Learn about the Cyber Security Awareness Alliance and its role to help SMEs adopt essential security measures and build a positive culture of cyber security in Singapore.
Infocomm security is both a business and technology issue. Many SMEs may not know where to start or what to do on boosting the security of their IT environment. Working with limited resources and relatively smaller budgets, SMEs looking to protect their IT networks or critical customer information and proprietary data may face challenges on where to begin.
Help is on the way with the launch of the Cyber Security Awareness Alliance ('Alliance') to point SMEs in the right direction. The Alliance is part of a new $70-million Infocomm Security Masterplan 2 that was launched earlier in April this year to equip the public, private and people sectors with greater infocomm security competency, and build up the resilience of Singapore's national infocomm infrastructure and services against cyber attacks.
As a collaborative body formed from partners from the public and private sectors, the Alliance will amalgamate efforts from its members by bringing together different strengths and resources. In its focus on SMEs, the Alliance aims to build a positive culture of cyber security in Singapore where SMEs adopt essential security measures, such as firewall and anti-virus software.
SMEs would do well to start off with establishing a Corporate Security Policy, which helps companies decide how to keep corporate knowledge and data secure. Companies are required to ensure the confidentiality, integrity and availability of their data. Benefits of establishing a corporate security policy include:
- Business continuity;
- Reduced corporate risk from safe information sharing;
- Meeting of industry and government standards and regulations; and
- Raised security awareness among staff, increasing the likelihood of individual compliance.
The first step in formulating the policy is to identify the key assets to secure, and which assets will be extended to whom. This will guide users in knowing what is allowed, and administrators and managers in making choices about system configuration and use. A thorough policy is a living document that changes with corporate needs, and evolves to guard against perceived threats and changing system architectures.
Businesses then need to clearly define the procedures, guidelines, and practices for configuring and managing security, with three key components:
- A brief document in broad, generic terms describing your organisation's philosophy and expectations regarding infocomm security. Touch on four key elements: to whom and what the policy applies; the need to follow the policy; a general description; and consequences of not following the policy.
- A document containing a set of standards, impacting the day-to-day operations, which is accepted by all employees.
- An operational guide that details exactly how security controls must be implemented and managed. These instructions are used by all employees to achieve compliance with the company's security policy and standards.
Having a security policy that is easily measured and enforced is important. However, few organisations have the means to monitor compliance on their own and may opt to outsource this to a third-party. Others choose to implement technology solutions that are specifically designed to measure security policy compliance.
Information security standards and government regulations are a great foundation for corporate security policy. These include the International Standards Organisation (ISO) 17799/27001, which provides recommendations for best practices regarding information security management.
Creating, maintaining, and enforcing corporate infocomm security policies go a long way towards ensuring business continuity even as threats to that continuity increase in complexity, number, and speed. A durable security policy reduces the likelihood of a security failure, giving businesses a competitive edge in today's connected world.
According to IDA's 2007 Annual Survey on Infocomm Usage by Enterprises Survey, 66% of the SMEs are making use of the Internet and 31% already have a Web presence. Developing your own business website breaks down barriers of doing business and brings your business onto the global marketplace. Get your business online today.
- This article is contributed by the Infocomm Development Authority of Singapore (IDA) and the Singapore Infocomm Technology Federation (SiTF), members of the Cyber Security Awareness Alliance.
- This article first appeared in The Business Times on 3 June 2008 and information is correct at the time of publication.
Back to SMEs' Spotlight
