This week’s post is the third in a three-part series on cybersecurity and discusses the value of information security frameworks in establishing the trust of customers, partners, and employees.
What is an information security framework?
Joseph Granneman, CEO & Principal Ilumination.io, in his May 2019 article ‘Top 7 IT Security Frameworks and Standards Explained’ in SearchSecurity explains. “An IT security framework is a series of documented processes used to define policies and procedures around the implementation and ongoing management of information security controls in an enterprise environment. These frameworks are basically a blueprint for building an information security program to manage risk and reduce vulnerabilities. Information security pros can utilize these frameworks to define and prioritize the tasks required to build security into an organization.”
At UNICOM Engineering, our Information Security Management System (ISMS) framework is ISO 27001. Key tenants of this ISO standard are Confidentiality, Integrity, and Availability (CIA).
ISO 27001 is an information security standard jointly published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It specifies the requirements for developing an ISMS that allows an organization to bring all its Information Security (IS) practices under unified management. Once in place, an organization may become certified as ISO 27001 compliant by an accredited certification body upon successful completion of the requisite audits.
How it works
Risk management is central to an ISMS based on ISO 27001. The standard requires that an organization perform a risk assessment that considers threats, vulnerabilities, and impacts to its information assets. It must implement appropriate controls to mitigate unacceptable risks. Additionally, ISO 27001 compliant organizations must adopt a management process to ensure those controls continue to meet its information security needs as they change over time. A key strength of an ISMS based on ISO 27001 is that it requires cross-functional cooperation and participation for its effective implementation and ongoing management. It’s not just about IT. Employee information security awareness and participation are essential to an effective ISMS under ISO 27001.
Our commitment
UNICOM Engineering’s ISO 27001 certified ISMS, along with our employee and management commitment to cybersecurity and privacy awareness, establishes us as Cybersecurity Champions in this information and cybersecurity age. We identify and manage information security risks, guard confidentially and integrity of customer and partner information, and ensure availability as a demonstration of this commitment to our customers and their valued information. As ever-changing regulations affect our customers, partners, employees, and industry, we feel our company is prepared to respond and adapt due to our ISO 27001 practices, commitment to awareness of online safety and privacy, and to #BeCyberSmart through cybersecurity best practices.
Ultimately, National Cybersecurity Awareness Month reminds us to collectively re-evaluate our current stance on security. We all wish to garner the trust of our customers and partners. With trusted certifications like ISO 27001, UNICOM Engineering is able to gain that trust, not just in the month of October, but all year long. As we conclude our three-part series on cybersecurity, we hope you found our segment on ‘protecting customer data’ with information about ISO 27001 and information security frameworks useful. Learn more about other security and technology developments by reading our latest blog posts.
National Cybersecurity Awareness Month is co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security. NCSA is the nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness. NCSA works with a broad array of stakeholders in government, industry, and civil society. For more information about NCSA and ways to stay safe online, visit staysafeonline.org/ncsam.