What is Information Security Really?

โ€œWe have gone on holiday by mistake!โ€

Withnail & I

Information security is very much misunderstood out in the business world and pretty much any of the other virtual worlds you care to mention.ย  It means different things to different people:ย 

  • To financial companies it is commonly viewed as a โ€œrequired to have, because we are told we have toโ€ they do what they need to do because they are forced to by a governing body (FSA, Card brands, etc).ย  They do the minimum they need to do in order to tick the boxes, no more, no less.
  • To large / medium retail companies information security is something they have to do because they are told they have to by the banks, they donโ€™t like it because it eats substantially into their profits but they do the minimum they need to, in order to tick the boxes.
  • To cloud companies itโ€™s viewed as โ€œnot their problem because itโ€™s not their data, thus not their responsibilityโ€ so they only do the minimum required to assist in their sales process, commonly ISO27001 as itโ€™s the easiest to attain.
  • To technological companies its firewalls and antivirus, after all they will โ€œnever get hackedโ€ as they โ€œare not a targetโ€ thus they do the minimum required in their minds to provide security at the smallest cost possible, ticking only the boxes they need to.

Looking at the examples above carefully you begin to see a pattern, nobody really knows what information security is, nobody really wants to do it as they think it costs too much and if they do have to do it, they will do the minimum required in order to tick whatever box they need to.ย  This leads me to ask a question.

โ€œWhat is the minimum?โ€

Funnily enough, every organisation that I have spoken to in the examples above, cannot answer that simple question. Sure some of them will mention compliance (especially PCI DSS) but on the whole there has been no good answer and it is quite interesting.

Analysing further and digging deeper the question becomes something different, it becomes:

โ€œWhat is the minimum that we HAVE to do?โ€

So what is it you have to do? Is it securing card data? Changing your contracts to absolve you from any security responsibilities for the services you provide as an outsourcer?ย  What in your mind is the minimum that you have to do to secure your operations?

Analysing even deeper the question becomes:

โ€œWhat is the minimum that we have to do and what can happen if we donโ€™t?โ€

What are the consequences of you not becoming secure? What fines do you face? What bad publicity do you risk (letโ€™s face it the British media LOVES to see someone fall from grace and reports heavily on it)?

When you yet again analyse that question it changes again to:

โ€œWhat are our responsibilities?โ€

Now that is a good question and is the root question when it comes to looking at information security in your own organisation.ย  What are you as an organisation obliged as a business to do to protect:

  • Your Owner / shareholders / stakeholders
  • Your reputation / brand
  • Your Revenue streams / assets
  • Your clients

These ultimately are the things that you are responsible for within your organisation, all of you from the IT guy on helpdesk, the sales people selling you product and the directors and shareholders that run the business itself.ย  Information security is a company-wide concern on all levels and one in this current market that cannot be ignored, companies are falling at the first security hurdle left and right, security breaches are causing more lost and stolen revenue in the western world than any other criminal activity and itโ€™s getting worse.

Can your business afford a security incident? Think long and carefully about the answer to that questionโ€ฆย 

If you need help with the answers, donโ€™t forget we are only a phone call away.ย T +44 (0)1622 873242ย 

Andrew McLean Headshot
Website | + posts

Andrew McLean is the Studio Director at Disruptive Live, a Compare the Cloud brand. He is an experienced leader in the technology industry, with a background in delivering innovative & engaging live events. Andrew has a wealth of experience in producing engaging content, from live shows and webinars to roundtables and panel discussions. He has a passion for helping businesses understand the latest trends and technologies, and how they can be applied to drive growth and innovation.

Unlocking Cloud Secrets and How to Stay Ahead in Tech with James Moore

Newsletter

Related articles

Understanding the cloud adoption curve and what the future holds

Globally, strong cloud adoption trends are well established, with...

AI Build or Buy and the Death of Billable Hours

"The billable hour has been a universal system applied...

Optimising Cloud Cost Management to Maximising ROI

A businessโ€™s cloud infrastructure needs will evolve with its...

Welcome to More Productive, AI-powered Working Lives

According to content services expert Dr. John Bates, AI...

Cloud Security Challenges in the Modern Era

Organisations already have to store files and data in...

143 COMMENTS

Comments are closed.