When companies consider information security, they mainly refer to the cyber aspect. Not unimportant but certainly not everything. As can be seen below, there are significant human, procedural, systematic and physical aspect to information security. Based on our experience in the world of intelligence, we have developed a three-step approach that takes every factor into account.
Information Security Scan
Step 1: Crown jewels
Before considering the threats your organisation faces, we should first define what these threats are targeted at. In other words, which information does your organisation possess which is valuable or even critical to the continuity of your company and how is it currently protected? We define these ‘crown jewels’ through interviews with staff members throughout your organisation, exploring known and unknown categories of essential information
Step 2: Threat analysis
In our analysis we look at the intentions and capabilities of all relevant actors. These can range from regular actors, such as (foreign) government agencies and competitors, to subversive elements like criminals and disgruntled employees.
Per actor, we analyse:
- whether they might have the intention of acquiring (access to) your organisation’s crown jewels;
- whether the current protection of the particular crown jewel is enough to match the capabilities of the actor
Step 3: Information security program
For this program, existing measures are reviewed and – wherever necessary – improved to fit into the program. In addition, new measures are proposed, covering the remaining white spots in the information security of your organisation.
To structure the measures accordingly, the program is organised based on the four main elements of information security, being:
- the physical element, such as access control;
- the human elements, for example employment screenings and information security awareness;
- the procedural element, including processes regarding traveling with information and the classification of information and access;
- the systemic element, providing a comprehensive approach to cyber security.
End result
With our Information Security Scan, your organisation is provided with a roadmap towards comprehensively organised information security, enabling you to act instead of react to possible threats. Through this roadmap, we enable you not only to avoid unnecessary reputational damage and costs, but also to organise the security in a manner enhancing your business. This way, your peace of mind regarding the security of the organisation’s crown jewels is ensured.
Information Security Scan
Securing information is a delicate process that involves more than just IT.