Security: it’s all about managing risk!

EnterPrise_01_ComplianceOrganizations are increasingly dependent on their digital infrastructure. At the same time, these organizations seem to be more vulnerable than ever as cyber criminals’ techniques become more and more sophisticated. So how can you handle this situation? In other words: how do you become a secure online organization?

This was one of the topics discussed by Dell and LeaseWeb customers during a roundtable discussion about security. IT security specialist and journalist Brenno de Winter provided interesting insights in his introduction: “If your company wants to be a secure organization, you have to manage risks. There are four options when dealing with risks: accepting them, reducing them through security measures, avoiding risks by ceasing certain activities, or to partially outsource risk management to a third party. There are also affordable insurance policies against hacks available which are worth considering. But no matter what you do, make sure you have a risk management strategy in place, supported by tools that identity the security risks of your organization.”

Possible approach: an example

As I mentioned previously, security starts in the boardroom. It’s all about minimizing your risks as much as possible. During the roundtable I explained how LeaseWeb implemented risk management.

We began by identifying the risks the company faces. Every department was subjected to a risk assessment, from the reception desk up to the boardroom. At the end, 225 risks were identified. For every risk we determined the appropriate control measures. We then applied these control measures and examined what risks remained. This way we were able to develop a risk management framework that also indicates whether a risk impacts the confidentiality, integrity or availability of information. Using this framework we examined every part of the organization, learning how the control measures actually worked in practice. This is also reflected in our ISO 27001 and SOC1 reporting. It was a huge undertaking but – thanks to our risk manager – we now know exactly what risks we have to deal with and how they are mitigated through the measures we have taken.

When using an approach such as ours (which we dubbed The LeaseWeb Trust Model), the board has to determine if risks are being managed well enough or if more action is required. Every additional measure has an impact on the security system as a whole because everything is interconnected and measurable. Navigating this complexity makes my work not only worthwhile but also fun.

Leave a Reply

LeaseWeb on Twitter

Are you at @Digital_Dragons ? Don’t miss Onno Lammers’ talk “Don’t play their games: keeping #gaming IT safe from hackers” 18:00, Hall D

test Twitter Media - Are you at @Digital_Dragons ? Don’t miss Onno Lammers’ talk “Don’t play their games: keeping #gaming IT safe from hackers” 18:00, Hall D https://t.co/WJ4x2k2ErM

We are at @Digital_Dragons Meet us at booth A43 or set up an appointment with our #gaming #infrastructure experts digitaldragons.pl

test Twitter Media - We are at @Digital_Dragons Meet us at booth A43 or set up an appointment with our #gaming #infrastructure experts https://t.co/dCyKKVExQp https://t.co/Qa6DtTGKz5

#TechSummitIO We are giving away one free ticket to the first 10 people to use the code I-CANT-WAIT-TO-BE-THERE! techsummit.io/amsterdam/#tic…

test Twitter Media - #TechSummitIO We are giving away one free ticket to the first 10 people to use the code I-CANT-WAIT-TO-BE-THERE! https://t.co/fnYYEhkC97 https://t.co/Oc4HTETpPN

Just won the Silver Award at the Hosting & Service Provider Summit. We would like to thank our customers and partners for voting for us!

test Twitter Media - Just won the Silver Award at the Hosting & Service Provider Summit. We would like to thank our customers and partners for voting for us! https://t.co/vxTQtfw33i