Hall, who founded information security software company Infogov, says: “Information and security management is really founded on knowing the value of information to the company.”
That applies to big and small companies, although the types of problems they face are typically different. “Small companies generally understand the business inside out and know what’s important. The thing they suffer from is technology problems and they often don’t have the right expertise,” he says.
“Most large organisations tend to equate information security with IT, and they tend to outsource a lot of their IT. If they’ve got the culture that risk management is all about IT, they think they’ve delegated risk management as well.”
Hall says it’s also important to follow best practice. “Best practice means going through the right process to work out what the business requires, and it should start by doing a risk assessment on the business to understand what’s important. Then it’s about identifying the risks that company is exposed to and putting controls in place.”Related article: Data protection: the government’s double standards
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.