February 02, 2021
Significant changes in working arrangements have occurred for many people during 2020, and as 2021 commences, further changes are very likely. In the last 10 months the COVID-19 pandemic drove an increased reliance on technology by organisations in order to ensure employees and customers could function through a very disruptive period.
When announcing their most recent quarterly financial results Microsoft CEO Satya Nadella was quoted as saying – “what we have witnessed over the past year is the dawn of a second wave of digital transformation sweeping every company and every industry.”
In moving to adopt or adapt technology it is important to continually re-assess processes, procedures and technology controls to mitigate against cybersecurity risks and threats. It’s also increasingly important to recognise and focus on the role that people play in security risk management and exposure. Plenty of organisations have experienced pressure in the short to medium term on the IT operations front, which makes it very challenging for an already resource constrained IT team to maintain any consistent focus on developing strategic and proactive initiatives that drive long term programmatic IT security improvement.
The uncomfortable truth is that Human Factors are ultimately the weak link in “business as usual” situations, as a result organisations who should readily be able to demonstrate a degree of security maturity are often very exposed. In the current environment, where business is not “as usual,” the level of cybersecurity risk and exposure has increased as users get to grips with using new technology and adapting their work practices.
The best place to start improving your security maturity is to build a solid foundation of comprehensive IT Policies that establish common standards for operational system use, and also set a solid foundation for effective control of risk as part of your Security Maturity Model.
By creating this organisational “IT highway code” users know the guidelines and rules of operation, minimising accidental data breaches and unnecessary security risks. The main objective is therefore to protect corporate systems, and maintain data confidentiality, integrity and availability.
A comprehensive suite of IT policies will assist with the practice of good information governance upon which procedures, processes and informed technology investments can then be made.
Many organisations have opted to carry out IT policy development work, and then try to deal with the ongoing management of them, in-house. This approach has had limited effectiveness primarily because organisations don’t have the required resources in place to do such specialised work.
Some questions to consider when using in-house resources to develop, deliver and maintain IT policies –
IT Policy Management as a Service (PMaaS) from Protocol Policy Systems (PPS) is designed to assist organisations develop, deliver and maintain a comprehensive suite of IT policies tailored to their specific business requirements. A typical PMaaS project can be completed in 8 weeks (elapsed timeframe) and incorporates a 3 day workshop to facilitate and stimulate discussion between stakeholders.
All our policies are mapped to a range of international standards and best practice recommendations such IS27002, ISO27017, PCI-DSS, CyberEssential Plus, to name but a few. A number of additional supporting elements are provided with the service including a range of templated procedural forms, security awareness videos, a glossary and topic index. A key element of the service sees PPS provide ongoing assistance to keep all the content up to date with changes in areas such as standards, policy wording, and terminology. This ensures our customers have ongoing continuity in terms of access to subject matter expertise, and are not reliant on finding someone in-house to keep IT policies relevant and up to date.
To view a selection of case studies – Click here
For a further discussion, please contact us.