Not long ago, cyber security wasn’t even a discussion point at most board meetings.
As criminal hackers continue to employ a variety of techniques to infiltrate companies, cyber risk has become one of the top threats being discussed at board level. It is essential that a cyber risk management strategy be based on a comprehensive review of the organisation’s cyber risks using proven risk assessment techniques.
Risk assessments evaluate risks against the possibility that they will occur and the adverse effect they could have on the business.
A cyber risk assessment enables organisations to consider the likely attack methods and routes of exploitation, helping them to better mitigate the potential impact that cyber attacks can have on business objectives.
The results garnered from the risk assessment will help to prioritise organisational resources to prevent, detect and manage cyber risks.
ISO 27001:2013 is the international standard for information security management, and is based on the implementation of a management system specifically designed to protect information against information risks, including cyber threats. Recognising the importance of not only technology but also people and processes, the Standard is aimed at adopting a holistic approach to information security.
ISO 27001 provides a structured framework for developing an information security management system (ISMS) and adopts a risk-based approach, providing a set of recommended controls for reducing risks to information assets.
As we’ve seen all too often recently, cyber security breaches can have a massive impact on the bottom line, as well as stock prices – that’s why the board needs to accept its fiduciary duty to understand all of the risks and the measures that are in place to mitigate them.
By applying the principles of risk-based information security, ISO 27001 can help to protect businesses against the myriad forms of cyber attack that continue to morph and evolve.
vsRisk™ is the leading cyber security risk assessment software specifically designed to support ISO 27001-compliant ISMS implementation projects, and includes the controls promoted by ISO 27001, in addition to numerous other features, such as delivering a full set of information security policies and procedures that can be customised and applied to any business. View vsRisk’s features here.
Click the image below to view an infographic that illustrates the features of vsRisk.