The digital age is characterised by the creation, storage, managing, and sharing of electronic information about everything and everyone. Information is an economic resource used as an essential tool to create a competitive advantage for individuals, companies, and society in general – information is power.
What is Information security?
Information security is a collection of technologies, standards, policies, and management practices that are applied to keep information secure. Due to the proliferation of information on the Internet, and despite it helping disseminate information to all and sundry, there is a need to protect said information. It is, therefore, necessary to put in place policies, protective measures, and compliance mechanisms to prevent unauthorised access, abuse, or misuse of personal or sensitive information.
Most international organisations realise the importance of information security. Governments have also taken it upon themselves to introduce legislation to force organisations to prevent unauthorised access, use, disclosure, or destruction of information. In South Africa, the Promotion of Access to Information Act 2 of 2000, the Protection of Personal Information Act 4 of 2013, the Electronic Communications and Transactions Act 25 of 2002, as well as the Cybercrimes and Cybersecurity Bill of 2015 was introduced to reinforce information security in the country. These measures are mostly relatively recent, and the effectiveness of these measures will need to be tested over time, including the ability of the government to enforce the legislation.
What constitutes a cybercrime?
The term information security denotes the existence of some form of criminal activity, hence the need for security. The exponential increase in cybercrime over the past couple of years resulted in an urgent need for information security to be strengthened.
Cybercrimes include e-mail scams, cyber hacking, cyberstalking, identity theft, computer vandalism, computer fraud, child pornography, cyberterrorism, cyberextortion, online harassment, cyberwarfare, stealing intellectual property, ATM fraud, and violating privacy.
What are the challenges to information security?
The current challenges to improved information security include a lack of technical expertise, the cost of implementing information security, a lack of awareness of the societal significance of information security breaches, limited education and training, and inadequate enforcement of information security laws.
Internal threats to organisations’ information security include data leaks and infrastructural damage because of malicious intent, as well as data leaks due to unintentional human error. Malicious data leaks are a rare occurrence but unintentional data leaks due to human error are not. This is a result of the increasing number of personal devices at the workplace. These devices are connected to corporate networks, sometimes with insufficient security protocols in place which can lead to data being leaked to third parties who are not part of the organisation.
External breaches are a result of vulnerable information systems, incorrectly configured cloud environments, inadequate security measures which can all be exploited by hackers. Cybercrime as a service offered on the dark web is an ever-growing ‘business’ and is aimed at stealing data and holding it for ransom.
Organisations that offer a product or service through a supply chain are most at risk when sensitive data is shared with vendors or others.
What is the importance of information security?
Information is vital to individual, organisational, and national success. Protecting information from unauthorised access, use, disclosure, or destruction is a fundamental requirement to maintain the economic value of this information. It is key to all sectors of the economy and applies to almost all human activities. For organisations to succeed, they need to take effective management decisions based upon secure information.
To ensure the proper standards of information security are obeyed, organisations are encouraged to implement the ISO 27001:2013 information security management system. It is designed to apply to all types and sizes of organisations from small and medium-sized enterprises to multinational businesses. The latest version of ISO 27001:2013, released in February 2018, is equally valuable to governments and non-profit organisations.
The Standard provides the requirements for setting up, maintaining, and improving an organisation’s Information Security Management System to ensure that specific policies and procedures are in place to protect the integrity of data and provide customers or business partners assurance of compliance with statutory regulations, as well as the requirements of the Standard.
Contact WWISE for guidance through the entire process and help you integrate an ISO 27001:2013 compliant system with your current management system. For more information on how WWISE can assist your business, please contact us on 086 109 9473 or 021 525 9159. Alternatively, you can email us at admin@wwise.co.za