Five steps for successfully implementing an ISO 27001 risk assessment framework

Gemma Platt shares five critical steps that businesses need to take in order to embed and embrace ISO 27001 risk assessments within their data protection processes.

If 2017 was the worst year for cyber attacks, according to the Online Trust Alliance, 2018 hasn’t been much better. While we haven’t yet seen a cyber incident on the scale of 2017’s huge WannaCry and NotPetya ransomware attacks, which hit thousands of organizations globally, there have been many high-profile and damaging breaches.

Incidents like these can impact businesses in a number of ways. Operational systems can grind to a halt, leading to lost sales and revenues. The reputational repercussions of a data breach can travel fast in the age of social media, and be almost impossible to recover from. Finally, the introduction of GDPR adds a level of complexity that can leave businesses liable for fines of up to 4 percent of their annual global turnover in the wake of an incident.

Given that last year’s major incidents had such a significant impact on large international enterprises with huge cyber security resources at their disposal, it’s understandable that small and medium sized businesses feel they have little chance of being able to defend themselves in the ever-growing threat landscape. However, that’s not the case. Developing an effective cyber security posture is a procedure that can be followed and continuously measured; that process is ISO 27001.


Source: DRJ New feed

Tagged on: