Ensure security & protection to your company
Parker Solutions Group, United Kingdom
Social Media and Security
Many people and organizations today are embracing social media for a whole variety of reasons. For businesses it helps raise brand awareness, engage with customers and get key messages to the market in a rapid and effective manner. For individuals it allows them to keep in touch, share their views with the world and demonstrate their knowledge and expertise along with many other benefits.
It seems that many people like to share their life with the whole world on Facebook and Twitter, starting from their opinions on the latest TV series to where they went at the weekend and what they had for dinner last night.
So from a business perspective what should organizations do to reduce the risks related to social media? Before we can answer that question let us ask – what risks are we talking about?
What does ISO 27001 certification really mean?
In a world of increasing complexity, compliance and the need for clear and understandable Information Security ISO 27001 Certification is growing in popularity. In many cases service provider and supplier organisations will look to achieve certification of this standard to demonstrate their commitment to Information Security to customers (including potential customers) and business partners alike.
More and more often contracts and tenders demand that suppliers are certified and this trend is on the increase. Indeed we have seen this in the past with spikes in the demand for ISO 9001 and ISO 14001 certification.
Third Party Management from a Security View point
When establishing outsourcing or managed services what sort of areas should be considered from a security viewpoint?
Before we dive into that list the first thing to understand is the risk that the various suppliers pose to your organisation. By that I mean what service is being provided by your supplier. If we are talking about an outsourcing deal where your complete organisational IT environment is managed by a third party, then the level of risks and hence controls will be different to for example awarding a security guarding contract. That is not to say the latter does not have risks, indeed third party staff having access to your buildings presents opportunities for the theft of confidential documents, unauthorised access to systems or the planting of key logger devices, one only needs to look at the Sumitomo Mitsui bank breach way back in 2004 to see this.