Ensure you have the right protection for your business, today and in the future.

Information is viewed as the ‘new currency’ and organised crime is of course taking an unhealthy interest. If that isn’t enough,  external perimeter defences may be sound, but insider threats from disgruntled employees are often overlooked.

Security Strategy and Roadmap

The role of a security strategy is to align company security and business goals, provide a common security program framework to focus efforts and optimise compliance efforts, and ultimately use security as a business enabler.

An Information Security Strategy and Roadmap assist an organisation in building a complete unified information security program or  individual elements within an existing security program (e.g., Incident Management Program or Threat & Vulnerability Management Program) to guide security efforts.

A sound framework provides a solid foundation for a security program built upon risk management principles and achieving compliance with industry and governmental requirements.

Why does an organisation need an effective Security Strategy?

With technology rapidly evolving, organizational security requirements may not be integrated in a company’s planning and design standards, resulting in technology and practices that are not aligned with existing efforts or future company initiatives. With the advent of wireless and mobile networking, Web 2.0, globalisation, feature-rich applications, and much more data being collected, analysed, and shared than ever before, security is sometimes an afterthought and can leave an enterprise vulnerable to attack from outside or from within. These attacks can compromise enterprise business processes, result in fraud and theft of trade secrets, and undermine a company’s reputation with its customers.

In addition to pressures from possible attackers, regulatory pressures are expanding the requirements for information security and can impact different portions of the company in various ways.

To make sense of all these threats and regulations, and to ensure that your company’s information security program meets its requirements across the board, it is vital to have one enterprise security strategy and one information security framework. Putting in a solid foundational program is the first step in unifying your information security approach, proceeding with one clear plan, and implementing controls in a logical and efficient manner. Roadmaps can help focus efforts and plan budgets to ensure timelines are met with efficient expenditure of resources.

An enterprise-wide security strategy and framework also has the effect of unifying the security efforts of multiple stakeholders in a large or highly distributed enterprise, across affiliate organisations, and between lines of business and IT. In addition, taking this type of structured, enterprise-wide approach also enables firms to undergo acquisition, and divestiture, activities much more smoothly.

Why should an organisation perform a regular Information Security HealthCheck?

Establishing and maintaining well-defined and comprehensive Information Security HealthCheck regime will support your businesses goals and objectives. To be effective, an Information Security HealthCheck needs to be supported by manageable enforcement processes.

A successful Information Security HealthCheck balances the demands of security against the demands of individual business units within an organisation.

With the Information Security HealthCheck your organisation can quickly determine which policies and procedures you currently have in place and the status of each one of them.

The Information Security HealthCheck will help your organisation develop enterprise-wide programs that meet both organisational objectives and regulatory requirements. These programs should institute appropriate risk management practices that deliver a favorable return on investment.

Organisations that regularly perform an Information Security HealthCheck will ensure that gaps in incident management are identified and will offer recommendations that will enable them to build a better, more effective incident response and management program.

iDatasec – Changing the Threat Landscape

iDatasec have developed a detailed service catalogue in assisting an organisation with performing an Information Security HealthCheck. There are a number of categories of assessments that provide a holistic view of an organisation’s Information Security Posture.

Vulnerability Assessments

Threats cannot impact assets unless the assets are vulnerable to the specific threats. Mitigating controls may be in place, reducing the likelihood of a threat exploiting a given asset. Understanding the types of vulnerabilities that exist on critical assets is a key step in risk assessment.  Comprehensive information security programs require that every asset has protective measures in the areas of prevention, detection and response

Penetration Tests

Infrastructure and applications are a major point of vulnerability in organisations today. These vulnerabilities have resulted in the theft of millions of credit card details, major financial and reputational damage for hundreds of enterprises, and even the compromise of hundreds of thousands of computers.

The iDatasec Information Security HealthCheck penetration testing services allow for an understanding of the context behind potential attacks. The services provide an understanding of the real-life implications of exploitation.

By knowing the vulnerabilities and potential penetration points, organisations can mitigate attacks. General security practitioners, as well as web site designers, architects, and developers, will benefit from learning the current security posture of the infrastructure and applications which are under consideration in the Information Security HealthCheck.