How safe is your data and how secure are your supplier interactions?
Many organizations are interested in cyber security and protecting their business. It is a serious economic challenge and we need to be able to depend on having a secure cyberspace.
This article in Supply Chain Brain discusses the issues as they relate to supply chain and procurement professionals. There are very complex relationships in an organizations supply chain and it is difficult to know where the risks are. Data for specifications, consumer credit card information, legal matters are just a few areas that need to be protected.
There is a standard known as ISO27001 which can serve as a great baseline and starting point. There are 11 parts of the standard.
- Security policy - management direction
- Organization of information security - governance of information security
- Asset management - inventory and classification of information assets
- Human resources security - security aspects for employees joining, moving and leaving an organization
- Physical and environmental security - protection of the computer facilities
- Communications and operations management - management of technical security controls in systems and networks
- Access control - restriction of access rights to networks, systems, applications, functions and data
- Information systems acquisition, development and maintenance - building security into applications
- Information security incident management - anticipating and responding appropriately to information security breaches
- Business continuity management - protecting, maintaining and recovering business-critical processes and systems
- Compliance - ensuring conformance with information security policies, standards, laws and regulations
Have you done any of the list above? I know I have participated in exercises that involve many of them. What did you learn and which have you found to be most effective?