Our dependency and use of information systems grows constantly. For this reason, focus on information security becomes more pivotal. Sensitive information, particularly when processed by businesses, needs to be safeguarded from internal and external threats.
Sophisticated threats launched on companies across all industries worldwide has become a common occurrence. To detect such threats, mitigate risk, and protect data, you need to focus on cyber security awareness. Moreover you need to adhere to compliance requirements.
Compliance rules are set in national and European legal frameworks as well as deriving from industry standards.
Let us help you implement a solid basis and share our best practices to counter such threats.
WE STRONGLY RECOMMEND THAT YOU DO NOT WAIT TO FALL VICTIM TO A NEGLIGENT OR MALICIOUS INCIDENT.
THE COST OF RECOVERING FROM AN INCIDENT FAR OUTWEIGHS THE COST OF BEING PROACTIVE.
The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) introduced the ISO/IEC 27000 family of standards. This standard focuses on information security management systems.
ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS). An ISMS provides you with a systematic approach to managing and securing your company’s sensitive information. By introducing such a framework, you would be covering people, processes and IT systems. You can then apply a risk management approach.
Irrespective of the size of your business, such a standard and approach can still apply to you. The standard can also be applied across all business sectors and scaled up or down as needed. You should consider having a framework in your organisation which covers your information security requirements.
D4n6 can assist you with establishing and/or reviewing your company policies to ensure that they are compliant with such standards. We can prepare you to achieve the ISO standard within this family that you aspire for as an attestation of your high standard of information security management.
EU Cybersecurity Act
10th December 2018 brought about the EU Cybersecurity Act. The Act aims to support Member States better with tackling cybersecurity threats and attacks. It establishes an EU framework for cybersecurity certification; boosting the cybersecurity of online services and consumer devices.
This framework identifies some key sectors of the economy such as energy, transport, health and banking – deeming them to be high risk. Organisations operating in these sectors are now obliged to put in place measures to prevent risks and handle cyber incidents more effectively.
In Malta, this means that certain entities have been identified as forming part of Malta’s national critical information infrastructure. These entities need to adhere to Legal Notice 216 of 2018. This Legal Notice establishes certain obligations in the information security space, due to the primary role of these entities in Malta’s economy.
At D4n6 we are proud to say that we already assist some of these companies in achieving the required measures. If you form part of the national critical information infrastructure or would like to learn more how to safeguard your digital posture, do get in touch.
Risk management is key in ensuring a robust structure within organisations. In this manner you can anticipate possible information security threats and breaches. We can help you prepare and address them before they can have any adverse consequences.
The first step is to conduct a cyber risk assessment to identify, analyse and evaluate your cyber security risks. This consists of a combination of analysis on the actual IT infrastructure and systems. We then proceed to assess possible vulnerabilities in your IT posture against your people, processes and the technologies used.
Cyber Risk Management can be conducted on companies of any size. Nowadays you need to be even more vigilant if you handle personal data as this is also a requirement emerging from data privacy in Europe.
Once risk assessments are conducted, the next step for you would be to develop a risk register. In this manner you can rank any identified vulnerabilities according to a risk matrix. This helps you prioritise what to work on and structure your reporting and planning accordingly.
We offer a suite of services in this regard ranging from risk assessments to client assistance with developing a risk register and ensure preparedness on dealing with threats.
INFORMATION SYSTEM AUDITS
Audits are performed by companies on a periodic basis. These serve as a test of the robustness of systems and processes. It is no different in the case of information system (IS) audits. These audits are mandatory in certain industries, particularly those which are regulated, such as the gaming and financial services sectors.
Why should you carry out such audits?
We all know that information systems have become integral to running businesses. Organisations depend on them for their business processes. You should look out for 3 key elements when conducting IS audits to ensure that:
- Systems remain available when required and are well protected against losses and disasters;
- Information is maintained in a confidential manner and accessed only on a need-only basis;
- Information is always accurate, integral, reliable and timely and not subjected to any unauthorised modification.
You should remember that information system audits are to be performed on a cyclical basis.
D4n6 can support organisations with a number of aspects in relation to audits ranging from pre-audit assessments and preparation to conducting the audit itself.