Important IT Security Requirements For Business Leaders (£)

Uploaded on 2016-05-10 in Directors Reports

The implementation of cyber security skills and IT security departments have significantly increased in the last eighteen months and it has become an important issue that business directors and especially CEOs, Financial Directors and of course CIOs and IT Directors need to fully understand.

One of the most important applications is the use of Penetration Tests, which help to understand the issues and vulnerabilities that the current IT systems have within an organisation and the connections and effectiveness of Cloud systems and the uses of BYOD (Bring Your Own Device). The objective of Penetration Systems is to comprehend the areas of weakness within your IT systems.

The issue that this process has raised is the lack of IT security skill talent and professionals that are available to most organisations. There is a real professional skills gap that needs filling and this is affecting most businesses currently but this information is not getting through to the Board as many IT departments do not want the potential disruption that this process would cause. IT Security jobs within most organisations are not being hired from outside but they are moving some of their internal staff into the roles without giving them the required and on-going IT security training.

When you IT security is hiring people for the business – are they intending to use and are they using Penetration Testing and are they ensuring their staff have a comprehensive and on-going training program that will help to ensure the IT security?

Every quarter the Board should be given a clear Report and Presentation of the IT security that is being undertaken within and around your organisation – ensuring the internal systems, the BYOD network and security requirements are being followed and improved upon.

The Penetration Test should be similar to the Financial Audit and it should, unlike the FT audit, not be set at a particular time of the year – it should be undertaken at random times that do not necessarily fit with the IT schedule and it should not be agreed with the IT departments but should be authorised by the CEO. It should go deeply into the current IT systems and the links to outside elements and completely understand the weaknesses and links that have or could be used to enter and break into the IT systems.

The people doing the testing must have an IT security background and be very up-to-date in their comprehension and understanding the current IT security issues and how to overcome them and improve the security internally.

A full map and comprehensive explanation of the systems should be securely kept and continually added and improved upon. This map should be used to explain and engage the Board so that they have a clear understanding and comprehension of the systems of issues that might affect them and what would be done if a security Hack and successful attack takes place.

It’s not just data and documents that can leak sensitive information about your business and customers. Many times human interaction is the culprit of some very damaging security breaches. Social engineering is an industry term when a fraudster uses relationship knowledge to gain access to information that would be otherwise unavailable.
Once again clear communication to your employees about what kind of information, if any, should be provided to outsiders without proper verification or permission, this could be reporters, competitors, salesmen or just criminals trying to steal from you.
The most important, and easiest, mitigation for this vulnerability is to communicate and enforce strong password practices with the applications you own. In many cases systems should require password resets every few months and at different times - this keeps fraudsters guessing.

« US National Intelligence Director Says Snowden Hastened Encryption By 7 Years
Cyber Revolution: A Big Step Change Business Leaders Need To Understand (£) »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Contrast Security

Contrast Security

Contrast Security is the leader in modernized application security, embedding code analysis and attack prevention directly into software.

SSH Communications Security

SSH Communications Security

SSH Communications Security is a leading provider of enterprise cybersecurity solutions for controlling trusted access to information systems and data.

Protegrity

Protegrity

Protegrity is an enterprise and cloud data security software for data-centric encryption and tokenization to protect sensitive data while maintaining usability.

Norton Rose Fulbright

Norton Rose Fulbright

Norton Rose Fulbright is a global business law firm. Practice areas include Data protection, Privacy and Cybersecurity.

SecurityScorecard

SecurityScorecard

SecurityScorecard provides the most accurate security ratings & continuous risk monitoring for vendor and third party risk management.

Ceerus

Ceerus

Ceerus was created to simplify the process of deploying and managing security across all the channels in an organisation.

CyberCareers.gov

CyberCareers.gov

CyberCareers.gov is a platform for Cybersecurity Job Seekers, Federal Hiring Managers and Supervisors, Current Federal Cybersecurity Employees, Students and Universities.

Data Destruction London

Data Destruction London

Data Destruction London offers fast, confidential and compliant expert data destruction services to businesses and organisations in London.

Bitcrack

Bitcrack

Bitcrack Cyber Security helps your company understand and defend your threat landscape using our key experience and skills in cybersecurity, threat mitigation and risk.

Precursor Security

Precursor Security

Precursor Security are information security specialist, delivering all aspects of Security testing, Cyber Risk Management, and Continuous Security Testing.

ESC - Enterprise Security Center

ESC - Enterprise Security Center

ESC is a system house specializing exclusively in IT security - Security Implementation & Optimization, Operations, Managed Security Services.

ProArch

ProArch

ProArch is a global team of multidisciplinary experts in cloud, infrastructure, data analytics, cybersecurity, compliance, and software development.

Circle Security

Circle Security

Circle’s breakthrough security API unifies solutions for identity and data security into one architecture and empowers organizations to secure their identity, data and privacy in their applications.

Camelot Secure

Camelot Secure

Camelot Secure Secure360 platform is a holistic redefinition of what world-class cybersecurity strategies can be. Prepare. Protect. Deploy.

Deloitte Denmark

Deloitte Denmark

Swift incident management, worldwide support, and advanced defense strategies ensure comprehensive recovery and enterprise security with our IR service.

Bitdefender Voyager Ventures (BVV)

Bitdefender Voyager Ventures (BVV)

Bitdefender Voyager Ventures is an early-stage investment vehicle focused on cybersecurity, data analytics and automation startups.