In the wake of revelations by the 2013 Norton Symantec Report which highlights that South Africa has the third-highest percentage of cybercrime victims globally
JOHANNESBURG, South Africe -
(EINPresswire via NewMediaWire) - February 10, 2014 - Johannesburg, SA, 4 February 2014 – In the wake of revelations by the 2013 Norton Symantec Report which highlights that South Africa has the third-highest percentage of cybercrime victims globally after Russia and China, followed by latest reports about the South African National Roads Agency's (SANRAL's) privacy breach, experts warn that failing to tighten their security controls may cost South African businesses dear.Alan Calder, Founder and Chief Executive of IT Governance, a global cyber security solutions provider with operations in South Africa, says:
“The implications of a data breach can be fatal for small- and medium sized businesses, but the repercussions can also cause considerable financial and reputational damage to large organisations. The proliferation of cyber crime is a global problem, but it is even more acute in South Africa where the gap to implement cyber security best practice is bigger. With the Protection of Personal Information Act just recently being enacted, organisations will need to tighten up their policies and processes to avoid future penalties once the Act is enforced.
“In order to be competitive at both national and international level, savvy South African organisations will be right to follow the steps of thousands of companies worldwide which have turned to ISO 27001 as the best practice information security management system.”
Calder, a South African, was part of the team of two directors from IT Governance responsible for leading the world’s first successful certification to BS7799, the forerunner of ISO 27001.
South Africa has experienced a 56 % year-on-year growth in ISO 27001 certifications since 2011, however lags behind the countries like Japan, India and the United Kingdom, where ISO 27001 is a prerequisite for doing business with the government, or even legislated. In many countries, leading organisations are now demanding that their suppliers be ISO 27001 certified as a guarantee that their information will be protected throughout their contractual relationship.
ISO 27001 is the internationally recognised framework for implementing an information security management system (ISMS), and sets out specific requirements by which an organisation’s ISMS can be managed, audited and certified. Implementation of the standard brings proven benefits including:
* Better protection of the company’s information assets;
* Identifying vulnerabilities and minimising security risk by putting appropriate control measures;
* Winning and retaining business opportunities;
* Protecting and enhancing the company’s reputation;
* Building trust (internally and externally);
* Demonstrating compliance with the Protection of Personal Information Act.
* Organisations that are new to ISO 27001 will benefit from the following resources to find out more about the standard and certification process:
* ISO/IEC 27001 2013 ISMS Requirements details the requirements for an information security management system. http://www.itgovernancesa.co.za/p-958-isoiec-27001-2013-iso27001-iso-27001-isms-requirements-pdf.aspx
* Nine Steps to Success provides practical guidance to achieving ISO27001 compliance. http://www.itgovernancesa.co.za/p-545-nine-steps-to-success-an-iso-27001-implementation-overview.aspx
* The Case for ISO27001 outlines the case for ISO27001 and how it will safeguard your information. http://www.itgovernancesa.co.za/p-796-the-case-for-iso-27001.aspx
More information on information security best practice is available at http://www.itgovernancesa.co.za/
Desislava Aleksandrova
IT Governance
08450701750