Public sector bodies need to walk the walk with secure communications
Throughout the month of October (because yes, October is Cyber Security Awareness Month!) our cyber security experts will answer the most frequently searched questions on securing digital communications, working safely from home and eliminating the biggest cyber risks. In video and written format.
Today (answered by Nadine Hoogerwerf Information Security Officer at Zivver): What does a security certificate tell you?
Organisational and technical security certificates
Obviously that depends on the type of certificate. There are many types. The first type is a certificate is focused on the organisational part of security. This centers on policies, processes, and checks, that makes sure that the organisation meets its security requirements. Processes like these are access management, hiring, software development and operational security like backups and batching.
When an organisation has such a certificate, that means that an independent auditor has confirmed that these processes are in place and are effective in meeting the security requirements.
Example of an organisational certificate: ISO27001
Another type of security certificate is focused on technical and functional product requirements. In this case, an auditor will verify if technical measures are in place like encryption or multifactor authentication.
Example of an organisational certificate: Common Criteria certification and NTA 7516
Most security certificates accompanied by statement
Either way, a security certificate can give you a good sense of trust, but it doesn't tell you everything. Most certificates are accompanied by a statement that will show you exactly which processes or which functional requirements are in scope of the audit and are therefore in scope of the certificate.
Download the 'Safeguard sensitive information while working from home' e-book, to prevent data breaches from happening.
Cyber Security Awareness - Question and Answer (Q&A)
Curious about our other 'Cyber Security Awareness' Question & Answer articles? View all Cyber Security Awareness Q&A videos on our YouTube channel.