 |
At Integris Security we're asking the question who do you have protecting your data and your information? What's your risk tolerance?
Do you have an army of security professionals that are well trained and well informed? If you are new to your environment have you conducted a full audit and/or do you have a full audit program in place? Are you truly ready for a Red Team to come in and test your defenses?
If you're not scanning, testing and performing a critical analysis of your systems, people and workplace, then you just aren't testing and might as well leave the front doors open, leave the userid's and passwords on the desk all day long and don't purchase another defensive tool.
At Integris Security we perform system scanning as a good low level way to reveal vulnerabilities and to create of punch list to work on. We conduct penetration testing because it takes testing several steps deeper and provides a full analysis on what's going on inside your environment. But while all of these things are good they are really not good enough. A network topology and architecture review would also be a great start but still not good enough. You need to understand your risk tolerance. In order to do this you need to understand your total environment.
An ISO 27001 certification is a top/down inside look at your environment.
If you're sitting on a board of a company it should be something you have in your binder and it needs to be maintained annually with weekly, monthly, quarterly, semi annual and annual updates. This is a fact driven file that all discussions emanate from. This certification is something every new CEO should be given once the keys to the kingdom are in his/her hands. Every single discussion concerning future enhanced functions coming into a company need to flow from this certification.
Consider if you would driving a car without knowlege of how much gas you have left, whether or not you know if your signals or headlights are working. You would effectively be driving blind. Don't drive blind, know what's going on around you and respect the incredible complexity which is driving your companies profit center. Become informed, challenge operators on both the security team as well as those on the business team to bring all the facts to the table. Make an informed Risk Tolerance decision.
How can you even begin to know your risk tolerance if you don't know what's in your wheel house? Call Integris Security and let's get informed together.
An ISO 27001 certification is a top/down inside look at your environment.
ISO/IEC 27001:2005, part of the growing ISO/IEC 27000 family of standards, is an information security management system (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
If you're sitting on a board of a company it should be something you have in your binder and it needs to be maintained annually with weekly, monthly, quarterly, semi annual and annual updates. This is a fact driven file that all discussions emanate from. This certification is something every new CEO should be given once the keys to the kingdom are in his/her hands. Every single discussion concerning future enhanced functions coming into a company need to flow from this certification.
Consider if you would driving a car without knowlege of how much gas you have left, whether or not you know if your signals or headlights are working. You would effectively be driving blind. Don't drive blind, know what's going on around you and respect the incredible complexity which is driving your companies profit center. Become informed, challenge operators on both the security team as well as those on the business team to bring all the facts to the table. Make an informed Risk Tolerance decision.
How can you even begin to know your risk tolerance if you don't know what's in your wheel house? Call Integris Security and let's get informed together.
No comments:
Post a Comment