Thales guide helps business to audit their cyber security risk
London, UK – 1 March 2012 – A report released today by Thales, a global leader in information systems and communications security, highlights the four main areas of cyber security addressed by best practice organisations. The report also warns that businesses may be over-spending on cyber security solutions that over-protect non-sensitive data.
Aimed at helping businesses to audit and improve their cyber security, the report, ‘A practical guide to assessing your cyber security strategy’ provides organisations with a framework to assess their level of risk, identify gaps in their approach and tighten their cyber security measures.
Ross Parsell, Director of Cyber Strategy at Thales UK, says “Last year the cost of cyber crime to the UK economy was estimated to be £27bn. The volume and scale of attacks show no sign of slowing down. While most organisations have already embarked on a cyber security strategy, resources are often misallocated into areas that fail to protect the organisation. Our report identifies what CIOs and security professionals should be thinking about when assessing the sophistication and effectiveness of their organisation’s cyber security strategy.”
The report addresses the four areas of a business that can be worst affected by cyber crime: communications, infrastructure, people and information. It advises organisations who wish to mitigate the risk posed by increasingly large-scale, sophisticated cyber attacks to ensure that they are allocating their investment in cyber security appropriately, not over-protecting non-sensitive data or under-protecting business-critical data.
Parsell continues: “We have developed this guide in response to the very sizeable and tangible cyber crime threat facing businesses in 2012. We hope those with the heavy burden of developing and executing cyber security strategies will be able to use this framework to stress-test cyber security measures which may already be in place across the business. The report also contains practical guidance on implementing cyber security best-practice and suggests new ways of protecting their sensitive data, whilst remaining open for business and connected with customers.”
The report offers organisations practical guidance to ensure their most critical networks and information are best protected from the risk of attack, and discusses the practical steps they must take to achieve these goals:
Secure information. Information is the lifeblood of any organisation. Some businesses are built solely on the value of their information, while others hold critical information and data that, if compromised, would present a significant risk to the organisation and its customers.
a. Conduct an information audit to categorise information by value.
b. Review the governance of information security in your organisation.
c. Consider the impact of the organisation’s culture on information security.
Secure people. Often, organisations focus their employee security on providing staff with procedures and guidelines on their responsibilities to keep the organisation secure. Yet businesses also have a duty to protect those employees and their security.
a. Ensure your business is well-versed on the relevant legislative conditions that you should operate within.
b. Roll out identity-based access to information to ensure that people only access data they are authorised to view.
c. Evaluate your identity management needs.
d. Audit the way in which you regulate personal IT in the workplace, and for home workers, to ensure that staff and the organisation are protected.
Secure communications. Secure communication internally and externally is underpinned by policy and procedures.
a. Communicate your cyber security strategy and information audit in a secure manner.
b. Invest in enterprise encryption to mitigate the risk of IP theft and data loss.
Secure infrastructure. As managed hosting, offsite disaster recovery and outsourced storage facilities continue to be used by organisations looking to make cost efficiencies, businesses must ensure that their supply chain remains secure.
a. Conduct an audit of service providers that you have relationships with and measure their security.
b. Review your Service Level Agreements (SLAs).
c. Monitor critical networks.
d. Review your information storage security.
The report, ‘A practical guide to assessing your cyber security strategy’ can be downloaded at www.thalescyberassurance.com. It contains further detailed guidance and practical advice for any organisation looking to test and improve its cyber security strategy.
– Ends –