Latest News

ISSA-UK launches security best practice and guidance for SMEs

By Sophie Baker

A working group tasked with providing good guidance and best practice for information security for Small and Medium Enterprises (SMEs) in the UK and beyond has delivered a draft standard for consultation.

The group, ISSA-5173, set up by the Information Systems Security Association (ISSA-UK), aims to produce a free standard in SME-friendly language for owners who most likely have little to no IT experience; to provide best practice documents on a number of areas applicable to the scale of the SME; and to address current threats and issues applicable to the SME.

The draft standard, available on the website, notes that while there are already several sources of educational advice for SMEs, none aims at setting a standard for information security.

The document, the group said, was designed while bearing in mind that SMEs are ‘highly unique entities. The context and scope of each business is the final determining factor for how much effort needs to be placed into information security measures, and organisation size is only one measure by which this can be assessed. Other factors need to be taken into account, such as the industry the SME is in, the level of proprietary or personal information that needs to be protected, regulatory exposure, and contractual requirements.’

ISSA-UK splits the draft into sections. ‘Basic security measures’ covers: owner/director commitment; understanding obligations; responding to security risks; and essential security countermeasures, which addresses physical security measures, procedural controls and technical measures such as firewalls.

The second section, ‘Defined security regime’, looks at: security rules, which details that there must be a clear list of do’s and don’ts; security responsibilities; disaster survival plans; and security oversight.

‘Managed security system’ addresses: policies and procedures; management systems; security technology; and security education, noting that security is everyone’s responsibility within a modern enterprise, and so all employees should be educated, regularly updated and reminded of a range of security threats to business data and systems.

The draft standard is available here

    Share Story:

Recent Stories

73% experienced 'reduction in fraud' since SCA launch, says Barclaycard

Barclays issued with $361m penalty

Toqio raises €20m in Series A funding round


Creating value together: Strategic partnerships in the age of GCCs
As Global Capability Centres reshape the financial services landscape, one question stands out: how do leading banks balance in-house innovation with strategic partnerships to drive real transformation?

BANNER

BANNER

Data trust in the AI era: Building customer confidence through responsible banking
In the second episode of FStech’s three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech examines the critical relationship between data trust, transparency, and responsible AI implementation in financial services.

Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.

Beyond compliance: Building unshakeable operational resilience in financial services
In today's rapidly evolving financial landscape, operational resilience has become a critical focus for institutions worldwide. As regulatory requirements grow more complex and cyber threats, particularly ransomware, become increasingly sophisticated, financial services providers must adapt and strengthen their defences. The intersection of compliance, technology, and security presents both challenges and opportunities.

© 2019 Perspective Publishing     Privacy & Cookies