|
Written by CDS Team,
|
Sunday, 14 March 2010
|
|
|
To many people Security is a scary concept that is complex and expensive. Many Small and Medium Enterprises (SMEs) do not have security expertise in house and thus either do nothing or contract in assistance to tackle a problem they do not understand.
We designed the Certified Digital Security (CDS) levels to allow all organizations to be able to implement some security without breaking the bank or significantly impacting their business processes.
We regularly observe that when the bar of security is set too high or the requirements are too complex many organizations simply give up and do nothing; so the good practice and advice contained in standards like 27001 and PCI are very often not employed. This is not to say that SMEs don't want to be more secure, it's just that many don't know what to tackle first, never mind fourth, fifth or sixth.
So we lowered the bar and simplified the requirements and mapped out a plan for the implementation of better security!
We believe that the implementation of any security measures is better than doing nothing. Furthermore, since so many SMEs do nothing we thought that if we designed an incremental standard with plenty of lower levels they may actually see the benefit and once on the ladder, would look to add more than just the basics, thus we provide them with a roadmap to the development of better security.
The CDS levels fall into three distinct groups - the Standard, Enhanced and Advanced. At Standard Level, we look to introduce security to those that have none, so we cover the basics of AV, wireless security and the necessary policies to ensure legal compliance. At Enhanced we look for good technical security that has been tested or audited externally to ensure the systems can sustain an attack. Finally, at Advanced, we look to see how the organization manages security and how they have incorporated it into everything they do.
So if you are involved with a SME that has little or poor security, why not point them this this way and see if the adoption of CDS Level 1 will add to their security posture. |
|
Last Updated ( Tuesday, 17 August 2010 21:27 )
|
|
|
Written by CDS Team,
|
Saturday, 29 May 2010
|
|
|
This RoadMap has been designed to allow organizations to conduct a quick check of their current standing in relation to the CDS levels.
Under each level are the short descriptions for the items required at each level. Areas already implemented can be checked off the sheet and then can be used to compare what has already been achieved and to quickly allow the viewer to see what could be done next.
The PDF file linked to this posting outlines the roadmap through the various levels; it was designed to be printed onto A3 paper, so the text and check boxes were scaled appropriately.
Remember that the CDS material on the website maybe used to improve a organizations security at no cost to them. The information is provided free on the condition it retains the branding it was released with.
For additional information do not hesitate to contact us. |
|
Last Updated ( Sunday, 30 May 2010 16:58 )
|
|
Written by CDS Team,
|
Tuesday, 02 March 2010
|
|
|
We finally finished updating levels 1 - 4 to the new version 3 format. We will start work on levels 5 – 9 next week and hope to trickle these out over the next 2/3 weeks.
Please let us know your feedback on the style and layout for the documents as well as your thoughts on how we can expand them to include more information without making them too large to use.
The Implementation Guidance Documents can be found to the right side of the screen under the title "Implementing CDS"
The three group links (Standard, Enhanced and Advanced) give overviews of their three sub-ordinate levels, and the "Level X Guidance" links take the viewer to the area where all of that level's related documents can be found.
All feedback to
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Thanks
CDS Team |
|
Last Updated ( Monday, 26 April 2010 00:54 )
|
|
|
Written by CDS Team,
|
Tuesday, 30 June 2009
|
|
|
The concept of Digital Security Levels
Digital Assets are information assets that exist in electronic form. We are not concerned as to the type or nature of the asset – it could be a customer’s personal record, an engineering design document, a new unreleased song or proprietary food recipe; it is irrelevant, the common thread to all of these is that they need to be protected and available to their owner(s) so they retain their usefulness and value.
However, digital assets are frequently shared with partners, contractors, customers and 3rd parties and this all requires an element of trust. This trust should be based upon evidence and external verification of this evidence; however, it is common for no evidence to be requested, and thus none is provided as a result much of the inter-organizational trust is misplaced.
Furthermore, currently there is no cross industry method of checking how secure an organization or department is before establishing a contract with them (in a reasonable time frame and cost limit). Linked to this is the fact that many small organisations (eg sub 50 staff) are not able or reluctant to fund external consultants to audit/test or document their systems, and while they continue to attract clients they will not change this position.
Digital information processing has become more specialised in the last 5 years and large numbers of highly specialised small businesses process digital assets for larger corporations and departments, however, few of these sectors are regulated or practices validated.
This presents a problem to large organisations when letting contracts as they have no method of comparing competing contractors in terms of their digital and information security practices, policy and processes. Through the use of Certified Digital Security Levels it is hoped to address this lack of comparability.
|
|
Last Updated ( Saturday, 24 April 2010 15:00 )
Read more
|
|
|
|
|
News Flash
Implementation of security measures. Building on the organisation’s security policies and procedures, Level 2 requires initial implementation of user training, background checking, server and workstation patching, and the implementation of asset management. |
|
|
|
|
|
