Norm presents The Forgotten Middle Brochure - Flipbook - Page 15
14
15
Selective investment in
advanced technologies
The sophisticated nature of cyber threats and the sheer speed at which
they appear mean that you will need to invest in cyber security solutions
that have been specifically designed to combat advanced threats. It can
be difficult to know which tools to invest in, which is why it’s so important to
know what it is you need to protect. You will also want to consider how these
technologies will be managed; some cyber security products generate a lot of
“noise” in the form of alerts and notifications, and it requires experience and
skill to recognise what you really need to worry about and what they mean
in the context of your whole technology estate. A managed cyber security
service can alleviate much of the burden of acquiring these technologies and
managing them in-house.
Be ready to respond
No matter how robust your cyber security defence is, there is always the
possibility that you will be breached. Preparation is essential to making sure
that the ramifications of a breach are contained and minimised as much as
possible. This means that you need to have a cyber security incident response
plan in place which identifies the key people, teams and procedures required
to make the necessary decisions and act upon them. These people can be
either internal or external specialists, but must have the necessary technical,
operational, and legal expertise. If you don’t already have an incident response
plan, you can use our guide to creating one as a starting point.
*Whoever took the missing piece of our pie will never have curly hair…
Formalising your cyber risk strategy
In addition to the measures above, there are a number of certifications and accreditations that you can use to
formalise your cyber risk strategy and provide assurance that you take the protection of data and online assets
seriously. If you decide to go down this route, you will most likely want to consider:
Cyber Essentials
ISO 27001
A self-assessed certification demonstrating that an
organisation is committed to protecting its online assets
and the privacy of its employees and customers.
ISO/IEC 27001:2013 (also known as ISO 27001) is the
international standard that sets out the specification for
an information security management system (ISMS).
Cyber Essentials Plus
It’s a best practice approach to helping organisations
manage their information security by addressing three
fundamental pillars – people, processes and technology.
A more in-depth version of the Cyber Essentials
certification which has been independently audited
and verified by cyber security experts.
As an independently accredited certification,
ISO 27001 is globally acknowledged as evidence
that an organisation takes cyber security seriously
and adheres to recognised best practices.
IASME Governance
An affordable and achievable alternative to the
international standard, ISO 27001. It allows small and
midsize companies to demonstrate the cyber security
controls they have in place to protect customer, partner
and employee data at a reasonable cost.