Skip to content

Information Security Training

Online Network Security Training Services

Menu
  • Home
  • About us
  • Training Materials
    • By Position
    • All employees
    • Business Owners
    • Company Secretary
    • Compliance Managers
    • Directors
    • Human Resource Managers
    • IT Managers
    • By Position
    • Legal Directors
    • Management
    • Procurement
    • Sales and Marketing
    • Team Leaders
    • Training Managers
    • By Interest
    • Corporate Governance
    • Fraud Prevention
    • Free Resources
    • Information Security
    • Data Protection
  • Our Experts
  • Contact Us
  • Blog

Are you at risk?

Information Security Checklist

We have prepared a short and, we hope, helpful checklist which you can use to identify any areas of practice or policy where you may be at risk within your organisation.  The list is not exhaustive,  but highlights some of the key areas you might want to consider in the context of information security and data protection.

Insurance and denial of cover

One of the reasons you may want to use this short list is to ensure that your insurance cover (which may currently cover you against loss of data, consequential losses, cost of repairing insider attack or external hacking event, depending on your cover) is not denied. In the US, studies have put the cost of losses following a theft or loss of data at about $75 per record lost. So if you lost 20,000 customer records that is a lot of money to take off the bottom line. If your internal practices are not sound, then insurers could deny cover.

Is your data secure?

1    Do you take steps to ensure your staff and suppliers understand and comply with regulations on information security?

2    Would these steps be sufficient in the event of disciplinary or legal action?

3    Are you confident that your staff understand and comply with relevant data protection legislation?

4    Do staff have personal targets for compliance with security and data protection policies?

5    Can you provide up-to-date evidence that your staff understand their responsibilities towards security and operate within the guidelines of your security policies?

6    Are the results of data security training programmes aligned with staff development reviews?

7    Does your organisation issue a computer users’ Code of Practice?

8    Does the code extend to staff working from home, consultants and suppliers?

9    Do you take steps to ensure understanding and compliance with the Code of Practice?

10    Would you be able to present an up-to-date set of training records that an auditor could examine in the event of a security breach?

11    If you outsource your IT or other functional activities to an external agency, do you make provisions to ensure your data is secure?

12    Are those steps included in a contract? Are third-party electronic connections to your systems controlled and reflected in the contract?

13    Are you aware of the significant reductions that can be made to your insurance premiums when your staff are fully trained in information security?

14    Are you clear on the importance of your information, and is your protection of its confidentiality / integrity / availability proportionate to its importance?

15    If you hold information belonging to other companies or individuals, are your staff clear on the protection they must provide, and is that level of protection included in relevant contracts?

16    Are you confident that your colleagues respect the reputation of your organisation in the transmission of e-mails and Internet comments, especially in social networking sites such as Facebook and MySpace?

17    Can you produce evidence to demonstrate compliance with copyright and licence agreements with others?

18    Do you use intrusion detection systems that identify malicious activity, such as worms, viruses and hacking?

19    Can you provide up-to-date training records that would satisfy an auditor that you understood the basic principles of data encryption?

20    Do you have a business continuity plan?

21    If so, when was it last tested?

22    Are you concerned that you are unable to answer ‘yes’ to each of the above questions?

23    Would you like the reassurance of being able to access training from some of the UK’s top security experts quickly and cost-effectively?

If the answers to any of the above are ‘Yes’, then we suggest you view our training and reference materials.

Disclaimer
This guide is not intended as nor to replace legal advice, nor will any liability be accepted for any loss, cost, expense or damage suffered or incurred by the user due to any reliance placed upon it by the user.

© E-Security Exchange 2009

News

Key Elements of the Bribery Act

The Act aims to modernise and simplify existing legislation to allow prosecutors and the courts to deal with bribery more effectively. Tough penalties will be introduced against individuals and organisations found guilty.

see more
The Impact of Fraud

According to the BDO Stoy Hayward survey, the total cost of fraud in 2008 increased to £1.19 billion, up 14% from 2007. Reported fraud cost the UK £960 million in the first half of 2009. This figure represents ‘the tip of the iceberg’.

see more

Other News

Bookmark and Share

verified by visa mastercard securecode Click for company profile

  • Privacy Policy
  • Ts&C’s
  • Accessibility
  • Web Design Company adeogroup.co.uk
  • SEO by ICTAdvisor.com

Information Security Training 2021 . Powered by WordPress