Information security, including cyber security is concerned with protecting the information assets of an organisation. It aims to ensure the confidentiality, availability and integrity of information and good information security underpins the effectiveness and value of IT systems.
The information assets of an organisation are its data, in any form, whether physical or electronic. Defending those assets from threats such as unauthorised access, use or destruction, whether internal or external, deliberate or accidental is a key component of an organisation’s risk management planning.
Historically, information security management systems addressed employee behaviour and focused on internal policies, procedures and controls. Issues of cyber security now force the adoption of policies that expand the scope of internal controls and deal with the increased risk of threats from outside.
ICAEW’s Audit Insights into Cyber Security highlights the fact that Potential threats now come from around the world and can involve organised criminals, corporate spies and hacktivists, as well as disaffected or careless employees. Also:
The international standard ISO 27001 sets out the requirements for creating an information security management system. ISO/IEC 27002:2013 offers guidance on the associated information security management practices including the selection, implementation and management of controls.
The ICAEW’s IT Faculty maintains a resource centre providing a focal point for ICAEW members looking for support in managing cyber risks, including links to thought leadership reports such as Cyber-Security in Corporate Finance and 10 Steps to cyber security for the smaller firm.
Access a range of business-focused support, advice and information from a range of sources in our business resources area. If you’d like any further information on this topic or to give any suggestions or feedback on how we can improve your membership, please get in touch: firstname.lastname@example.org