Preventing data breaches through ISO 27001 approaches

Singapore just witnessed its worst data breaches of non-medical personal data records of 1.5 million users from Singhealth last week including the records of our prime minister. As a progressive smart nations and early adopters of digital technology and digital transformation, people would argue that better detection tools, those equipped with artificial intelligence and machine learning would be available to help to detect the unusual activities in data access and network activities. How can organization adopt a holistic approach to information security to prevent such data breaches from happening? There are 2 camps of thoughts when comes to information security, one is the process and people camp and the other the technology camp, while there is not right or wrong to the approach. In our view, a balance approach will be to apply people, process and technology coupled with a risk management appreciation approach to assess organizational information security measures. In view of this, ISO 27001 offers a comprehensive aspect to help organizations to adopt a preventive and holistic approach to look at their organization’s information security.

We would like to list down 8 steps for organization to consider to prevent data breach:

1. Identify your organization data assets and IT assets and its business value.
2. Determine using Availability, Integrity and Confidentiality model to ensure reliable and authorize access to your data assets and IT assets.
3. Identify all the risks that could breach your data assets and IT assets from step 1.
4. Apply controls to mitigate those risks identified and weight those mitigation measure against a cost/benefits and risk analysis.
5. Implement the necessary policies, measures, systems to support the controls.
6. Conduct regular audits, test and monitoring to ensure controls are working as intended.
7. Provide Information Security awareness training for your staff.
8. Review, report and update your plans regularly.

At Bodhi.gen we offer ISO 27001 implementation services to help company adopt a comprehensive approach to implement their information security measure in their organization and we would be delighted to talk to you more about this! Please contact us via the contact link.