Aimed at helping businesses to audit and improve their cyber security regimes, the report – entitled: ‘A practical guide to assessing your cyber security strategy’ – provides end user organisations with a framework for assessing their level of risk, identifying gaps in approach and tightening cyber security measures.
Ross Parsell, director of cyber strategy at Thales UK, commented: “Last year, the cost of cyber crime to the UK economy was estimated to be GB pound 27 billion. The volume and scale of attacks shows no sign of slowing down. While most organisations have already embarked on a cyber security strategy, resources are often misallocated into areas that fail to protect the organisation. Our report identifies what CIOs and security professionals should be thinking about when assessing the sophistication and effectiveness of their own organisation’s cyber security strategy.”
The report addresses the four areas of a business that can be worst affected by cyber crime: communications, infrastructure, people and information. It advises organisations who wish to mitigate the risk posed by increasingly large-scale and sophisticated cyber attacks to ensure that they’re allocating their investment in cyber security appropriately, not over-protecting non-sensitive data or under-protecting what’s best described as business-critical data.
Parsell continued: “We have developed this guide in response to the very sizeable and tangible cyber crime threat facing businesses in 2012. We hope those with the heavy burden of developing and executing cyber security strategies will be able to use this framework to ‘stress test’ cyber security measures which may already be in place across the business.”
He added: “The report also contains practical guidance on implementing cyber security Best Practice and suggests new ways of protecting sensitive data while remaining open for business and connected with customers.”
Protecting critical networks and information
Guidance is offered on best ways of protecting the most critical networks and information from the risk of attack, and there’s information on the practical steps businesses must take to achieve these goals.
Securing information
Information is the lifeblood of any organisation. Some businesses are built solely on the value of their information, while others hold critical information and data that, if compromised, would present a significant risk to the organisation and its customers.
Securing people
Often, organisations focus their employee security on providing staff with procedures and guidelines on their responsibilities to keep the organisation secure, yet businesses also have a Duty of Care to protect those employees and their security.
Securing communications
Secure communication internally and externally is underpinned by policy and procedures.
Securing infrastructure
As managed hosting, offsite disaster recovery and outsourced storage facilities continue to be used by organisations looking to make cost efficiencies, so businesses must ensure that their supply chain remains secure.
Copies of ‘A practical guide to assessing your cyber security strategy’ can be downloaded direct from the Thales website
