The internationally acclaimed standard for information security management, ISO/IEC 27001, is currently being revised. ISO/IEC 27001 formally specifies a management system that is intended to bring information security under explicit management control. Being a formal specification means that it mandates specific requirements. Organisations that claim to have adopted ISO/IEC 27001 can therefore be formally audited and certified compliant with the standard.
It’s a well-known fact that small businesses are more susceptible to cyber-crime than many of their larger counterparts. A lack of funding and resources means that few small to medium-sized businesses can afford to pay for vulnerability assessments or penetration testing of their network security. But just how much money is this failure to protect online networks costing small businesses? Well, according to Federation of Small Businesses it’s something in the region of £785 million every year. That staggering figure is the price SMEs pay when they fall victim to fraud and malware.
With an increasing number of critical systems being placed within virtual environments, security is now understandably a prime concern. Systems can be attacked, and valuable information and assets can be compromised. Vulnerability management systems are designed to address these issues. Vulnerability assessment is the process of identifying how vulnerable an infrastructure is to known vulnerabilities—the number one threat to all networks today. The threats/risks found in the vulnerability assessment are then ranked and prioritized to expose the current security position, and to facilitate the re-mediation process.