A major challenge facing organizations today is that regulations do not make allowances for unintentional errors, and human error is one of the biggest risks faced by companies, especially as pressure to reduce costs means that more and more tasks are being carried out by less staff. Today almost all risk results from internal threats and because many organizations focus their investment in protecting against the external threat, they are often not adequately prepared to protect the internal risks. Today any organization that has an IT infrastructure relies heavily on databases, and database security practices, including everyone and every process that accesses the database, will always be scrutinized very closely by auditors.
What should you do?
Whether or not you are compelled to apply policies to comply with the various standards, you should familiarize yourself with what is required. My recommendation would be to start by taking the time to study the ISO 27001 standard to gain an overall view of what is required to have an effective information security policy and in conjunction look at the requirements of the Payment Card Industry (PCI) standard. Although the PCI standard is intended for organisations that deal with credit card transactions it offers a very practical guide to what should be done on a practical level in many areas, and will ensure that you have taken adequate precautions to protect yourself and your business.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.