Keeping information safe and secure is an essential operation of every businesses.
At its core, information security is a business task – not the sole responsibility of IT or your security team – it is a whole-of-business responsibility incorporating legal, risk, IT and in fact, every user of information in your organisation.
Information security is everyone's responsibility.
Information security is NOT cyber-security, but rather a subset of information management. The hype around cyber-security can see many people, including cyber-security professionals, thinking information security is a domain of cyber.
The truth is that it’s the other way round – cyber-security is a set of standards to assist in protecting networks, devices and applications, and of course the information stored on each of those.
Cyber security exists to protect information.
Information protection exists to comply with regulation and keep company proprietary information safe.
Compliance exists because of governance built to protect a situation or the citizens of a member state or country.
Ask yourself these questions:
- Why do you need to protect data?
- What are the legal regulations and legislation that you are mandated to comply to?
- What are you trying to protect?
- Why is it valuable?
- What is sensitive?
- What is personally identifiable information?
- What are your ‘critical information assets’?
- Where do these critical information assets live?
- What are your systems?
- Are files shared?
- Who has access to them?
- What are their roles?
Only when you have answers to these questions can you truly plan and budget for your cyber-security needs.
Here's where we can help you
- Build an information governance framework outlining the regulations for your industry.
- Outline roles and responsibilities in your organisation regarding general usage, the information custodians, and who has accountability of the data and information.
- Perform an information audit to assess where your data is stored and what sensitive information exists within your data.
- Document your critical information assets using an asset register.
- Supply a data access governance audit showing who has access to what information.
- Assist you in building a security architecture that meets your specific information protection needs.
- Guide you in working with your cyber-security provider on aligning your specific needs to security frameworks (NIST, SOC, ISO)
- Develop solutions for data loss prevention and information rights management.
Before you purchase ANY cyber-security solution, talk to us first so we can set clear objectives on what you are aiming to protect and why you are protecting it.