12 February 2021
Drive Security Maturity With An “IT Road Code” For Your Organisation
Significant changes in working arrangements have occurred for many people during 2020. In the last 10 months the COVID-19 pandemic drove an increased reliance on technology by organisations in order to ensure employees and customers could function through a very disruptive period.
When announcing their most recent quarterly financial results Microsoft CEO Satya Nadella was quoted as saying - "what we have witnessed over the past year is the dawn of a second wave of digital transformation sweeping every company and every industry.”
In moving to adopt or adapt technology it is important to continually re-assess processes, procedures and technology controls to mitigate against cybersecurity risks and threats. It’s also increasingly important to recognise and focus on the role that people play in security risk management and exposure. Plenty of organisations have experienced pressure in the short to medium term on the IT operations front, which makes it very challenging for an already resource constrained IT team to maintain any consistent focus on developing strategic and proactive initiatives that drive long term programmatic IT security improvement.
The uncomfortable truth is that Human Factors are ultimately the weak link in “business as usual” situations, as a result organisation who should readily be able to demonstrate a degree of security maturity are often very exposed. In the current environment, where business is not “as usual,” the level of cybersecurity risk and exposure has increased as users get to grips with using new technology and adapting their work practices.
Your “IT Road Code”
The best place to start improving your security maturity is to build a solid foundation of comprehensive IT Policies that establish common standards for operational system use, and also set a solid foundation for effective control of risk as part of your Security Maturity Model.
By creating this organisational “IT road code” users know the guidelines and rules of operation, minimising accidental data breaches and unnecessary security risks. The main objective of your “IT road code” is therefore to protect corporate systems, and maintain data confidentiality, integrity and availability.
A comprehensive suite of policies will assist with the practice of good information governance upon which procedures, processes and informed technology investments can then be made.
Develop, Deliver, Maintain
Many organisations have opted to carry out policy development work, and then try to deal with the ongoing management of them, in-house. This approach has had limited effectiveness primarily because organisations don’t have the required resources in place to do such specialised work.
Some questions to consider when using in-house resources to develop, deliver and maintain IT policies -
A Proven Alternative
Policy Management as a Service (PMaaS) is designed to assist organisations develop, deliver and maintain a comprehensive suite of IT policies tailored to their specific business requirements. A typical PMaaS project can be completed in 8 weeks (elapsed timeframe) and incorporates a 2 day workshop to facilitate and stimulate discussion between stakeholders.
All our policies are mapped to a range of international standards and best practice recommendations such IS27002, ISO27017, PCI-DSS, ASD Essential 8, to name but a few. A number of additional supporting elements are provided with the service including a range of templated procedural forms, security awareness videos, a glossary and topic index. A key element of the service sees Kaon Security provide ongoing assistance to keep all the content up to date with changes in areas such as standards, policy wording, and terminology. This ensures our customers have ongoing continuity in terms of access to subject matter expertise, and are not reliant on finding someone in-house to keep IT policies relevant and up to date.
Lastly, we frequently get feedback from customers that their auditors view the system and its content in a very positive light.
View the latest video on our Policy Management as a Service offering
To view a selection of case studies – Click here
VPDSS Policy Alignment Package Now Available
During the last few months we have been asked to assist organisations with a selection of VPDSS related projects. Our Policy Alignment Package comprises of three parts, and is designed to help you navigate some of the key Victorian Government requirements for the consistent application of risk-based practices to manage the security of information
Policy Lite System
Our Policy Lite System is for small to medium sized organisations and is focussed on delivering content suitable for an organisations general user population, the system contains 18 key policies that are mapped to ISO27002. As part of the customer delivery exercise one of our consultants facilitates an online workshop to ensure the content of the system is aligned with your practices.
To view a video on the Policy Lite System - Click here
Kaon Security Deliver The Goods To Ports Of Auckland
Ports of Auckland Ltd has been playing a vital role in the Auckland economy for 176 years. It is both New Zealand’s biggest import port, and its largest and most efficient container port.
Read how our Microsoft 365 Security Audit service assisted PoA to get a very good understanding of their risk position, and lower their exposure to any security threats whilst using the M365 suite - Click here for the case study.
Please note in addition to this report, Kaon Security supplies a separate folder of supporting information which includes media files of the areas identified as requiring review and remediation.