Featured Video
This Week in Quality Digest Live
Management Features
Annette Franz
Serving those who serve
Eric Stoop
How does your organization score?
Jesse Lyn Stoner
Seven tips to say it quick and make it stick
Dirk Dusharme @ Quality Digest
Christmas is creeping, should a four-year degree really be the minimum requirement, and what we learn from Disneyland
Davis Balestracci
Expand your quality role and help others understand theirs

More Features

Management News
125 strategies to achieve maximum confidence, clarity, certainty, and creativity
MIT awards more than $1 million to organizations creating greater economic opportunity for workers
Earn continuing education units
If you want to understand a system, try and change it
How to engage, retain, and develop talent for maximum performance
Eastern Michigan University offers program in managing quality and continuous improvement

More News

DNV GL

Management

IT Insecurity: It’s Not the Technology

It’s the people

Published: Wednesday, September 6, 2017 - 11:01

Sponsored Content

A new report by Jupiter Research says $8 trillion will be the price tag—within the next five years—of cyber attacks against businesses around the world. Hacks and other forms of digital theft are accelerating despite what would seem to be nonstop efforts by corporations to harden their networks with anti-virus software, network intrusion filters, virtual private networks, vulnerability testing, and all manner of expensive gadgets to keep the bad guys out.

Much of the risk escalation is due to the explosion in mobile devices that once were confined to personal use but now are ubiquitous in the modern workplace. And—let’s face it—the unfortunate fact that cyber crime does, all too often, actually pay. Very few digital intruders are ever caught. This makes prevention disproportionately vital, considering there is virtually no “cure” once the theft has occurred.

Despite all the dazzling technology being used to create information and then defend it, today’s best view of the IT insecurity problem can be found by looking in the mirror. Staring back is a smart, hard-working professional with a job to do. Doing a good job presents, on a daily basis, myriad natural risks to the security of sensitive business information within your own organization and spread across the data streams connecting your company to customers, suppliers, and business partners.

This is precisely the reason more organizations are embracing ISO 27001 certification.

“The greatest challenges to IT security are people, not technology,” says Vicky Hailey, president of The Victoria Hailey Group. “ISO 27001 is not another piece of software that will need upgrading in six months. This is a sustainable management system that forces you to understand your risks—human and technical—within your organization and across your supply chain.”

As any IT security professional will tell you, knowing your vulnerabilities is the first step in protecting your networks and your data. ISO 27001 certification takes that principle to an organizationwide level.

“With ISO 27001, IT security becomes a true business issue, not just a task for the IT department,” says Hailey.

The process of becoming certified to ISO 27001 is similar to the other ISO management systems standards, such as ISO 9001 for quality and ISO 14001 for environmental stewardship. The process involves an audit by an accredited certification body such as DNV GL, and culminates in the issuance of a certificate of compliance.

The kind of self-examination that organizations go through to prepare for their initial audit may in fact be the most thorough evaluation of their IT security profile they’ve ever had.

“Companies throw money and technology at the problem and think that’s it, problem solved,” says Hailey. “The more they spend, the stronger they think their defenses are. Until an employee leaves a laptop in a taxicab, or a busy executive clicks on a spearfishing email. All that money on ‘defense’ has only left you poorer for the difficult task of recovering the data or fighting off a lawsuit.”

Which leads to one of the less known advantages of ISO 27001 certification: Recovering from a disaster.

In today’s connected economy, network disasters are not always digital. Natural disasters in the form of fire, floods, hurricanes, tornadoes, and lightning strikes can cripple sensitive electronics.

“I know of a major company that suffered a catastrophic fire that burned its systems integration facility to the ground,” says Hailey. “The company had received ISO 27001 certification six months before the fire. And based on the disciplines and procedures it adopted as part of their certification, it had its systems back up and running within two weeks, four times faster than it otherwise would.”

This example illustrates the real, bottom-line value of ISO 27001 certification: Better preparation and faster recovery in the event of a problem.

On Thursday, Sept. 14, 2017, join Violet Masoud, director of sales - management system certification, for DNV GL Business Assurance North America; and Victoria (Vicky) Hailey of The Victoria Hailey Group (VHG), a certified management consulting and lead auditing firm, for the webinar, “Unravelling the Complexity of Information Security Certifications," beginning at 8 a.m. Pacific and 11 a.m. Eastern. Register here.

Discuss

About The Author

DNV GL’s picture

DNV GL

DNV GL enables organizations to advance the safety and sustainability of their business. It provides classification, technical assurance, software, and independent expert advisory services to the maritime, oil and gas, and energy industries. It also provides certification services to customers across a wide range of industries. Combining leading technical and operational expertise, risk methodology, and in-depth industry knowledge, it empowers its customers’ decisions and actions with trust and confidence. It continuously invests in research and collaborative innovation to provide customers and society with operational and technological foresight. Operating in more than 100 countries, its professionals are dedicated to helping customers make the world safer, smarter, and greener.