IT Governance Blog on IT governance, risk management, compliance and information security.

Cyber security is fast becoming one of the most critical issues for all business to address. The head of the Metropolitan Police’s e-crime unit estimated the cost of cyber crime to the UK at a staggering £27 billion last year.

The question: How do you create robust and effective cyber defences?

The answer: create an information security management system (ISMS) aligned with ISO27001, the world’s cyber security standard.

The solution: No 3 ISO27001 Comprehensive ISMS Toolkit

Buy before Friday and receive a free Cyber Security Self Assessment Tool.

	No 3 ISO27001 Comprehensive ISMS Toolkit RRP: £1,931.90 Price: £1,795 You Save:£136.90

Information security has never been higher on the business and political agenda, according to the latest report from Business Technology, published in The Sunday Telegraph on 8 April.

“It seems that the main message from information security experts is always ‘be afraid… be very afraid’,” says editor Jonathan Watson.

Increasingly, governments are making businesses pay when their data security systems fail. In the US the authorities have fined health insurance provider BlueCross BlueShield $1.5m (£900,000), after a theft of health data involving more than a million customers. 

In the UK, the Information Commissioner’s Office is using its powers to punish serious data breaches with a fine of up to £500,000. And new EU rules may see fines of up to 2 per cent of global turnover being imposed.

Elsewhere in the supplement, Business Technology looks at:

• The changing face of hacking – it’s no longer the preserve of bored teenagers as criminal gangs set on defrauding firms move in.
• The threat from within when employees look to link their own mobiles devises to the company network.
• The rise of biometrics and why the UK Border Agency is scaling back its iris recognition system (IRIS) at UK airports

Business Technology is produced by Lyonsdown, Britain’s leading publisher of independent reports and supplements in the national press.

Protect your business with the Complete Data Protection Toolkit, including a standard approach to help you:

• Understand what the DPA is how it affects your business
• Identify your current level of conformance to the DPA
• Identify gaps and steps to achieve compliance
• Document your DPA policies
• Understand how to react if you suffered a data breach
• Initiate DPA staff training

Buy the Complete Data Protection Toolkit today >>

Cyber-attacks cost UK business £21 billion in 2011. Is your company really secure? How would you know?

Cybercrime is a problem TODAY. Adopting the ISO27001 Information Security standard – as the government and market leaders are currently doing – is the solution.

Why act now? Sir Winston Churchill would attach to the top of any urgent order a bright red label on which was written:

“Action This Day”

Churchill loathed passivity or delays and insisted his Chiefs of Staff and other colleagues be getting on with things rigorously, always with the utmost urgency. Are you the same?

Real security takes time – act today, and you could be secure within three months.

Call NOW: 0845 070 1750

If you need more information about why now is the right time to act, download our free advice pack. Read the case studies to learn how you can implement ISO27001.

It really pays to be ISO27001 compliant. Here are 5 good reasons to start today:

1. Confidentiality, integrity and availability of information is essential to maintain competitive edge, cash-flow, profitability and commercial image.
2. Through a proper risk assessment, threats to assets are identified, vulnerability to and likelihood of occurrence is evaluated and potential impact is estimated, so that your investment is allocated only where it is necessary – and never wasted.
3. Compliance with legal, statutory, regulatory and contractual requirements is a ‘must do’ in your business planning and operations – don’t get caught out!
4. Better cyber security leads to improved corporate governance and assurance to all your stakeholders, including shareholders, suppliers, consumers and clients.
5. In tender documents, large firms and public/government organisations require that you demonstrate compliance to ISO27001. Certification is the best way.

120+ IT Governance clients KNOW they are cybersecure and have an ISO27001 certificate to prove it to everyone else… thanks to help from our experts.

Download our free Standards Compliance Advice Pack, or call our advisers on:

0845 070 1750

We look forward to helping you act today on cyber security.

Hacked: Scotland Yard’s Anti-Terror Hotline Hacked By Kids

Last week I blogged about the Government’s proposals to introduce far reaching snooping legislation, however things have all gone quiet after a hasty U-turn. This was, however, one of the reasons cited by a group calling themselves ‘Team Poison’ for this week hacking into Scotland Yard’s anti-terror hotline. The hackers jammed the hot lines network, preventing callers from getting through and also recorded and then posted a conversation between officials on the internet.

There are two factors to this incident that disturb me. Firstly the two boys the police’s e-crime unit arrested in connection with this incident were just 16 and 17. And secondly the software they used is apparently freely available to buy on the internet, and as importantly, relatively simple to use. Is hacking becoming as simple as taking candy from a baby? Babies shouldn’t really be eating candy, but that’s beside the point. 16 year olds shouldn’t be out hacking government departments either. Some of this software even has customer support help lines for the would be hacker! It’s seems insane doesn’t it.

As I mentioned last week, the policing of the internet will be a major issue in the modern age. The individual and businesses have a responsibility to protect themselves when using the internet, yet even if you take adequate precautions you may become the subject of a cyber attack or cyber crime. The authorities face an uphill task in managing and policing the internet, as it seems the cyber criminals are on the crest of the technology wave, whist the police are within it.

This doesn’t mean you should stand still. Ensuring you and your business stay abreast of new technology developments, new ways of protecting yourself and building effective and proportional cyber defences is essential.

Read about all the latest cyber security threats, solutions and defences on our cyber security page here >>>

Cyber attacks cost the UK £27 billion in 2011. Is your company really secure? How would you know?

The average cost to UK business per record lost increased from £47 in 2007 to £79 in 2011. ⁽¹⁾

£37 of this cost was incurred indirectly, from factors such as lost business, reputational damage or churn of existing customers. Customers that may not come back, because now they don’t trust you.

And then there’s data protection, legal compliance and directors’ reputational damage.

And things are getting worse.

ISO27001 is the international Information Security standard recommended by the market leaders.

It pays to be ISO27001 compliant. Here’s why:

A recent survey ⁽²⁾ shows that consumers are taking privacy and security into account when making purchasing decisions, and will consider leaving companies in the wake of a data breach incident. Wouldn’t you?

Are you ready to protect your business from this revenue drainer, resulting from loss of reputation?

Do you want to find out in the press or on TV that your company has just been hacked?

An ISO27001 Certificate says that your Board takes cybercrime and growing threats seriously.

120+ Companies are now cybersecure with their ISO27001 certification  thanks to help from our experts.

How do you achieve ISO27001 Certification? We have devised an easy way to speed up your progress.

IT Governance’s consultants will assess your cybersecurity policy, procedures and controls in a day-long workshop visit onto your site, for a fee that you will save many times over in performance improvements and fraud reduction. This ‘Cyber Security Health Check’ is completely confidential and without obligation.

It will be facilitated by a professional adviser with years of ISO27001 feasibility, gap analysis, risk-assessment and auditing experience. They will help to develop your plans and ensure that critical data is protected and secure against all the risks you’re concerned about – we don’t leave anything to chance.

There’s no time like the present to become your own Revenue Assurance/Fraud Prevention “champion”.

Take an important step towards achieving ISO27001 certification.

Call us today, to discuss setting up your ISO27001 Health Check – the value of which more than justifies the cost:

08450 701750

You can read more about how our professional services can help you to accelerate your compliance project, reaching a successful conclusion in far less time. Go to our Free Advice Pack Download page.

We have helped many UK organisations to successfully achieve UKAS-accredited ISO27001 certification – and we look forward to working with you.

PS – Visiting InfoSecurity Europe 2012? We are offering a free 15-minute ‘Compliance Surgery’ with one of our trusted advisers. Would you like to ask us any questions about ISO27001 certification? We’d be happy to answer them at ‘InfoSec’. Book your place today: http://www.itgovernance.co.uk/free-consultancy-advice.aspx