The organizations usually have a fake feeling of safety with regard of their data. Although they think their system is well protected due to a safe and updated network, there are many vulnerabilities constantly explored even on the more popular systems.

The major part of organizations have no idea that their system could fail on information security. They just understand this when the worst happen.

The implementation of good practices (processes and procedures) worldwide recognized standards, like the ones that are found on ISO/IEC 27001:2013, helps to decrease the existent security incidents having in count the coverage of the involved matters.

With the recognition perspective on the market, the certification of this standard lends credibility to the certified companies, ensuring an image of concerning with security of their information and with the information of their clients and partners. Even if the organization doesn’t choose the certification path, it should follow a set of good practices of security based on the standard.

Even if the organization doesn’t choose the certification, it should follow a set of good practices of security. These practices are essential to protect the company information:

  • Awareness of the employees about the phishing’s dangers.
  • The majority of the security incidents have origin on the organization.
  • Develop good and embracing policies and procedures of security, including policy for mobile equipment, telework, equipment re-use, encryption, installation and download of applications.
  • Guarantee that the employees know the implemented policies and understand the reason for their implementation.
  • Guarantee and monitoring the applications patches updates as well the antivirus software.
  • Conduct regularly penetration tests, maintaining updated the information about threats and vulnerabilities.
  • Implementing rules of good practice for passwords creation and maintenance.
  • Use of secure networks for access to information during all life cycle of the projects.

The requirements defined are general and can be applied to all organizations, regardless of their type, dimension and nature. This standard can be implemented with the urgency and budget appropriate for each company with DRC support.