FREE TRIAL
Kari Westerman

Kari Westerman

Kari works as Keypro's IT Director and is responsible for maintaining and developing the network infrastructure and information security. Kari's point of view is to ensure the availability of services and secure data management.

Recent posts by Kari Westerman

3 min read

Development of information security at Keypro

By Kari Westerman on Jun 15, 2021 9:37:42 AM

MDM, SIEM / SOC, EDR, NDR, ISO27001, NOC, SOC2…

Word monsters and abbreviations. That rumble could go on almost indefinitely. Lots of security issues: technology, certifications, processes, guidelines, policies, training, etc.
Is the world full of all this today and is this all necessary? Yes it is!

The world has changed and is becoming more and more insecure. At the same time, the systems are becoming more complex. The EU Data Protection Regulation has defined sanctions for data leaks and it also increases the need to understand security issues and to adopt security technologies. Customers are also constantly demanding better security from software service providers and that is a good thing!

We should not forget the needs of physical security: locking, access control, and alarm systems. These so-called traditional security solutions are still as important as ever and maybe even more important today. Then how this whole security can be managed?

Resourcing, both human resources and cost challenges must be under control. In fact, it is not always necessary to know everything, there are many information security development partners in this area as well who can help. However, it is essential that the company has appointed someone who can take responsibility and develop security operations as a whole.

It is necessary to divide information security into technical information security and administrative part, and at the same time remember also physical security. Together, all of these components support each other and they are used to create a company security policy and framework to move forward.

Security is also a measure of quality and that is meant to be improved. Also, security is not something that can be bought out of the box solution and then be completely forgotten. It is a system that needs to be constantly managed and developed as the world changes and security comes with it.

Security work is also largely risk management and the ISO27001 security certificate is also largely part of this risk management work. Security issues are also approached strongly from a risk perspective and these risks are mostly global issues (war, pandemic, regional conflicts, etc.) or they can be very small internal risks that have been identified and documented by the company itself. Thus, even a local shortage of security experts may well be a risk.

When quality is systematically monitored and developed, the same can be done for information security. The annual clock idea in data management is an excellent tool. When the security tools, management and policies are in place, then for example, an external company could come to review implemented security policies and technologies. That's when the audit work begins. Acquisition of certificates and all security work must cover the entire company, including the company's top management and board. Management involvement in security work is key to success.

So what has been done at Keypro Oy regarding this?

Practically exactly the same things as listed above. Keypro Oy has been doing systematic work in the management of information security for a long time and one of the achievements is the ISO27001 information security certificate. This certificate always requires an audit by an external company annually to keep the certificate valid and the company's security up to date. Keypro's top management has been very active in developing security policies.

Topics: Information security