The legislation will help consumers protect themselves against identity theft whilst also motivating businesses to adopt better cyber security measures. Consumers who are affected by a data breach will have to be informed about the leak by the company that suffered the intrusion. In the view of the US government the proposed changes will "(1) improve our resilience to cyber incidents and (2) reduce the cyber threat".

If accepted, the legislative package will create the need for many organizations to review their cyber security strategy (if they have one in place) or they will have to start implementing one.

Effective Cyber Security

For an organization to be able to deter cyber crime, it needs to undertake appropriate measures and adhere to them. Consider:

• Self-defence is important; you must assess your position thoroughly and have the proper safeguards in place to protect your business information,
• But you must also be able to fight back; the genuine threat of prosecution can be a very effective deterrent against embittered or corrupt employees, for example, who might otherwise see your company’s data as a "soft target",
• You need to invest wisely; expensive technology is not necessarily the right technology to protect your business information,
• There are no fixed and fortified limits as to when and where your business data could be vulnerable,
• You must be able to adapt or perish, because every threat you repel today will evolve into a new threat tomorrow.

IT Governance Ltd is committed to the National Cyber Security Alliance (NCSA).