Software, hardware, cloud, hybrid, managed solutions and services to protect and defend the information trusted to an enterprise by its customers; the enterprise’s own valuable information assets; and the reliable operation of their IT infrastructure to ensure business continuity.
IT Security, Information Security or Information Assurance, is about taking care of the information within your customer’s organisation, and ensuring that their business can continue to operate and survive any accidental or malicious attacks on the information or IT systems.
Valuable information within an organisation would typically include customer and commercial information, perhaps also intellectual property. This information is at risk, and every organisation experiences accidental leaks by internal staff or processes. This is ever more pertinent given the plethora of new tools and working practices employed by organisations today, from cloud and social media applications, to new mobile devices.
Deliberate theft or destruction by less than loyal employees or ex-employees is also a real and commonplace occurrence. Witnessed today with greatly increasing frequency, scope and volume, the theft or destruction of information by external parties is now a serious issue for all organisations large or small, originating from organised crime, activists, foreign governments and unscrupulous competitors.
There is also the responsibility of information held about customers or on their behalf, and the duties an organisation has to ensure it is also kept safe. Your customers need to have faith in your knowledge, ability and competency, or they may not remain customers for too long. Reputational damage can also prove costly, and often fatal for businesses.
Your customer’s critical IT systems are of course imperative for their organisation’s continued operation, existence and success. The loss of these, even temporarily, will directly impact their business, and in many cases can prove terminal.
Particularly for the information held about customers, there are a number of safeguards that they are required to implement to protect it. The Data Protection Act applies if they are holding any information about individuals, enforced by the Information Commissioners Office with significant penalty fines. If they are processing payment cards, then PCI DSS compliance is a must, with hefty fines from the credit card companies if they are not meeting their minimum care requirements.
For an organisation’s information and health, information security is a critical risk responsibility for corporate governance, but increasingly a pre-requisite for doing business at all in many areas. There are published a number of assistive guidelines, or ‘frameworks’ to help guide organisations in putting protections in place, as well as different product certification schemes to ensure effectiveness. Some of these are led by governments, some of them independent, and some more commercially oriented. Most if not all are useful, some they will need. They range from covering basic first steps and minimum requirements, such as Cyber Essentials, to the more comprehensive or quite detailed such as 10 Steps to Cyber Security, ISO27001, SANS 20 Critical Security Controls, NIST Security Controls and CyberSecurity Framework, ISFOGP, IASME, COBIT 5, ITIL, just to get you started.