Aimed at helping businesses to audit and improve their cyber security regimes, the report – entitled: ‘A practical guide to assessing your cyber security strategy’ – provides end user organisations with a framework for assessing their level of risk, identifying gaps in approach and tightening cyber security measures.
Ross Parsell, director of cyber strategy at Thales UK, commented: “Last year, the cost of cyber crime to the UK economy was estimated to be GB pound 27 billion. The volume and scale of attacks shows no sign of slowing down. While most organisations have already embarked on a cyber security strategy, resources are often misallocated into areas that fail to protect the organisation. Our report identifies what CIOs and security professionals should be thinking about when assessing the sophistication and effectiveness of their own organisation’s cyber security strategy.”
The report addresses the four areas of a business that can be worst affected by cyber crime: communications, infrastructure, people and information. It advises organisations who wish to mitigate the risk posed by increasingly large-scale and sophisticated cyber attacks to ensure that they’re allocating their investment in cyber security appropriately, not over-protecting non-sensitive data or under-protecting what’s best described as business-critical data.
Parsell continued: “We have developed this guide in response to the very sizeable and tangible cyber crime threat facing businesses in 2012. We hope those with the heavy burden of developing and executing cyber security strategies will be able to use this framework to ‘stress test’ cyber security measures which may already be in place across the business.”
He added: “The report also contains practical guidance on implementing cyber security Best Practice and suggests new ways of protecting sensitive data while remaining open for business and connected with customers.”
Protecting critical networks and information
Guidance is offered on best ways of protecting the most critical networks and information from the risk of attack, and there’s information on the practical steps businesses must take to achieve these goals.
Securing information
Information is the lifeblood of any organisation. Some businesses are built solely on the value of their information, while others hold critical information and data that, if compromised, would present a significant risk to the organisation and its customers.
- conduct an information audit to categorise information by value
- review the governance of information security in your organisation
- consider the impact of the organisation’s culture on information security
Securing people
Often, organisations focus their employee security on providing staff with procedures and guidelines on their responsibilities to keep the organisation secure, yet businesses also have a Duty of Care to protect those employees and their security.
- ensure your business is well-versed on the relevant legislative conditions that you should operate within
- roll out identity-based access to information to ensure that people only access data they are authorised to view
- evaluate your identity management needs
- audit the way in which you regulate personal IT in the workplace, and for home workers, to ensure that staff and the organisation are protected
Securing communications
Secure communication internally and externally is underpinned by policy and procedures.
- communicate your cyber security strategy and information audit in a secure manner
- invest in enterprise encryption to mitigate the risk of IP theft and data loss
Securing infrastructure
As managed hosting, offsite disaster recovery and outsourced storage facilities continue to be used by organisations looking to make cost efficiencies, so businesses must ensure that their supply chain remains secure.
- conduct an audit of service providers that you have relationships with and measure their levels of security
- review your Service Level Agreements (SLAs)
- monitor critical networks
- review your information storage security
Copies of ‘A practical guide to assessing your cyber security strategy’ can be downloaded direct from the Thales website