Featured Product
This Week in Quality Digest Live

More Videos

Management Features
Stay In Your Lane: How to Compete In a Saturated Market
Megan Wallin-Kerth
MasterControl’s Matt Lowe talks competition, data, and what quality does for a company
Do You Think Inside the Box, Outside the Box, or at the Edge of the Box?
Akhilesh Gulati
To solve thorny problems, you can’t have either a purely internal or external view
Addressing the Skills Gap With Help From Purdue University
Ashley Hixson
Partnership with Hexagon’s Manufacturing Intelligence division provides employable metrology skills
Why Managers Are Kinder to Women in Workplace Reviews
Lily Jampol
Here’s why that’s a problem
Low-Cost Fix for Tech’s Diversity Problem
Krysten Crawford
Stanford researchers designed a program to accelerate hiring for minorities and women

More Features

Management News
MIT Sloan Executive Education Introduces New Women’s Leadership Program
Provides opportunities to deepen leadership capabilities
Who Is at the Highest Risk of Being Hacked?
A cybersecurity expert offers guidance
Sunnen Acquires Hommel Präzision
Former service partner provides honing and deep-hole drilling solutions
Study Reveals Employers’ Awareness of Inability to Meet Worker Demands
Employers need to turn awareness into action
Siemens Teamcenter Now Available on Google Cloud
Connects people and processes across functional silos with a digital thread for innovation
Innovative Employer Engagement Process Establishes Effective On-the-Job Training
Here are five easy steps
CESMII and SME Form Smart Manufacturing Executive Council
Better manufacturing processes require three main strategies
Teaching Computers to Read ‘Industry Lingo’
Technical vs. natural language processing
X-Rite and Pantone Win Pinnacle InterTech Award With Mantis Video Targeting Technology for eXact 2
Recognized as best-in-class industry technology by Printing United Alliance

More News

DNV GL

Management

IT Insecurity: It’s Not the Technology

It’s the people

Published: Wednesday, September 6, 2017 - 12:01

Sponsored Content

A new report by Jupiter Research says $8 trillion will be the price tag—within the next five years—of cyber attacks against businesses around the world. Hacks and other forms of digital theft are accelerating despite what would seem to be nonstop efforts by corporations to harden their networks with anti-virus software, network intrusion filters, virtual private networks, vulnerability testing, and all manner of expensive gadgets to keep the bad guys out.

Much of the risk escalation is due to the explosion in mobile devices that once were confined to personal use but now are ubiquitous in the modern workplace. And—let’s face it—the unfortunate fact that cyber crime does, all too often, actually pay. Very few digital intruders are ever caught. This makes prevention disproportionately vital, considering there is virtually no “cure” once the theft has occurred.

Despite all the dazzling technology being used to create information and then defend it, today’s best view of the IT insecurity problem can be found by looking in the mirror. Staring back is a smart, hard-working professional with a job to do. Doing a good job presents, on a daily basis, myriad natural risks to the security of sensitive business information within your own organization and spread across the data streams connecting your company to customers, suppliers, and business partners.

This is precisely the reason more organizations are embracing ISO 27001 certification.

“The greatest challenges to IT security are people, not technology,” says Vicky Hailey, president of The Victoria Hailey Group. “ISO 27001 is not another piece of software that will need upgrading in six months. This is a sustainable management system that forces you to understand your risks—human and technical—within your organization and across your supply chain.”

As any IT security professional will tell you, knowing your vulnerabilities is the first step in protecting your networks and your data. ISO 27001 certification takes that principle to an organizationwide level.

“With ISO 27001, IT security becomes a true business issue, not just a task for the IT department,” says Hailey.

The process of becoming certified to ISO 27001 is similar to the other ISO management systems standards, such as ISO 9001 for quality and ISO 14001 for environmental stewardship. The process involves an audit by an accredited certification body such as DNV GL, and culminates in the issuance of a certificate of compliance.

The kind of self-examination that organizations go through to prepare for their initial audit may in fact be the most thorough evaluation of their IT security profile they’ve ever had.

“Companies throw money and technology at the problem and think that’s it, problem solved,” says Hailey. “The more they spend, the stronger they think their defenses are. Until an employee leaves a laptop in a taxicab, or a busy executive clicks on a spearfishing email. All that money on ‘defense’ has only left you poorer for the difficult task of recovering the data or fighting off a lawsuit.”

Which leads to one of the less known advantages of ISO 27001 certification: Recovering from a disaster.

In today’s connected economy, network disasters are not always digital. Natural disasters in the form of fire, floods, hurricanes, tornadoes, and lightning strikes can cripple sensitive electronics.

“I know of a major company that suffered a catastrophic fire that burned its systems integration facility to the ground,” says Hailey. “The company had received ISO 27001 certification six months before the fire. And based on the disciplines and procedures it adopted as part of their certification, it had its systems back up and running within two weeks, four times faster than it otherwise would.”

This example illustrates the real, bottom-line value of ISO 27001 certification: Better preparation and faster recovery in the event of a problem.

On Thursday, Sept. 14, 2017, join Violet Masoud, director of sales - management system certification, for DNV GL Business Assurance North America; and Victoria (Vicky) Hailey of The Victoria Hailey Group (VHG), a certified management consulting and lead auditing firm, for the webinar, “Unravelling the Complexity of Information Security Certifications," beginning at 8 a.m. Pacific and 11 a.m. Eastern. Register here.

Discuss

About The Author

DNV GL’s picture

DNV GL

DNV GL enables organizations to advance the safety and sustainability of their business. It provides classification, technical assurance, software, and independent expert advisory services to the maritime, oil and gas, and energy industries. It also provides certification services to customers across a wide range of industries. Combining leading technical and operational expertise, risk methodology, and in-depth industry knowledge, it empowers its customers’ decisions and actions with trust and confidence. It continuously invests in research and collaborative innovation to provide customers and society with operational and technological foresight. Operating in more than 100 countries, its professionals are dedicated to helping customers make the world safer, smarter, and greener.