Keith Barry on Cybersecurity Questionnaires -
Today’s digital ecosystem is more evolved in every respect, and none more so than in the area of cybersecurity. This evolution has been largely driven by catastrophes involving stolen and lost data that has led to ruined lives and bankrupted companies. In response, the federal government, several state governments, and major corporate firms all require companies within their purview to have a robust and functioning Information Security Management System (ISMS).
However, it is not enough that a company itself have a secure network infrastructure, having a robust ISMS means that all of a company’s partner firms must have a secure network as well, especially if they have access to company data.
One common way for a company to get an overall assessment of another entity’s ISMS strength is to use a Cybersecurity Questionnaire.
Cybersecurity questionnaires are usually written with a lot of technical jargon, and they contain copious references to obscure concepts and technologies most IT generalists will not be familiar with. Not all security requirements are equally important, and not all requirements are equally difficult. Once a questionnaire is submitted, a potential partner organization will have what they need to get an understanding of a company’s entire cybersecurity profile, and it will know the company’s strengths and weaknesses. It is then up to the partner organization to determine whether the company’s controls are adequate.
If you are interested, Digital Edge has a team of compliance and technical experts who specialize in assisting with cybersecurity questionnaires, determining a company’s security control needs, and the process for implementing those controls.
