In the previous blogs, we talked about various mandatory requirements bringing corporate attention to compliance issues. In the light of evolving cyber security threats, business may want to take this opportunity to conduct a cyber security audit. The audit functions as:
- an integral role in assessing and identifying opportunities to strengthen enterprise security.
- a duty to inform the audit committee and board of directors that the controls for which they are responsible are in place and functioning correctly, a growing concern across boardrooms as directors face potential legal and financial liabilities.
ISO/IEC standards such as the ISO/IEC 27000-series for information security management system (ISMS) are useful benchmarks for the framework.
- The standard is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to provide a globally recognized framework for the best practice of security management.
- It is deliberately broad in scope, covering more than just privacy, confidentiality and cyber security issues.
- The most popular standard amongst the 27000 series is the ISO 27001, which outlines the requirements of an ISMS, also provides an independently audited certification for organizations that went through the audit.
Most important of all, the ISO/IEC 27001 benchmarks requirements for ISMS is a systematic approach to managing sensitive company information so that it remains secure.
- IT systems
- organisations manage, monitor and improve their information security in one place
- small, medium and large businesses in any sector keep information assets secure. (source: ISO www.iso.org )
If your organization is not ready to hire independent auditors to conduct a security audit yet, performing a risk assessment is a way to go.