With ever-increasing threats to digital information, a breach in information security can be catastrophic to any business, no matter what the scale or what industry they operate in.
QEM can review your current working practices and identify which aspects of your business are at risk.
ISO 27001:2013 is an international standard that provides a framework that helps organisations meet both their legal and contractual obligations associated with data protection and information security. Unlike the other international management system standards, (ISO 9001, ISO 14001 and ISO 45001) ISO 27001 focuses on a list of mitigation controls that reduces or eliminates risks. These controls are detailed in Annex A and include everything from access and physical perimeter management to cryptography and supplier assessments.
Implementing a robust information management system in accordance with ISO 27001 can dramatically reduce the following threats:
-
Cyber crime (attacks for monetary gain, such as phishing, malware intrusion, identity theft etc.)
-
Hacktivism, (attacks to disrupt activities in order to make a political or activist standpoint)
-
Active persistant threat, (such as a power cut or utility failure)
-
Insider threat, (a threat caused by an internal resource such as an employee or ex-employee)
-
Native state, (a state-driven attack on a political or geographical region)
QEM can reduce the CHAIN threats by applying the measures detailed in Annex A of ISO 27001 in a cost-effective and realistic manner.