On September 5, 2009 , Bloomberg reported that the Mitsubishi Corp. internet shopping unit lost credit card details on 52,000 customers after its servers were hacked from overseas. In July 2009, the Japanese Insurance firm Alico said the suspected leak of its customers’ credit card information may have led to about 2,200 cases of credit card fraud. The company mentioned that credit card information related to up to 130,000 insurance contracts may have leaked.
The biggest risk for any company is that of loosing customer data. There are major financial costs in addition to regulatory breaches. The customers also start loosing faith in a company, incapable of managing the most critical of assets, it possesses. So this raises the question, how secure can our data be? Do different types of data, need different levels of security? Who defines these controls? In most countries, companies are obliged to ensure the confidentiality, integrity and the availability of data. We know of the UK Data Protection Act , EU Data Protection Directive , HIPAA etc. which govern the data protection requirements .
Risk Assessment and Gap Analysis
The cornerstone of ISO/IEC 27001 is Risk Assessment and Gap Analysis. Given the nature of ever-changing security needs, Risk Assessment and Gap Analysis should be continuous processes. Traditionally, the Risk Managers and security personnel have been using Excel sheets to manage this activity, which often becomes tedious. It is difficult for people to monitor the controls and the security responsibilities of the organization row by row and matching them to the columns available in an Excel sheet.
Compliance with ISO/IEC 27001?
The Risk Management Studio (RM Studio) facilitates the Risk Assessement and Gap Analysis activites of a Risk Manager by providing a ready dashboard, to observe and analyse the current state of security readiness of the operations. With RM Studio, Insurance organizations can quickly achieve IT configuration integrity by proactively assessing how their current configurations measure up to the requirements as given in ISO/IEC 27001. This provides the Insurance companies immediate visibility into the state of their systems, saving the time and effort otherwise spent in analyzing Excel sheets.
An important part of the RM Studio, is its ability to incorporate the business continuity planning for Insurance companies. These are critical for restoring a company’s operations following a potential operational disaster. The RM Studio provides templates and documents for updating and improving continuity plans for Insurance companies.
For more information on the RM Studio, please visit www.riskmanagementstudio.com or drop us a line at stiki@stiki.eu .
(Advertisement)