fbpx
Tel: 08610 99473 / 012 644 0142

Complete the below and we’ll call you back!

Article

PPS Investment Group and ISO/IEC 27001: Is your organisation safe from cyber-attacks?

Cybersecurity in South Africa is becoming a pressing issue for businesses and consumers alike. Many organisations are lacking a standard of information security that is necessary to protect information handled internally and externally, and as a result, are making themselves vulnerable to cyber-attacks. In the digital world, information security is more necessary during the Fifth Industrial Revolution than ever before.

 

What is the Fifth Industrial Revolution?

The Fifth Industrial Revolution is almost upon us. As the Fourth Industrial Revolution, we see the blurring of the human-machine divide. The Fifth Industrial Revolution sees humans and machines working together in increasingly complicated ways in the workplace. As a result, there is a greater emphasis on human intelligence, especially as we find ourselves surrounded by Big Data. We must question the safety of information in the digital world.

 

Are industrial cyber-attacks on the rise?

Yes, and consumers are aware of this. As is the case for PPS South Africa, an insurance and investment company that suffered a massive data breach last week. Their 15 000 members were informed over the weekend that their IT infrastructure had been compromised. PPS Group Chief Executive told clients:

“PPS regrets to inform you that we have fallen victim to a malicious cyberattack on our IT Systems”

He did not specify the nature of the compromised information, but it is important to note the consequences of a personal information data breach, which could result in identity theft and fraudulent activities.

What is ISO/IEC 27001:2013 and how can it help an organisation?

ISO 27001:2013 protects organisations from data breaches. It is the International Standard that outlines how an organisation can manage its information security. Information is a commodity and as an asset, there is an element of risk. This data could be anything from trade secrets and designs to customer and supplier lists.

ISO/IEC 27001:2013 outlines the requirements for developing and preserving an organisation’s Information Security Management System. It tells stakeholders that as an organisation you are committed to the protection of their private information. ISO/IEC 27001:2013 assures that risk systems are in place.

An Information Security Management System in accordance with ISO/IEC 27001:2013 will provide a set of processes that assist an organisation of any size to be in control of its processes by understanding and managing risks through policies, processes, procedures, and risk assessments. It ensures your data and information with regards to internal and external parties is safe and secure.

By keeping information secure, ISO/IEC 27001:2013 compliance can assist you to:

  • Securely handle sensitive information from both internal and external sources.
  • Comply with legal and other requirements.
  • Promote a risk and security awareness culture.

Some of the other benefits of introducing ISO/IEC 27001:2013 include:

  • Keeping confidential information secure.
  • Providing stakeholders with confidence in your management systems.
  • Allowing for the secure exchange of information.
  • Helping you comply with other regulations like SOX.
  • Provide you with a certificate from a certification body giving you a competitive advantage.

Protecting the company, assets, shareholders, and directors, because ISO/IEC 27001:2013 management is committed to protecting the organisation’s information.

Read more about Preventing cyber-attacks here.

How does an organisation become ISO/IEC 27001:2013 certified?

In short – with WWISE. We have a range of professionals who are registered lead auditors who will assist in the implementation and maintenance of any ISO Management System. A good Consultant understands the processes employed by your company and how best to approach the implementation of the ISO requirements.

WWISE has a 4-Phase Approach:

  • Phase 1: Gap Analysis Audit and Information Gathering.
  • Phase 2: ISO Documentation, Risk Assessment, and Process Mapping.
  • Phase 3: Implementation and Coaching.
  • 4: Certification.

We offer one-on-one coaching and on-the-job training where we mentor you and your team. As a consulting firm, we do not provide certification services. However, we will guide you through the certification process and ensure that your business becomes certified. For more information on how you can digitally secure your business with ISO/IEC 27001:2013 contact WWISE 086 109 9473 or 021 525 9159 or visit https://www.wwise.co.za