I’ve talked a lot in the past about targeting your spend to ensure that you’re money goes on protecting what is really important to you, ensuring that the protections you have spent money on are in the right place, configured to protect what really needs protecting, are maintained correctly and are of course, effective. So how do you do that? Do you just take a good guess at what is needed? Of course not, but it’s still a valid question. Did whoever built your network install a firewall, did they set up an effective anti malware regime ie one that is constantly updated using a process whereby users can’t stop it if it becomes inconvenient? That happens, believe me. Is all of this necessary? Almost certainly.
A lot of these questions can be relatively easily answered. To start with you need to:
But now the difficult part, assessing the risks and what controls would be adequate to remediate those risks, thus ensuring you are placing the right controls, be they procedural or technical, in the right places and not wasting time, money and effort, putting in controls that aren’t actually needed, or are in the wrong place.
If you have a system to help you with this, then that really is the way to go. Here at H2 we have partnered with Secure Business Data to enable us to use, and where appropriate, to sell 27K1 ISMS. A risk assessment tool that is specifically targeted at SMEs and is therefore very competitively priced. It can come with an annual or a monthly fee, however you prefer. We have adopted this system for use with our Risk Assessment Service which is carried out in three phases:
Recent Comments