A working group tasked with providing good guidance and best practice for information security for Small and Medium Enterprises (SMEs) in the UK and beyond has delivered a draft standard for consultation.
The group, ISSA-5173, set up by the Information Systems Security Association (ISSA-UK), aims to produce a free standard in SME-friendly language for owners who most likely have little to no IT experience; to provide best practice documents on a number of areas applicable to the scale of the SME; and to address current threats and issues applicable to the SME.
The draft standard, available on the website, notes that while there are already several sources of educational advice for SMEs, none aims at setting a standard for information security.
The document, the group said, was designed while bearing in mind that SMEs are ‘highly unique entities. The context and scope of each business is the final determining factor for how much effort needs to be placed into information security measures, and organisation size is only one measure by which this can be assessed. Other factors need to be taken into account, such as the industry the SME is in, the level of proprietary or personal information that needs to be protected, regulatory exposure, and contractual requirements.’
ISSA-UK splits the draft into sections. ‘Basic security measures’ covers: owner/director commitment; understanding obligations; responding to security risks; and essential security countermeasures, which addresses physical security measures, procedural controls and technical measures such as firewalls.
The second section, ‘Defined security regime’, looks at: security rules, which details that there must be a clear list of do’s and don’ts; security responsibilities; disaster survival plans; and security oversight.
‘Managed security system’ addresses: policies and procedures; management systems; security technology; and security education, noting that security is everyone’s responsibility within a modern enterprise, and so all employees should be educated, regularly updated and reminded of a range of security threats to business data and systems.
The draft standard is available here
Latest News
Safeguarding economies: DNFBPs' role in AML and CTF compliance explained
Join FStech editor Jonathan Easton, NICE Actimize's Adam McLaughlin and Graham Mackenzie of the Law Society of Scotland as they look at the role Designated Non-Financial Businesses and Professions (DNFBPs) play in the financial sector, and the challenges they face in complying with anti-money laundering and counter-terrorist financing regulations.
Ransomware and beyond: Enhancing cyber threat awareness in the financial sector
Join FStech editor Jonathan Easton and Proofpoint cybersecurity strategist Matt Cooke as they discuss the findings of the State of the Phish 2023 report, diving into key topics such as awareness of cyber threats, the sophisticated techniques being used by criminals to target the financial sector, and how financial institutions can take a proactive approach to educating both their employees and their customers.
Click here to read the 2023 State of the Phish report from Proofpoint.
Click here to read the 2023 State of the Phish report from Proofpoint.
Cracking down on fraud
In this webinar a panel of expert speakers explored the ways in which high-volume PSPs and FinTechs are preventing fraud while providing a seamless customer experience.
Future of Planning, Budgeting, Forecasting, and Reporting
Sage Intacct is excited to present FSN The Modern Finance Forum’s “Future of Planning, Budgeting, Forecasting, and Reporting Global Survey 2022” results. With participation from 450 companies around the globe, the survey results highlight how organisations are developing their core financial processes by 2030.
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories