Information Security
Information is a key asset sitting at the heart of business operations. Its controlled mobility and accessibility across organisational and geographic boundaries are crucial to success in an international business world.
Information security failures, known as breaches, have the potential to be devastating for firms. The potential outcomes include regulatory fines, a loss in revenues, undermined customer confidence and damaged business reputation.
There have been three fines imposed by FSA for data security breaches since the start of 2007, totalling circa £2,000,000, and 277 data breaches were reported to the Information Commissioner’s Office in the 12 months ended October 2008.
Huntswood can help businesses to:
- Identify information security risks across end-to-end processes
- Understand the business impacts should a breach occur
- Build in controls to resolve identified risks.
- Undertake systematic reviews to ensure on-going effectiveness.
- Embed prevention based information security controls
- Address the people side of information security - raise awareness, ownership and responsibility across all levels of the business
Information should be protected to ensure confidentiality, integrity and availability. The challenge is increasing as business solutions evolve across increasingly complex supply chains and geographic boundaries.
Firms should focus on advancing information control across critical business processes and support the people that operate them.
Known information security issues include:
- Many firms do not know have full knowledge of the information they have, where it is used, the security controls applied and the residual risk
- The information security practices of these partners or third parties are often unknown and often vary from the standards of the primary business
- Firms do not proactively manage information security. Typically it is viewed as an IT problem owned by IT
- New Regulations continue to make new demands as they evolve. For instance, the new Payment Card Industry Data Security Standard (PCI DSS) has stimulated action across numerous sectors with retail operations
- It only takes one breach to damage a business. Historic evidence shows that a breach can cost £2.7million, without accounting for internal investigations and subsequent long term implications
