In this Section

Importance of Information Security

The world is changing at pace, and so too are the risks to your information assets and business. Online applications, cloud computing and mobility are the new technology paradigms that both the public and private sectors are adopting in growing numbers. This is happening in a period where the value of information is increasingly considered a major organisational asset.

The change of technology use is occurring in a global environment where the threat landscape has intensified and the likelihood of an unsolicited attack on an organisation’s information systems, regardless of size or industry, has increased significantly.

Imagine waking up to discover that your IT systems have been hacked. Your company’s financial results have been leaked to the media; your confidential business plans have been compromised; your employees’ personal files have been posted on the internet. The market loses confidence in your organisation, your share price takes a dive, and your directors are found to be personally responsible for inadequate risk management practices.

Every organisation uses information, most are dependant on it. Information is an asset that, like other important business assets, is essential to your business and consequently needs to be suitably protected. This is especially important in the increasingly interconnected business environment, where information is now exposed to a growing number and a wider variety of threats and vulnerabilities. Causes of damage such as malicious code, computer hacking, and denial of service attacks have become more common, more ambitious, and increasingly sophisticated.

Information security is not an ‘IT problem’, it is a business issue. Obviously compliance with legal and regulatory requirements is important. It provides a very good reason for reviewing your information security practices, but it should not in itself be the sole or even the main driver. If a business wishes to survive, let alone prosper, it must grasp the importance of information security and put in place appropriate measures and processes.