Featured Video
This Week in Quality Digest Live
Management Features
M. Berk Talay
The automaker has been handsomely rewarded for its decades of investment in the best-selling vehicle
Jon Speer
Avoid jeopardizing the health of your QMS
Megan Ray Nichols
Five approaches for addressing the shortage
Dirk Dusharme @ Quality Digest
Smart factories, smart software, smarter people

More Features

Management News
Preparing your organization for the new innovative culture
Standard recognizes that everyone is critical to a successful quality management process.
Pharma quality teams will have performance-oriented objectives as well as regulatory compliance goals
Management's role in improving work climate and culture
Work with and learn from some of the nation’s best people and organizations
Cricket Media and IEEE team up to launch TryEngineering Together
125 strategies to achieve maximum confidence, clarity, certainty, and creativity
MIT awards more than $1 million to organizations creating greater economic opportunity for workers

More News



IT Insecurity: It’s Not the Technology

It’s the people

Published: Wednesday, September 6, 2017 - 12:01

Sponsored Content

A new report by Jupiter Research says $8 trillion will be the price tag—within the next five years—of cyber attacks against businesses around the world. Hacks and other forms of digital theft are accelerating despite what would seem to be nonstop efforts by corporations to harden their networks with anti-virus software, network intrusion filters, virtual private networks, vulnerability testing, and all manner of expensive gadgets to keep the bad guys out.

Much of the risk escalation is due to the explosion in mobile devices that once were confined to personal use but now are ubiquitous in the modern workplace. And—let’s face it—the unfortunate fact that cyber crime does, all too often, actually pay. Very few digital intruders are ever caught. This makes prevention disproportionately vital, considering there is virtually no “cure” once the theft has occurred.

Despite all the dazzling technology being used to create information and then defend it, today’s best view of the IT insecurity problem can be found by looking in the mirror. Staring back is a smart, hard-working professional with a job to do. Doing a good job presents, on a daily basis, myriad natural risks to the security of sensitive business information within your own organization and spread across the data streams connecting your company to customers, suppliers, and business partners.

This is precisely the reason more organizations are embracing ISO 27001 certification.

“The greatest challenges to IT security are people, not technology,” says Vicky Hailey, president of The Victoria Hailey Group. “ISO 27001 is not another piece of software that will need upgrading in six months. This is a sustainable management system that forces you to understand your risks—human and technical—within your organization and across your supply chain.”

As any IT security professional will tell you, knowing your vulnerabilities is the first step in protecting your networks and your data. ISO 27001 certification takes that principle to an organizationwide level.

“With ISO 27001, IT security becomes a true business issue, not just a task for the IT department,” says Hailey.

The process of becoming certified to ISO 27001 is similar to the other ISO management systems standards, such as ISO 9001 for quality and ISO 14001 for environmental stewardship. The process involves an audit by an accredited certification body such as DNV GL, and culminates in the issuance of a certificate of compliance.

The kind of self-examination that organizations go through to prepare for their initial audit may in fact be the most thorough evaluation of their IT security profile they’ve ever had.

“Companies throw money and technology at the problem and think that’s it, problem solved,” says Hailey. “The more they spend, the stronger they think their defenses are. Until an employee leaves a laptop in a taxicab, or a busy executive clicks on a spearfishing email. All that money on ‘defense’ has only left you poorer for the difficult task of recovering the data or fighting off a lawsuit.”

Which leads to one of the less known advantages of ISO 27001 certification: Recovering from a disaster.

In today’s connected economy, network disasters are not always digital. Natural disasters in the form of fire, floods, hurricanes, tornadoes, and lightning strikes can cripple sensitive electronics.

“I know of a major company that suffered a catastrophic fire that burned its systems integration facility to the ground,” says Hailey. “The company had received ISO 27001 certification six months before the fire. And based on the disciplines and procedures it adopted as part of their certification, it had its systems back up and running within two weeks, four times faster than it otherwise would.”

This example illustrates the real, bottom-line value of ISO 27001 certification: Better preparation and faster recovery in the event of a problem.

On Thursday, Sept. 14, 2017, join Violet Masoud, director of sales - management system certification, for DNV GL Business Assurance North America; and Victoria (Vicky) Hailey of The Victoria Hailey Group (VHG), a certified management consulting and lead auditing firm, for the webinar, “Unravelling the Complexity of Information Security Certifications," beginning at 8 a.m. Pacific and 11 a.m. Eastern. Register here.


About The Author

DNV GL’s picture


DNV GL enables organizations to advance the safety and sustainability of their business. It provides classification, technical assurance, software, and independent expert advisory services to the maritime, oil and gas, and energy industries. It also provides certification services to customers across a wide range of industries. Combining leading technical and operational expertise, risk methodology, and in-depth industry knowledge, it empowers its customers’ decisions and actions with trust and confidence. It continuously invests in research and collaborative innovation to provide customers and society with operational and technological foresight. Operating in more than 100 countries, its professionals are dedicated to helping customers make the world safer, smarter, and greener.