Earlier this year I decided to take on my second apprenticeship with Invotra in cyber security.
I’m now six months in and I’ve been exposed to a variety of topics from fundamental security principles to more in-depth network security, open source intelligence and encryption.
In the past, I had primarily been concerned with the security of our product and technology in general. It’s all too common for people to associate cyber security with technology alone, and I was guilty of this too.
I’d argue that the most important takeaway for me also appears to most basic, and the one first things you learn as a cyber security apprentice: securing the business triangle.
- People
- Process
- Technology
People – It’s essential to ensure that staff are aware of how cyber threats can affect their day-to-day job, how to notice them, and how to protect against them. Anyone could be the victim of a phishing email or social engineering attack.
Process – Processes allow a business to define how information is secured and how to mitigate security risks in all areas of the business.
Technology – All technological devices need to be secured. This includes your internal network, servers, laptops, phones, and even your printer (to name a few).
It’s important to note that not one single part of this triad is paramount. Cyber threats are becoming more sophisticated at a fast rate. It’s therefore crucial that you keep all three parts of the triad up-to-date with the latest threats. So, how do you do this?
Security awareness training
As aforementioned, staff need to be trained in cyber security regularly to ensure that they’re always up to date with the latest security threats. Embedding a culture around security will aid this, as thinking about security becomes second nature.
ISMS & ISO 27001
An ISMS, or information security management system, is a set of policies and procedures for managing sensitive data within an organisation. By implementing an ISMS effectively you can minimise the risk to the business in terms of security and keep staff engaged as an ISMS should cover all areas of the business.
ISO 27001 is an international standard which defines the requirements for an ISMS. Becoming ISO 27001 certified requires an audit of the ISMS to make sure that it meets specification. Not only will this ensure that your ISMS is implemented effectively, it will keep your ISMS up to date as the certification needs to be renewed regularly.
Find out more about apprenticeships at Invotra here.
