What is an integrated approach?

The "Integrated Information Security" approach is a more holistic and enterprise-wide strategy to protect your valuable data. It involves more than only implementing technical Information technology counter measures and considers broader aspects of a security program such as:

Governance and corporate culture

  • Does your organization manage Information Security like your other corporate priorities?
  • Do you have an organizational information security policy in place to guide how information is managed and protected?

Physical and personnel security

  • Do you have the required policies and processes in place to ensure your human resources and infrastructure operate in a manner that takes into account the importance of information security?
  • Do employees understand that sound information security practices are a clear expectation of their work performance?

Non-IT information

  • Is it clear to all staff and management how effectively handle, store and share sensitive non-IT information and do they have access to sufficient storage equipment to protect this information?
  • Does your organization have clear procedures to manage (store, log, track, dispose) information contained on portable storage devices such as memory sticks?

IT and cyber security counter measures

  • Does your organization have robust cyber security controls in place?
  • Does your organization conduct regular reviews of your IT assets to discover security vulnerabilities, and upon discovery assign proper severity to trigger remediation actions?
  • Does your organization have a proper program in place to manage third-party security risks?

Emergency management and business continuity

  • Do you have plans in place to prepare your organization for information security-related situations such as an information breach of private data in order to limit business impacts, protect your clients, and meet legislation requirements?
  • Are you clear on what regulatory bodies need to be immediately notified in the event of a data/privacy breach?