Expert Advice Community


Security Compromised because of Cost to Company

Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Security Compromised because of Cost to Company

My company uses Skype for communication, Dropbox to share large documents and some of the projects should have access to social networking sites, such as Facebook, Twitter, because their business demands.
0 0

Assign topic to the user


Step-by-step implementation for smaller companies.


Step-by-step implementation for smaller companies.

DejanK Jan 12, 2016

Skype and Dropbox is mainly to reduce the cost to company. Being a small sized IT firm the management is not in a position to buy licensed communication softwares. This may be one such instance but I feel we are compromising on security on many aspects.

How should I handle this situation ? The management is planning to go for external ISO 27001 certification. How should my controls be supporting both security and cost aspect.

Many companies use exactly the same tools, and yet they pass the ISO 27001 certification.

The selection of controls must be based on the assessment of your risks, so basically you can use less costly controls if they cover the risks - see also this article: The basic logic of ISO 27001: How does information security work?

Skype is generally considered to be pretty secure for communication; Dropbox is probably fine if you upload less confidential documents while if you have highly confidential documents it would be probably better to use some other service which encrypts the files before sending them to the cloud. So the point is - you should select your controls based on the assessed risks.

Of course, all the software you are using must be licensed.

0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics