Technical security should be part of a comprehensive information security management system
/EINPresswire.com/ This month Sony Computer Entertainment Europe were fined £250,000 ($396,100) following a "serious breach" of the Data Protection Act as reported by BBC. Allegedly when it was hacked in April 2011 Sony didn’t have up-to-date security software which has led to user passwords not being secure.
A spokesman for Sony said that “Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient."
If an up-to-date technology would have prevented this incident, why hasn’t it been done? Whose responsibility was it to manage the process and ensure that networks secure?
Alan Calder, CEO of cybersecurity and compliance experts IT Govenance, comments, “Technology is the means, but it’s not the answer. Technology is managed by people. If an organisation doesn’t have an adequate information security management system, which includes procedures for ensuring networks are safe and security software is up-to-date, there will always be gaps.
“All this is covered by a single international information security standard called ISO27001. ISO27001 can serve as the bridge between technology and information security management.”
Calder adds, “You can’t help but wonder how many security incidents could be prevented if senior managers took responsibility to transition to an ISO27001 information security management system for protecting their own and their customers’ data.”
Organisations can learn more about the benefits from implementing an information security management system (ISMS) by attending the ISO27001 Foundation training course which gives an overview of the standard and implementation process. More information about the course is available at www.itgovernance.co.uk/shop/p-710.aspx.
- Ends -
FOR FURTHER INFORMATION
Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk
NOTES TO EDITORS
IT Governance Ltd is the single-source provider of books, tools, training and consultancy for IT governance, risk management and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is ‘non-geek’, approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.
A spokesman for Sony said that “Sony continually works to strengthen our systems, building in multiple layers of defence and working to make our networks safe, secure and resilient."
If an up-to-date technology would have prevented this incident, why hasn’t it been done? Whose responsibility was it to manage the process and ensure that networks secure?
Alan Calder, CEO of cybersecurity and compliance experts IT Govenance, comments, “Technology is the means, but it’s not the answer. Technology is managed by people. If an organisation doesn’t have an adequate information security management system, which includes procedures for ensuring networks are safe and security software is up-to-date, there will always be gaps.
“All this is covered by a single international information security standard called ISO27001. ISO27001 can serve as the bridge between technology and information security management.”
Calder adds, “You can’t help but wonder how many security incidents could be prevented if senior managers took responsibility to transition to an ISO27001 information security management system for protecting their own and their customers’ data.”
Organisations can learn more about the benefits from implementing an information security management system (ISMS) by attending the ISO27001 Foundation training course which gives an overview of the standard and implementation process. More information about the course is available at www.itgovernance.co.uk/shop/p-710.aspx.
- Ends -
FOR FURTHER INFORMATION
Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk
NOTES TO EDITORS
IT Governance Ltd is the single-source provider of books, tools, training and consultancy for IT governance, risk management and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is ‘non-geek’, approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.