News
Sébastien Hardy, Laboratoire national de métrologie et d’essais (LNE) : A standard to serve computer security
April 2015 by Sébastien Hardy, Information System Security Product Manager - Laboratoire national de métrologie et d’essais (LNE)
Data thefts, intrusions, industrial espionage, computer hacking, leaks, phishing, malicious codes… there are countless threats jeopardizing the security of your data. They constitute an increasing risk to companies and can alter the confidence of partners. And this has nothing to do with science fiction, as it actually reflects market reality and requires taking efficient measures to fight against ever-more pressing cybercriminality.
Cybercriminality is a real scourge that has a strong impact on the performances of companies and represents a major economic challenge. Hackers understand that perfectly well and no longer hesitate when it comes to attacking companies of any size to steal their data, blackmail them, etc. That is how cybercriminality can influence the competitiveness of professionals, whose performances and reputation can deteriorate if they do not protect their digital assets.
Today, all French companies are concerned and must take efficient measures to protect themselves from ultra-sophisticated attacks. Here is an example with a few figures: data theft rose by 62% in 2013, and 552 million identities were exposed according to the 2014 Internet Security Threat Report (ISTR).
Standard ISO 27001 as a response to meet the challenge of information security
In order to enhance protective measures and the information management system implemented, companies must have efficient tools and methods recognized by information security experts that meet international standard requirements.
ISO/IEC 27001 is an international standard on the management system of information security that meets these challenges. It describes the requirements for implementing an Information Security Management System (ISMS) intended to help choose the right security measures and ensure the company’s sensitive assets are protected according to a defined scope. Standard ISO 27001 focuses on processes and provides continuous improvement solutions. It is destined for all types of organizations like business companies, NGOs, administrations, or financial institutions.
With this definition, one can easily understand that protecting oneself from ever-more complex threats requires relying on a clear master plan, a method, tools, but also complying with a standard that will help implement an adapted governance. The idea is to set up a strategy for the continuous improvement of security by promoting the principles of the ISO standard.
Establishing the standard as a fundamental parameter
Taking this standard into account is a key success factor to fight against information security threats. Therefore, deploying protective tools without worrying about complying with good practices and considering avenues for improvement is not a long-term approach. Companies must not act hastily, but rather initiate a real business project dedicated to computer security to manage computer risk management (planning, implementation, audit, and improvement). Such an approach will make it possible to set up actual digital trust spaces.
