SMEs: Why Information Assurance is Important Richard Henson Worcester Business School November 2012.

Slides:



Advertisements
Similar presentations
Evaluation at NRCan: Information for Program Managers Strategic Evaluation Division Science & Policy Integration July 2012.
Advertisements

Introduction of the new Canada Consumer Product Safety Act Technical Briefing January 29, 2009.
Cyber Security & Critical Controls Chris Few Industry Enabling Services CESG February 2011 © Crown Copyright. All rights reserved.
1 Children’s Service budget proposals 2013/14 Formal consultation.
The Reality of the Struggle to Align the Business with I.T. Rosana F. Chaidez Large Company Technology Networking Conference June 17th – 18th, 2008.
(ISC) Global Information Security Workforce Study (GISWS) Results U.S. Federal Government.
1 Certification Chapter 14, Storey. 2 Topics  What is certification?  Various forms of certification  The process of system certification (the planning.
Connect and Share: to help us all to meet the future funding and efficiency challenge June 2015 Simon Pinkney measure2improve
EMS adding value IEMA regional workshop 07/07/10 Matthew Payne
Reporting and Delivery Project Review and Repeat Project Spec & Terms Targets & Goals ffffff Hands On Execution RESULTS Time & £ Modelling Product & Positioning.
Metropolitan Life Insurance Company 200 Park Avenue, New York, NY L (exp0711)MLIC-LD Overview Mexico India Australia U.K. Study Methodology.
Slide 1 of 18 Lessons from the Foundation Learning provision for the new 16 to 19 Study Programmes Discussion materials Issue 3: Developing effective work.
The outlook for manufacturing and the economy Lee Hopley EEF Chief Economist.
Effective Employer -Employee Relations
In conjunction with Minimising Risk, Maximising Benefit - EAUC 10th Annual Conference NetRegs: Environmental Compliance Help for Universities and Colleges.
Dedicated to Testing Excellence TMF Forum October 2008 Future of Testing In Turbulent Times.
ISO Guidance on Social Responsibility Development Status, June 2009 An Industry View Risk of Failure David Felinski, Vice-President IFAN (International.
Small Business Act Principle X: Encourage and support SMEs to benefit from the growth of global markets By Igor J. Mitroczuk PhD Econ.
Regulation of the Private Security industry Business Licensing 1.
SMEs: The Hacker’s Preferred Route into the Corporate World Richard Henson Worcester Business School February 2012.
COMP 6125 An Introduction to Electronic Commerce Session 4: E-Commerce In Developing Countries.
and what is its role? What is the LEP? Local Enterprise Partnerships 39 LEPs endorsed by government A partnership between business, local authorities,
Ed Moran Corpus Christi School
Bruce Hallas Director Marmalade Box Ltd. UK Business Comparison of Information Security Incidents & Financial Impact Corporate UK SME UK 25% ↓ in number.
Ethical sourcing… Shyamain Wickramasinghe
COGITA is made possible by Bologna, 23 October 2014 European Public Policies on CSR: The perceptions SMEs Eleni Apospori, Ph.D. Assistant Professor of.
Women's Food and Farming National Conference 12 th April 2012 CAP Reform Presentation by Richard Ashworth MEP.
The 3 rd Younger Members Convention Matthew Farraker - Aon Consulting Do We Need Actuaries In A DC World?
+ The Free Enterprise System Chapter #5. + Chapter Objectives Explain the characteristics of a free enterprise system Distinguish between price and non-price.
Information Assurance Market Research June Executive Summary Small response rate (n=43) General low awareness of information security controls and.
UL UK – European Affiliates Briefing – 6 July July 2004  The High Performance Organisation Group Ltd Online Auditing European Affiliates Briefing.
British Petroleum ISO Certification
The Connection between Risk Management and Internal Control in Organizations Mag. Norbert Wagner Budapest,
IRIS - International Railway Industry Standard The Quality Standard for the Railway Industry ACRI Prague, 2nd April 2008 Angela de Heymer Manager Quality.
Answers to question 6, 7, 8 Russian Delegation Visit 01. March 2010.
Information Security: It’s Everyone’s Business September 16, 2003 Greg Garcia, Vice President, Information Security ITAA.
Peter B. Bloland, DVM, MPVM Director Division of Public Health Systems and Workforce Development Global Health Leadership Forum November 10, 2011 National.
Manager ethics Responsible Management and the Responsible Business Enterprise Slovak University of Technology Faculty of Material Science and Technology.
Challenges for consumer rights in a cloud computing powered world and ISO/IEC Project developing a framework standard for service level agreements.
COMP1321 Digital Infrastructure Richard Henson University of Worcester December 2012.
Air Quality Governance in the ENPI East Countries Capacity building for decision makers for small businesses regulation Monika P ř ibylová.
European Structural and Investment Funds Breakfast Briefing 4 th February 2015 Simon Nokes – Deputy Chief Executive, New Economy.
© Allen & Overy 2015 Transparency in your supply chains Impact of the Modern Slavery Act 11 November 2015.
COMP3371 Cyber Security Richard Henson University of Worcester October 2015.
Develop your Legal Practice using “Cloud” applications, but … Make sure your data is safe! Tuesday 17 November 2015 The Law Society, London Allan Carton,
-To insert a Zurich picture click on the "camera"-icon in the Zurich CI toolbar and follow the instructions. -To insert a picture from your personal files,
What can “Economics of Information Security” do for SMEs Richard Henson, University of Worcester Bruce Hallas, Marmalade Box
Friday 22nd April 2016 DS Chris Greatorex SEROCU
THE OLD MUTUAL RETIREMENT MONITOR – IN ITS 3 RD YEAR Examines pre-retirement awareness among working South Africans Pays particular attention to confidence.
Connect and Share: to help us all to meet the future funding and efficiency challenge John Hobbs Director of Business, Environment and Community.
Student perception of SMEs and practical ways forward Graduates into Smaller Businesses Conference Tuesday 25 th November 2013 Lucy Hawthorne, NUS.
Greater Lincolnshire LEP Water Management Plan Water for Growth Martin Collison Collison and Associates Limited.
‘Marketing – Getting it Right’ Mike Wenham Business Link.
Models of Security Management Matt Cupp. Overview What is Security Management? What is Security Management? ISO/IEC ISO/IEC NIST Special Publication.
Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.
ISO Certification Consultancy Information regarding various International management systems and certification consultancy offered by Punyam Management.
Unlocking the benefits of public cloud IaaS
Richard Henson University of Worcester February 2017
Comprehensive Security and Compliance at an Affordable Price.
Richard Henson University of Worcester February 2017
International Federation of Accountants
Introduction to the Italian Cosmetic System
COMP3357 Managing Cyber Risk
Articulating a Rights-Based Argument for Land Contract Disclosure
The challenging role of internal audit
General Data Protection Regulations: what you really need to know
Tracing the origin of wood for sustainable operation
ESG 2010 IT Spending Intentions Survey
My First Template.
Dr. Dlivan Fattah Aziz MSc university of Aberdeen, Scotland
Presentation transcript:

SMEs: Why Information Assurance is Important Richard Henson Worcester Business School November 2012

Real and present danger? UK critical infrastructure hacker sme X X Internet… (600 million Gateways!) X sme

An Early Warning! In April 2009, hackers accessed data concerning technical details of a US govt fighter jet via networks with supply chain partners php php Conclusion: “…there needs to be a new-order requirement on companies doing business with the federal government.”

US Action Realised extent of supply chain security problem Working with private sector e.g. McAfee (Omanoff)

How can this affect my business? Supply chain partnerships becoming more focused on information security Government “risk appetite” has reduced offer for more SME involvement in govt contracts may well have information security as a factor Publicity resulting from a data breach even more damaging than ever!

What can SMEs do? Allocate an information security budget? more shiny black boxes? educate employees about dangers? how? get certified? Spend less on IT and become more secure? is the cloud the answer?

What is the ROI on data? If… money spent on security can pay for itself, then a worthwhile investment Needs to be seen in the context of… costs of a breach av. figure (US, Symantec, 2010): $18800 frequency of a breach av. every 5 years

UK Government Advice CESG provides guidance and advice: best advice appears to be based on “ISO27001 compliance” CPNI website: guidelines include 20 named technical controls to minimize the chance of a data breach… no guidance on physical or behavioural controls Is “compliance” with guidelines, standards, and regulations enough?

Will “compliance” stop this? UK critical infrastructure sme hacker X X Internet… (600 million Gateways!) UK critical infrastructure

Compliance and Certification Not just playing with words! compliance does not require evidence to back up claims that guidelines, etc. being followed certification only achieved through providing evidence in a systematic way to prove that the guidelines etc. are being adhered to in a systematic way

ISO27001 Certification and SMEs SMEs not shy of certification. Many already have: ISO9001 – QMS ISO14001 – EMS ISO18001 – H&SMS Logical next step to go for ISO27001?

UK SME Priorities for 2012… Omanoff (McAfee VP) quote used on a UK technology reporting website (v3.co.uk) offers-advice-securing-supply-chains offers-advice-securing-supply-chains But (same website): survey for businesses: “main priority for the new year?” 98% reducing costs 1% make more use of social media & cloud 1% improve information security

SMEs and Information Assurance Few UK SMEs get ISO27001 certified too time consuming, too expensive… little ROI… “compliance is the English way” UK gov. concerned (2012) but still showing little sign of: bringing in new laws… educating about information security so why should SMEs bother!?!?!

A need to stop this… UK critical infrastructure sme hacker X X Internet… (600 million Gateways!) global manufacturer X

* However… UK govt risk appetite lower: greater prospect of support * And there’s a whole world out there to do business with!

So not all doom and gloom! Can SMEs be convinced that better information security reduces costs? Whole academic field based on such matters: “Economics of Information Security” findings rarely get to SMEs… they should!!!

IASME (Information Assurance for SMEs) Project supported by Technology Strategy Board ( ) A systematic approach to information security focused on SMEs Objective: SME produces/maintains an ISMS Same principles as ISO9001 (QMS) NOT a “tick box” approach

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.