What is Information Security ?

According to SANS … 

“Information Security refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.“

Here at Cy.Pro.Tek we like to think of it this way …

In today’s electronically connected world, everyone wants (and needs) the ability to have access to information and services and be able to communicate electronically, complete online transactions and so on. 

With each technological step forward the need to ensure the Confidentiality, Integrity and Availability (C - I - A) of your data, your customers data and the digital services being accessed, becomes ever more important as threats become more advanced.

SECURITY of INFORMATION is key - the processes, tools and techniques put in place will define how seriously every business, and every individual, thinks about these challenges.

Not a business or enterprise ? Click HERE to check out our Private Client services.

If you are a business, read on …

What is C - I - A ?

Confidentiality - this refers to ensuring that data, or information, is only accessible to those who have the rightful need to access it.

Integrity - steps taken to ensure that information has not been inappropriately modified or tampered with.

Availability - measures adopted to ensure that authorised users of the data have access to it when they need it.

What should businesses do first ?

There are plenty of software and hardware tools businesses can adopt to help address the C-I-A requirements - including firewalls, anti-virus / anti-malware, password controls etc..

What tooling to buy should not be your biggest concern from the outset.

You need to understand the risks in your environment, how they relate to C-I-A and the implications for your service, your data, and your customers data, should things go wrong.

Only from understanding the risks will you be able to tackle the important security issues in a managed, methodical and prioritised way.

To implement information security successfully across your business - and for it to become an enabler of business delivery and business change - it needs to become part of the DNA of how you work and what you do.

Many businesses choose to implement point-solutions - a bit like a sticking plaster - to try and address specific problems. Whilst this may be effective in the short term, it usually leads to a disjointed and poorly integrated set of defences.

Management Systems

A common approach, and one we advocate, is for businesses to consider implementation of a Management System.

Such systems can help identify threats and vulnerabilities, contextualise the risks inherent within the business operation, help define treatment options and put in place practical policies, procedures, processes and controls to address and mitigate the risks. 

This may all sound like a bit of a headache but it needn’t be.

Industry standard management systems can be implemented which can lead towards formal certification and in turn could help promote your business as one which takes security seriously. 

Whilst most businesses recognise the importance of information security, for some the implementation of a full-blown management system may be overly complex and 

an aspiration they cannot attain.

We at Cy.Pro.Tek understand and agree.

The good practices and approaches used within these management systems make an excellent foundation for a lighter approach which provides much of the same benefits at a fraction of the implementation effort.

Want to know more ?

and see how we can help you become more risk-aware and secure.