Is your money well spent on Cyber Security? How appropriate are they and how well placed and configured?

Is your money well spent on Cyber Security?  How appropriate are they and how well placed and configured?

Posted 07 September, 2021 at 12:39

Author Kevin Hawkins on behalf of H2 Cyber Risk Advisory Services Ltd


Here at H2 we talk a lot about targeting your spend to ensure that your money is spent on protecting what is really important to you, ensuring that such protections are in the right place, configured to protect what really needs protecting, are maintained correctly and are of course, effective.  So how do you do that?  Do you just take a good guess at what is needed?  Of course not, but it’s still a valid question.  Did whoever built your network install a firewall, did they set up an effective anti malware regime ie one that is constantly updated using a process whereby users can’t stop it if it becomes inconvenient?  That happens, believe me.  And these are just a couple of issues that need to be addressed on going.

Your biggest business asset is your information. It is this that cyber attackers are after, be this financial information, confidential information, or business sensitive information.

Unfortunately, many businesses don’t understand the true value of their information, leading to a ‘one size fits all’ approach to cyber security which typically means some information is over protected whilst other data is under protected, both of which have monetary and threat implications.  H2 has developed an industry leading Tri0ple A (Affordable, Appropriate and Accreditable) risk assessment process to remedy this, and to ensure that your information is effectively protected at the right cost.  This is called the Information Risk Assessment and Management (IRAM) process.
 

But how do you do this?  Where to start?  He IRAM process works as follows:

  • Phase 1 – H2 conducts an assessment reviewing your existing information security, data protection protocols, technical security controls, and processes and procedures to determine their effectiveness and appropriateness.
  • Determine the Data Assets (computers, mobiles, filing cabinets, whiteboards, servers, people etc – ie everywhere that data is held – hard or virtual copy or in someone’s head).
  • Run through each Data Asset (or group of them) against the Controls and Procedures in accordance with your security policies (if you haven’t got security policies then that’s a whole other discussion), to determine which should apply and how they are currently being applied.  It’s very useful to use a standard such as ISO27001 for this, even if you have no intention of applying for certification.
  • Phase 2 – Working to your timescale and budget, H2 implements the findings from the risk assessment process which has used 24K1 ISMS.  This could include introducing simple changes to your processes, all the way through to implementing technical solutions that provide effective protection from threats.
  • Phase 3 – People within a business come and go, and cyber threats and risk are continually evolving.  Due to this, H2 works with you to develop an appropriate package of staff training and security system maintenance activities that keep you protected in the long term.  Available on a retainer (as needed) or monthly subscription basis, this phase ensures your business is fully IRAM compliant.

If you have a system to help you with this, then that really is the way to go.  H2 has partnered with Secure Business Data to enable us to use, and where appropriate, to sell 27K1 ISMS.  This is a risk assessment tool that is specifically targeted at SMEs and is therefore very competitively priced. It can come with an annual or a monthly fee, however you prefer.  We have adopted this system for use with our IRAM Service.

More from H2 Cyber Risk Advisory Services Ltd

Cyber Security Threats to Small to Medium Businesses
Event & Invitation

Cyber Security Threats to Small to Medium Businesses

23 September 2021
How Important are Cyber Security Policies
Article

How Important are Cyber Security Policies

20 September 2021
H2 Invites you to a FREE Webinar on the threats to SME Businesses
Event & Invitation

H2 Invites you to a FREE Webinar on the threats to SME Businesses

16 September 2021
The return of coffee shop working, and it's attendant dangers
Article

The return of coffee shop working, and it's attendant dangers

14 September 2021
Card image cap
user

H2 Cyber Risk Advisory Services Ltd

SME

Profile Feed
Established in 2016, H2 Cyber Risk Advisory Services is a specialist cyber security and data protection company that focuses on providing innovative and robust security solutions to the UK SME sector. Its founders, Kevin Hawkins and Bob Hay, are amongst the best qualified and most experienced...

11

Press Releases