Featured Product
This Week in Quality Digest Live
Management Features
Elliot Dratch
What’s your plan for growth?
Dawn Bailey
MESA’s business involves excavating and working on high-pressure pipelines carrying hydrocarbon liquids and gas
Kimberly Merriman
At issue are scant remote-work resources, updated policies on flexibility, and communication from leadership
Michael Lee Stallard
How important—and challenging—our human relationships can be
Carlos Valdes-Dapena
Follow these three simple rules to address team dysfunction

More Features

Management News
Siemens introduces PCBflow, a secure, cloud-based solution for accelerating design-to-manufacturing handoff for printed circuit boards
Includes global overview and new additive manufacturing section
Tech aggravation can lead to issues with employee engagement, customer experience, and business results
Harnessing the forces that drive your organizations success
Free education source for global medical device community
New standard for safe generator use created by the industry’s own PGMA with the assistance of industry experts
Provides synchronization, compliance, traceability, and transparency within processes
Galileo’s Telescope describes how to measure success at the top of the organization, translate down to every level of supervision
Too often process enhancements occur in silos where there is little positive impact on the big picture

More News

DNV GL

Management

IT Insecurity: It’s Not the Technology

It’s the people

Published: Wednesday, September 6, 2017 - 12:01

Sponsored Content

A new report by Jupiter Research says $8 trillion will be the price tag—within the next five years—of cyber attacks against businesses around the world. Hacks and other forms of digital theft are accelerating despite what would seem to be nonstop efforts by corporations to harden their networks with anti-virus software, network intrusion filters, virtual private networks, vulnerability testing, and all manner of expensive gadgets to keep the bad guys out.

Much of the risk escalation is due to the explosion in mobile devices that once were confined to personal use but now are ubiquitous in the modern workplace. And—let’s face it—the unfortunate fact that cyber crime does, all too often, actually pay. Very few digital intruders are ever caught. This makes prevention disproportionately vital, considering there is virtually no “cure” once the theft has occurred.

Despite all the dazzling technology being used to create information and then defend it, today’s best view of the IT insecurity problem can be found by looking in the mirror. Staring back is a smart, hard-working professional with a job to do. Doing a good job presents, on a daily basis, myriad natural risks to the security of sensitive business information within your own organization and spread across the data streams connecting your company to customers, suppliers, and business partners.

This is precisely the reason more organizations are embracing ISO 27001 certification.

“The greatest challenges to IT security are people, not technology,” says Vicky Hailey, president of The Victoria Hailey Group. “ISO 27001 is not another piece of software that will need upgrading in six months. This is a sustainable management system that forces you to understand your risks—human and technical—within your organization and across your supply chain.”

As any IT security professional will tell you, knowing your vulnerabilities is the first step in protecting your networks and your data. ISO 27001 certification takes that principle to an organizationwide level.

“With ISO 27001, IT security becomes a true business issue, not just a task for the IT department,” says Hailey.

The process of becoming certified to ISO 27001 is similar to the other ISO management systems standards, such as ISO 9001 for quality and ISO 14001 for environmental stewardship. The process involves an audit by an accredited certification body such as DNV GL, and culminates in the issuance of a certificate of compliance.

The kind of self-examination that organizations go through to prepare for their initial audit may in fact be the most thorough evaluation of their IT security profile they’ve ever had.

“Companies throw money and technology at the problem and think that’s it, problem solved,” says Hailey. “The more they spend, the stronger they think their defenses are. Until an employee leaves a laptop in a taxicab, or a busy executive clicks on a spearfishing email. All that money on ‘defense’ has only left you poorer for the difficult task of recovering the data or fighting off a lawsuit.”

Which leads to one of the less known advantages of ISO 27001 certification: Recovering from a disaster.

In today’s connected economy, network disasters are not always digital. Natural disasters in the form of fire, floods, hurricanes, tornadoes, and lightning strikes can cripple sensitive electronics.

“I know of a major company that suffered a catastrophic fire that burned its systems integration facility to the ground,” says Hailey. “The company had received ISO 27001 certification six months before the fire. And based on the disciplines and procedures it adopted as part of their certification, it had its systems back up and running within two weeks, four times faster than it otherwise would.”

This example illustrates the real, bottom-line value of ISO 27001 certification: Better preparation and faster recovery in the event of a problem.

On Thursday, Sept. 14, 2017, join Violet Masoud, director of sales - management system certification, for DNV GL Business Assurance North America; and Victoria (Vicky) Hailey of The Victoria Hailey Group (VHG), a certified management consulting and lead auditing firm, for the webinar, “Unravelling the Complexity of Information Security Certifications," beginning at 8 a.m. Pacific and 11 a.m. Eastern. Register here.

Discuss

About The Author

DNV GL’s picture

DNV GL

DNV GL enables organizations to advance the safety and sustainability of their business. It provides classification, technical assurance, software, and independent expert advisory services to the maritime, oil and gas, and energy industries. It also provides certification services to customers across a wide range of industries. Combining leading technical and operational expertise, risk methodology, and in-depth industry knowledge, it empowers its customers’ decisions and actions with trust and confidence. It continuously invests in research and collaborative innovation to provide customers and society with operational and technological foresight. Operating in more than 100 countries, its professionals are dedicated to helping customers make the world safer, smarter, and greener.