Introduction to our InfoSec Program
ACME's InfoSec Program ensures compliance, customer trust, ethics, and threat awareness. It revolves around People, Process, and Technology. Training, policies, and advanced tools strengthen our security culture. Follow best practices, stay informed, and report suspicious activity for a safer digital environment.
Hey there. Welcome to the team! I'm Alisha, I'm the Director of Information Security here at ACME, and for the past six years, I've been dedicated to ensuring the safety and security of our organisation.
Just like a sports car on a road, our business needs to move fast. Our InfoSec programme acts as the guardrails, enabling speed and innovation without the risk of breaches, financial losses, or reputational damage.
You can find our whole InfoSec Program and documentation on the company intranet. Please reach out to the InfoSec team via Slack or email if you have any questions. Now, let's take a moment to understand what drives ACME’s infosec programme.
Our InfoSec Program is fueled by four key drivers:
- Regulatory requirements: We strive to comply with all relevant regulations, such as GDPR and other data protection laws, to ensure our organization remains compliant and trustworthy.
- Customer contracts: We're committed to fulfilling security requirements outlined in customer contracts, which helps build trust with our clients and strengthen our overall security posture.
- Ethical considerations: We believe in doing the right thing, which means ensuring the highest level of security and privacy for our customers, partners, and employees.
- Threat actor awareness: We're determined to stay one step ahead of cybercriminals that target businesses like ours.
By focusing on these drivers, we create an InfoSec Program that's tailored to ACME’s unique business DNA.
Now, we understand what drives our approach to InfoSec, let’s learn about the three pillars our programme revolves around: People, Process, and Technology.
- People: Our security culture relies on informed employees. Regular training, awareness campaigns, and phishing simulations prepare everyone to identify and respond to threats.
- Process: Clear policies and procedures guide our actions. Data classification and incident response plans ensure sensitive information is handled appropriately and potential damage is minimized.
- Technology: Our InfoSec Program uses advanced technologies like FIDO2 compliant multi-factor authentication, threat detection tools, and data loss prevention solutions to counter cyber threats.
Now that you're familiar with our InfoSec Program on a high level, remember to follow our security best practices, stay informed about the latest threats, and report any suspicious activity. As part of your onboarding, you'll receive more in-depth training on specific security topics. I’m thrilled to have you on board, and look forward to working together to create a safer and more secure digital environment!