What are the challenges?
Organizations in various critical business operations face endless security threats that can range from vandalism, theft, on-site security breaches, insider risk, and even terrorism. Concerns can be whether their crown jewels are sufficiently protected from various threat actors such as organized crime, industrial spies, malicious insiders or even hacktivists. These threat actors bring various threats forth such as theft of intellectual property, corporate secrets, financial information, and disrupting business operations.
Protecting organizational assets is critical and includes people, property and informational assets. People assets include more than just employees, they also include visitors, contractors, community and others that have or could have an association with business operations. Property assets range from building, machinery and utilities to operations, equipment and systems. Informational assets are computer systems, processes and confidential business and employee information.
How can Secura help?
The IT Risk Assessment of Secura adheres to internationally recognized standards on information security such as ISO 27001, COBIT 5, and the NIST Cyber Security Framework. The IT Risk Assessment is specifically designed to help organizations in identifying security risks at their site in an early stage and to recognize and resolve previously overlooked blind spots. The IT Risk assessment addresses the following aspects (based on ISO 27002):
- Assessing Environmental Security
Equipment should be sited (placed) or protected to reduce the risks from environmental threats and hazards, and opportunities for unauthorized access.
- Physical Security
Access points such as delivery and loading areas and other points where unauthorized persons may enter the premises are assessed for security risks.
- Asset Management Security
Asset management controls are assessed and it is verified that all IT equipment located within the facility is protected from unauthorized users.
- Access Control
It is a fundamental concept in security that minimizes risk to the business or organization. The goal of access control is to minimize the risk of unauthorized access to physical and logical systems.
- Privacy & Data
‘Company Confidential’ and ‘Restricted’ information should not be left unattended. The allocation of passwords shall be controlled through a formal management process.
- Human Resource Security
The objective is that employees receive sufficient cyber security training on a regular basis that is applicable to their responsibilities and before obtaining access to the facility’s critical cyber systems.
- Communications Security
Protection of communication technology, systems and devices.
The site assessment is performed by one of our dedicated consultants specialized in demonstrating compliance with regulations, assessing information security, providing insight into shortcomings and improvement measures, as well as giving advice. Secura supports multiple (international) clients in providing insight into the security of their offices or production sites.