The recent revelation that Debenhams was responsible for the exposure of 26,000 customer records showed just how important it is to practice effective supply chain management.
The breach is reported to have been initiated through a malware attack on the e-commerce site of its online florist business, delivered by a 3rd party vendor. Debenhams claim it has not affected their main online store and all activities have been suspended through affected sites.
It’s a timely reminder of the need to understand and mitigate the risks involved in partners handling information assets. Certainly, with GDPR just a year away from coming into effect, it’s crucial to look at not just how data privacy is managed but also how you will assure regulators and other stakeholders that you meet the requirements for robust information security management throughout the supply chain.
Many organisations favour a comply or die approach to vendor selection, using lengthy standard questionnaires to establish information security credibility. These may describe technical and operational processes but do little to demonstrate they are being effective.
An externally accredited ISO 27001offers those assurances, although SME partners have struggled with the financial and administrative burden of compliance in the past and this has placed them at a disadvantage.
That is, until ISMS.online, a secure cloud software solution which makes effective information security management more cost-effective and easier to achieve than previous traditional methods.
At ISMS.online, we promote a Responsible Customer approach where supporting supply chain partners through engagement and collaboration delivers results for both parties, and helps to secure the valuable information assets of all parties.
Information security is a busy calling. Keeping up with security news whilst staying abreast of recent incidents and threats can be a time consuming business.…
Keep reading >
With EU GDPR high on every organisations priority list in 2017, there can be few CIO’s and CTO’s not considering its impact on business performance and…
Keep reading >
#21 Vampire: Vampires are terrifying. But they’re also charming. That’s because most of them can only enter your house if you invite them in.
Keep reading >
Halloween’s here, the spookiest time of year. That set us thinking about our favourite monsters. They have a lot in common with the infosec challenges…
Keep reading >
COVID-19 has affected almost every organisation on the planet. On the positive side, it’s been a stress-test for business. Faced with a world of content…
Keep reading >
2016 will be remembered by many for some of the alarming cyber events that took place.There were the allegations that the Russians may have influenced…
Keep reading >
#12 Phantom: Unfinished business in the past leads to undead creatures bothering the present. That’s your average phantom for you. They’re pretty unsettling until you…
Keep reading >
Table Of Contents:0.0.1 - For those in the infosec world, (or indeed anyone that values their own data, bank balance and privacy), password security is…
Keep reading >
The next CompTIA EMEA Partner and Member Conference is underway. You can meet some of the ISMS.online team and be part of some exciting new…
Keep reading >
Stay Informed
Join our club of infosec fans for a monthly fix of news and content.
