1-888-PIVOT-POINT | 1-888-748-6876

These Technology IT Security links are part of a weekly series, Ethical Hacker Roundup, featuring the information security and cyber security related articles that we’ve read over and thought worth sharing from the past week.

These articles have were emailed to us, shared on Twitter @pivotpointsec, Google Plus and read in RSS subscriptions this week.

 

Calling All Call Centers – Become ISO 27001 Certified

Currently there is no specific standard for IT Security at call centers.  However, in the article on EzineMark, the author wrote how call centers should become ISO 27001 certified and businesses looking to utilize a call center should look for those that are ISO 27001 certified.

As an Information Security Assurance firm who loves ISO 27001, we have to agree with the author.

“Due to the risks of identity theft, call centers have a stringent policy to follow in protecting pertinent client data.”

This is true, as call centers typically have controls in place to mitigate the risk of a potential PII or data breach.

In fact, we have helped numerous call centers develop their ISMS, using ISO 27001/2 as the standard.

“The task of beefing up the security policy doesn’t end with the awarding of the ISO compliance.”

Also true, as the certification requires the call centers to also perform internal audits and 27001 audits on a regular basis.  It also requires that management’s involvement and knowledge of the ISMS.

CIOs And The Priorities

In a recent survey of IT investments from CIOs, 48% of respondents said that Business Continuity is one of their top five priorities and 33% said that IT Security was one of their priorities.

According to the survey, the top five CIO priorities are:

  • Business continuity
  • Cost reduction
  • Improving IT function effectiveness
  • Implementing BI
  • Information Security

It makes sense for business continuity to be the highest priority for CIOs, however doesn’t IT Security overlap with it?

“Ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions. These activities include many daily chores such as project management, system backups, change control, and help desk. Business continuity is not something implemented at the time of a disaster; Business Continuity refers to those activities performed daily to maintain service, consistency, and recoverability. – Wikipedia

For example, systems backups are crucial for businesses to have, but if the controls placed around the backups are not efficient, then there are risks for potential data loss.

One way to mitigate the risk is to perform a Credentialed Vulnerability Assessment against the server running the backups.  By doing so, potential points of attack could be identified and plugged.

IT Security

There are a variety of other security assessments that we can perform that will help you know you’re secure and prove you’re compliant. We have the right combination of Information Security/Compliance domain expertise, technology industry knowledge and experience, and organizational character to help you define and execute on the best course of action. See how we can help.