A group of people working together can achieve a goal more quickly and effectively that one person working alone. Information security law compliance is difficult and requires an information security team of people to do it properly.
Your team should be made up of people from diverse disciplines within and external to your organisation. We’re running an online Information Security Compliance Programme to train your team and give them the tools that they need.
Let’s talk about building your information security team to secure your information and respond to data breaches, leaks, and other incidents in compliance with the law.
Why is information security law compliance so difficult?
Information security is a complex problem. Working out how to protect the information and information systems in your organisation from unauthorised access in compliance with the law is an unwelcome situation involving doubt, uncertainty and difficulty:
- Is your organisation doing enough to comply with information security laws? Are you doing the correct things?
- What happens in the event of a data breach, leak, or other incident? Will the authorities hold your organisation (or someone responsible for it) liable?
- How do you go about complying with information security laws without spending too much time or money? How do you get bang for your buck?
Information security law compliance is made up of many different and interconnected parts that you need to give attention to in order to overcome. It’s not something one or two people in your organisation should be responsible for. You need a group of people from multiple disciplines working together to protect your information and information systems from unauthorised access and ready to handle any breaches, leaks or other incidents when they happen.
How should you assemble an information security team?
You need a group of people from diverse disciplines to tend to your organisation’s information security compliance needs. Having people with different areas of knowledge gives you a wide range of expertise to draw on in a crisis. Your information security team should consist of people from one or more of the following disciplines:
- management – executives or other people responsible for controlling and managing the affairs of your organisation, because they are also responsible for your information security, have an interest in controlling it and will likely have to manage the fallout of an incident when it occurs
- legal – the people responsible for any problems relating to the law, because information security law compliance is a legal problem and incidents have legal consequences
- compliance – the people who must make sure that your organisation complies with relevant codes, rules, and standards, because information security law compliance is central to their role
- data protection officer – the person responsible for making sure that your organisation complies with relevant data protection laws (such as the GDPR, DPA or POPIA), because information security is a core principle of data protection
- IT – the people responsible for the use of digital equipment, infrastructure, networks and other resources to process information in your organisation, because securing information in compliance with the law and handling incidents well involves the effective use of IT resources
- forensics – the people responsible for using scientific knowledge to address legal problems within your organisation (such as to solve crimes like fraud), because an information security incident will often have a forensic component
- human resources – the people responsible for hiring, managing and training personnel in your organisation, because your personnel are often your weakest link when it comes to information security, but they can be your strongest if they are chosen, administered and trained to protect your information and information systems from unauthorised access and respond to incidents correctly
- PR – the people responsible for maintaining a favourable relationship between your organisation and the public, because complying with information security laws can promote goodwill in your organisation and failure to do so can damage it (particularly when an incident occurs)
- external service providers – contractors outside of your organisation that you rely on for specialist skills when it comes to your information (such as outsourced data processors, IT administrators, or marketing agencies), because they have power over a significant potion of your information and the potential to make or break your organisation from an information security perspective
Once you’ve chosen your team you need to make sure that they are:
- prepared to do their jobs – give them the training and tools they need to protect your information from unauthorised access and respond to incidents properly
- accessible on short notice – data breaches, leaks and other incidents may happen at 3AM on a Sunday morning and don’t conveniently stick to office hours
- meeting with each other regularly – to share their experiences in securing your information and plan for continued compliance going forward
What should you do to prepare your information security team to do their jobs?
You should sign them up for our online Information Security Compliance Programme that we are running during February 2018, with:
- four live one hour webinars on Tuesdays at 10 – for your team to engage in a discussion with our resident information security compliance expert
- accompanying course content on the members area of our website (including webinar recordings and case studies) – for your team to review and digest in their own time and refer back to whenever they like (such as when an incident occurs, access continues indefinitely beyond February)
- and curated document templates – for your team to adapt with our guidance to fulfil the information security needs of your business, including our Information Security Action Items, an Information Security Policy and an Incident Response Policy
The programme costs R15,927.00 incl. VAT for up to three people from the same organisation and R 3,927.00 incl. VAT for each additional person at the organisation beyond the first three.
To download a free four page executive summary of our compliance programme for yourself or to show to your director, manager or another executive, simply fill in the form below and we’ll email you your free executive summary.