The Technology
Strategy Board within the UK has recently provided access to funding (up
to £5,000) for SMEs, entrepreneurs and early stage start-ups looking to gain
assurance around their ‘Cyber Security’.
Funding IT Security
and assurance activity can be a real barrier to SMEs. When it is placed against
other competing priorities, it often does not win the battle for internal
funding. Nevertheless it remains a key enabler to business success. The UK
Government stepping in to provide help with funding is a really positive step
and a great opportunity for SMEs to overcome the funding barrier.
This blog post takes a
look at the funding on offer and more importantly provides clarity around the
terms used. This will enable organisations to clearly identify those areas they
want to engage with and make best use of this external funding.
First important note:
Closing date for
applications is the 24th July 2013 and is for UK based companies.
Second important note:
Don't be put off or
confused by the term 'Cyber'.
We are actually
talking about information technology and computers.
For more background on
what 'Cyber' and 'Cyber Security' actually means take a look at my last blog
post.
Innovation Vouchers
for Cyber Security
The Innovation
Vouchers can be used to secure specialist services and consulting to help with
the following:
- Businesses looking to protect new
inventions and business processes.
- Businesses looking to ‘cyber audit' their
existing processes.
- Businesses looking to move online and
develop a technology strategy.
- Business start-ups looking to develop an
idea into a working prototype and needing to build cyber security into the
business from the very beginning.
This offers quite a
range of options and many business projects could be aligned to fit and therefore
be eligible for funding, But lets take a look at one specific area
and see what could be done.
Businesses looking
to ‘cyber audit' their existing processes
Lets take 'Cyber' as meaning
information technology and an 'Audit' meaning a systematic review or
assessment. Then a 'Cyber Audit' in this context is more simply put as an audit
of the organisations information security controls.
Audits can be paper based, with an auditor conducting a review of an existing control,
or be delivered as a technical assessment, such as a vulnerability
assessment / penetration test.
Audits are great for
looking at the policy and processes within an organisation, where as a
technical assessment will test that those controls actually deliver the
required or expected level of security. The key here is to choose the most
appropriate engagement for your own requirements.
Why would conducting an audit be a good step to take?
Today our business environment is more complex and interconnected than ever before. Business environments rely on electronic data as their lifeblood and the systems that enable the storage, transport, access and manipulation of this data have become critical. This has resulted in an era where networks and the applications sitting within them have become the very backbone of every organisation, regardless of their size and market sector.
An audit or assessment of an organisation’s current approach to security can be used to identify if adequate information security management is in place to protect the level of information asset being hosted, stored, transmitted or processed.
Just remember to choose a security consultancy that will work in close partnership with you to tailor the solution required and not just sell you a 'Cyber Product'.
A good engagement will leave you with a clear understanding of areas for improvement, the potential impact to you and more importantly what can be done to address these.
A bad engagement will most likely leave you swimming in a sea of FUD (Fear, Uncertainty and Doubt) and the frequency of the word 'Cyber' is likely to be proportional to the amount of proprietary solutions that the vendor sells to fix the issues they find.
Conclusion
Costs can be a
significant barrier for SMEs when it comes to security and the use of jargon
can get in the way of our understanding of what can be done and why it is
important.
However, even small organisations need to be aware of their exposure to security. So, with the use of funding and approaching it from a knowledgeable position you can drive an engagement that will enable your organisation to gain an understanding of the security risks you carry and how to start addressing them in a risk based manner.