Confidentiality – Integrity – Availability
Information is a critical resource in every business, but Information Security is often overlooked. An effective Information Security program will help ensure that sensitive or valuable information will not fall into the wrong hands (confidentiality), that information will not be damaged or changed without proper authorization (integrity) and that information resources can be readily accessed by appropriate users when and where they are needed (availability).
Even if you think you have addressed Information Security issues, you may not have addressed them all and there is always room for improvement.
Most security vulnerabilities are due to a lack of awareness of the risk and potential impact resulting from a breach. Development of clear policies and procedures, along with an employee awareness / training program can dramatically reduce your exposure.
In addition, most Information Security breaches are primarily due to a failure of the underlying business process, NOT to a technical failure.
Effectively addressing the threats to Information Security requires a practical understanding of the business value of the information (both to you and to potential thieves), an understanding of the technology (hardware and software) used in producing and storing the information and an auditor’s ability to identify weaknesses and create effective controls.
Dopkins is uniquely qualified to assist you in cataloging your information assets, identifying threats and weaknesses in your information systems and developing effective policies, procedures and technical controls to safeguard your valuable information.
- Development of Policies and Procedures
- Internet and email usage
- Password Management
- Effective Backup Management
- Employee Awareness and Training
- IT Risk Assessments / Audits
- Based on ISO 27002 and CobiT 5.0
- Internal Control Reviews
- Business Continuity Planning / Disaster Recovery
Your technology should help you manage your business. You shouldn’t have to be in the business of managing your technology.
For more information, please contact
, CGEIT, CRISC
Achieving Results: People to People