Information Security

Keeping information safe and secure is an essential operation of every businesses.

At its core, information security is a business task  – not the sole responsibility of IT or your security team – it is a whole-of-business responsibility incorporating legal, risk, IT and in fact, every user of information in your organisation.

Information security is everyone's responsibility.

Cyber security exists to protect information.

Information protection exists to comply with regulation and keep company proprietary information safe.

Compliance exists because of governance built to protect a situation or the citizens of a member state or country.

Ask yourself these questions:

• Why do you need to protect data?
• What are the legal regulations and legislation that you are mandated to comply to?
• What are you trying to protect?
• Why is it valuable?
• What is sensitive?
• What is personally identifiable information?
• What are your ‘critical information assets’?
• Where do these critical information assets live?
• What are your systems?
• Are files shared?
• Who has access to them?
• What are their roles?

Here's where we can help you

• Build an information governance framework outlining the regulations for your industry.
• Outline roles and responsibilities in your organisation regarding general usage, the information custodians, and who has accountability of the data and information.
• Perform an information audit to assess where your data is stored and what sensitive information exists within your data.
• Document your critical information assets using an asset register.
• Supply a data access governance audit showing who has access to what information.
• Assist you in building a security architecture that meets your specific information protection needs.
• Guide you in working with your cyber-security provider on aligning your specific needs to security frameworks (NIST, SOC, ISO)
• Develop solutions for data loss prevention and information rights management.