Information Security is incredibly important in all organisations. A huge amount of Data is stored by organisations and it is ever more important in the decision making process. Data is now likely to be stored in many different locations – internally, off-site, in the cloud and with vendors.
Hacking is an everyday occurrence, from teenage mischief makers to state-sponsored agents. If successful sensitive data is stolen, website are brought down, customer trust is lost and the business is put at risk.
It’s essential for organisations to understand the strategic importance of their data, protect themselves from attack and create processes to manage the impact of attack.
- Developing data management capability – organisations need to stratify their data, categorizing it based on the strategic importance to the business. Security and management policies can be applied to data depending upon its categorization.
- Assessing Information Security – Through interaction across the business including Operations, HR, Marketing and Public Relations as well as IT, we help to identify any weaknesses in your organisations security processes both for protection against an attack and managing the impact once an attack succeeds.
- Reviewing enterprise Architecture – expansion to the cloud and increasing vendor fostering of important data has huge impact on enterprise architecture. Organisations need to review how to manage ad secure date wherever it is located.
We have created an Information Security Maturity Assesment to help organisations dealing with these issues.
CIO Connect publish regular ‘Point of View’ documents – here are links to a selection of recent documents related to information management:
It is every CIO’s fear – the organisation has been breached through inadequacies in the technological landscape – or is it?
The Data Protection Act should not be considered as a restriction to business. If enterprises approach data protection in an effective and structured way, it can be an important tool in the fight against data loss and reputational damage.
There is a dichotomy between access to information and security. This is why some analysts say that a Chief Information Security Officer should have a separate reporting line from the CIO. In the real world the two threads of access and access control need to come together in the CIO.
Case Study – Christies
What was achieved
• Developed and implemented a standard operating model for enterprise and solutions architecture function integrated with project and programme management methods and toolset.
• Established the global team and accelerated the deployment of operating model through provision of short-term focused effort by practitioners in key roles on the major programme of transformation
• Assured that significant progress was made on major transformation programme through organisation re-design, through to system design, project initiation and delivery;
• Provided architectural support in key roles of process, information and technical architecture as part of transformation programme team.