The Noggin Blog

What’s the value of international standards in the age of COVID-19? Well, in the case of information management system standard, ISO/IEC 27001, the standard prescribes baselines for securing information assets. If you haven’t noticed, those information assets are increasingly under threat with the sharp rise of cyber attacks.

So, what should Security teams know about the best-practice standard?

Buildings, sites, plants and equipment, materials, and other physical assets remain some of the easiest targets for malicious actors. And when surveyed, security professionals usually despair of their organisation’s inability to protect them.

Why’s that? Under-investment in physical security management has left these larger, (usually) older assets dangerously vulnerable to compromise. What can be done? Well, Security Operations Centres (SOCs) give organisations a chance to improve their operational security posture and better secure people and property. 

It’s obvious that COVID-19 has shifted the focus of physical security management. Guards, formerly responsible for managing physical threats to people and assets, are now being asked to step into a safety protection and promotion role.

How are they faring? Well, the recent hotel quarantine incident in the Australian state of Victoria suggests that the transition hasn’t been seamless. What could help improve the quality of physical security management in the age of COVID-19?         

The near-unprecedented wave of cyberattacks on corporate and governmental systems has been an underreported story coming out of the COVID-19 crisis, with alarming business continuity implications for organisations still battling the fallout from the pandemic.

Already in March of this year, online threats had risen by as much as six times their February levels. Hacking and phishing attempts alone were up 37 percent month on month.

The surge would only accelerate. By June, reporting would find a staggering 400 percent increase in cyberattacks.

Even before the COVID-19 crisis struck, the consensus was that protective security technologies still had a long way to go to ensure maximal security, in a timely manner, for people and physical assets.

The reason? Hardware-intensive physical security management equipment had proven unable to keep up with the physical security threat as it had evolved.

Now, that threat is even more mobile, rendering traditional equipment even less effective. Why?

We’re proud to announce that our Noggin 2.0 integrated safety and security platform is now available in the AWS Canada Region, in addition to other generally available Noggin 2.0 zones around the world. Launched in December 2016, the Canada Region enables AWS customers in Canada to store data locally and address regional data compliance requirements.

For many organizations, COVID-19 has meant a halt to on-premise operations and the introduction of broad work-from-home policies.

Sure, that pivot has been key to business survival. But it does carry serious risk, including a greater opportunity for physical security incidents from less oversight. How to mitigate that risk with a remote, fragmented staff? Best-practice security standard, ISO 27001 offers some clues.

On the heels of a successful audit of its Noggin 2.0 platform under the Information Security Registered Assessors Program (IRAP), the integrated safety and security management technology provider passes another stringent security audit, designed to protect the confidentiality, availability, and integrity of information.

Why’s a place of mass gathering so difficult to pin down, even for owners and operators? The answer is more complex than you’d think. For one, place of mass gathering is a risk designation, extrinsic to the core function of the venue. Qualifying a venue as a place of mass gathering is its (high) potential to inspire terrorist attacks, which it becomes by concentrating large numbers of people.

IRAP enables Australian government agencies and bodies to store and run highly sensitive data at the Protected security level.

--