Assessing information management in a new world of cyber threats


Johannesburg, 03 Sep 2019
Read time 4min 40sec

Cyber security is the process of protecting networks and devices from emerging risks and cyber attacks. The evolving nature of the digital landscape makes this potential threat critical to an organisation, and information management has taken centre-stage as of late in terms of the potential risks associated with cyber security.

A mature cyber and information security system has multiple layers of defence spread across the organisation, but many organisations fail to understand the serious compliance and risk management implications of cyber and information security. The ever-growing threat to the organisation that it poses in the pursuit of its overall business objectives and continuity cannot be understated.

Cyber and information risk and compliance exposure, in the chaotic modern business world, is a complex mesh of vulnerabilities that crosses through different departments and functions within the business and its operations. The effect of a seemingly isolated information or cyber risk can soon become ubiquitous – causing trouble throughout all levels of the organisation.

Ensuring your information management and cyber security control is at a proper level of maturity and meets professional industry standards is paramount in being able to fully monitor and understand the chaotic world of information management, and effectively scrutinise and evaluate risk and compliance across the entire organisation. An immature information security and management system leaves organisations vulnerable and caught off-guard to risk exposure, while the mature organisation will have complete visibility and contextual understanding of information security and technology risk exposure on the business.

The challenges of information management and data protection/privacy are growing as organisations not only have to respond to the EU GDPR, but also to California’s Consumer Protection Act (CCPA), New York Privacy Act (NYPA), South Africa’s Protection of Personal Information Act (POPIA), and more. It is becoming increasingly clear that this growing list of data protection and information management legislation presents a massive risk and compliance obstacle for organisations.

In order to fully meet their requirements, organisations cannot just manage and monitor information security continuously, and will fail to do so effectively unless this monitorisation and management is a part of an integrated strategy that approaches information security, risk and compliance from a holistic business and organisational lens and meets leading international standards for information management. The full scale of vulnerabilities and requirements that weigh down information and cyber security must be addressed in a standardised and well-established information management and cyber security architecture.

Implementing a solution that can manage the understanding of the requirements of these data protection laws, harmonise the organisation's information management with data privacy regulation around the world, enforce privacy and controls across third parties, meets third-party, international industry standards, and manages the assessment of information and data security is key in building a consistent and compliant information management framework for your organisation.

The ISO 27001 certification is an excellent standard from which to build an information management framework. The certification is the most widely recognised international standard for information security management systems and provides assurance to customers that internationally recognised information security controls and standards are applied throughout the platform.

Smart solutions for smart businesses

RubiQ has achieved compliance along numerous ISO standards, and has been given ISO 27001 certification for providing robust methods and processes for organisations to identify and mitigate current and potential risks within information security and management.

The ISO 27001 framework provides standards for an information security management system (ISMS) that enables the continued security and accessibility of information, as well as legal compliance. This framework is vital for protecting your organisation’s most essential information and digital assets, and its implementation is an ideal response to managing risk, as well as meeting customer contractual requirements and regulatory/legal obligations, such as GDPR and its growing list of sibling laws around the world. It enables organisations to effectively mitigate security threats, including but not limited to:

  • Data breaches;
  • Cyber attacks;
  • Abuse/misuse; and
  • Accidents and mistakes.

The ISO 27001 Information Security Management System’s framework is embedded in the culture of RubiQ and helps provides a firm baseline for executing operational best practice within information security. The certification gives a pretty comprehensive list of requirements for information management systems, best practices and a list of security controls when it comes to information risk management. This helps give customers the confidence that their customer records and information, financial information, and intellectual property is protected from loss, theft and damage through a systematic framework.

Click here if you would like to participate in a free comprehensive IT governance maturity assessment. The assessment has been compiled by leading information security, cyber risk and information privacy governance advisory experts. It's quick, it's simple and you will receive an expert and detailed report as an outcome of having done the assessment for your organisation; a series of reports that can be confidently used to bring the leadership of your organisation rapidly up to speed on the real exposures faced by your business!

The steps are simple:

Editorial contacts
Zuanda Barnard zuanda@guideline.co.za