Compliance vs New Normal?
Updated: Jan 19, 2021
#1 Stay Safe & Stay Secure: Minimize the adverse impact of the Pandemic
The 2020 pandemic has significantly disrupted businesses around the globe and acted as catalyst for declined growth in a country’s economy. The businesses had to adapt the work from anywhere culture for continuity of services.
In these adverse conditions maintaining compliance with information security requirements has become the need of an hour. Small and medium businesses struggled to keep up with the compliance requirements aiming at the low visibility of workforce environment.
Organizations had to introduce or scale third-party products for provisioning remote accessibility making them more risk prone.
Using standards and frameworks such as ISMS (Information Security Management Systems) enables organizations to briefly examine the controls in place to address the information security risks, threats, and vulnerabilities.
#2 You are secure as much as your weakest link
A swarm of new and evolving cyber threats during the pandemic has put the information security of industries at Risk as many organizations have adopted the WFH. The modern day cyberattacks are targeting the human elements using phishing, malicious websites, etc. putting the sensitive data and critical Infrastructure of corporations, governments, and individuals at continual risk.
Many industries today while suffering impacts of COVID-19 pandemic situation, continues to suffer from cyber risk due to a lack of cybersecurity professionals and advisors. “Honestly, we’re all at risk whether you’re talking about a large enterprise or an individual.” Heather Ricciuto of IBM Security told cnbc.com.
Implementing an Information Security Management System preserves the confidentiality, integrity, and availability of information and underlying critical Infrastructure by adopting a risk management approach. Individuals with expertise overcome cyber risks by providing extended support in implementing information security policies and procedures tailored to the organization’s needs.
#3 Why ISO/IEC 27001?
Large/Small businesses that are seeking to implement, retain, and continually improvise an information security management system may largely benefit through ISO/IEC 27001 framework. It serves as an advisory that exemplifies reliability and adds value to services by improvising the PDCA model in information security requirements of the businesses.
#4 What you could do for ISO 27001?
For a successful implementation and in compliance with ISO 27001, defined are the clauses 4 through 10. Controls from Annex A must be implemented only if declared as applicable in the Statement of Applicability.
The requirements from sections 4 through 10 can be viewed as follows (detail context can be read here):
· Clause 4: Context of the organization
· Clause 5: Leadership
· Clause 6: Planning
· Clause 7: Support
· Clause 8: Operation
· Clause 9: Performance evaluation
· Clause 10: Improvement
Interested in mounting your knowledge, securing organizations from persistent cyber threats?
Security Spoc experts are here to ease the certification process and help you obtain the ISO/IEC 27001 Credential.