It’s Saturday morning and I’m sitting in class. Today’s lesson: ISO 27001 series, more specifically, how it relates to an Information Security Management System for an NHS case study. This might not be the way every PR spends their Saturday. But as I work on a number of cyber security accounts, it comes in handy.
Being up this early on a Saturday has its perks: I get a theoretical overview of some of the most common cyber attacks and security management issues which ultimately help me to do my job better. Looking good in front of your boss and clients is always a win in my book.
Through the various classes I’ve learnt about information governance and cyber security principles that underpin the management of an organisation’s information assets. Data, as we all know, is one of the most precious commodities a business has. Being able to adequately protect that is not only a legal requirement, the financial and reputation damage incurred when a breach happens is much more difficult to win back in the long run.
The lecturer explains this, drawing on his own career as an ethical hacker and points out how so much of our world is now connected – meaning so much more is now up for grabs to hackers. We only need to look at the news (and my day job requires a lot of that!) for numerous examples of cyber criminals launching new attacks against schools, hospitals, banks to see this in action.
These classes also taught me the key concepts, theories, standards and frameworks of information governance and security, including how this relates to risk management and how, as a business, you might go about calculating that. Who said maths on a Saturday isn’t fun?
The course culminated in an assignment which took all those theories and put them to the test: we had to design an information governance and cyber security policy to meet legal, ethical and regulatory needs. The hours of learning endless regulations were finally going to pay off: I was able to apply both broad, overarching theories and sector-specific regulatory and legal needs to a given example. My assignment was a success.
For a public relations professional working with cyber security clients, my degree means that I can understand their language. As much as most of the curriculum is ultimately designed to help us pass our assignment, these classes help to inform and give me a better understanding of the work many of my clients do. From rapid response comments, to writing thought leadership pieces, being able to draw on what I’ve learnt in class is invaluable.
Though, cyber security is a diverse, complicated and ever changing field. The multitude of different cyber security clients I work with alone is testament to that – where one might focus on cloud and email security another’s focus is specifically on VPN security. This is not to mention the increasingly creative ways that cyber criminals perpetuate their attacks. Ultimately, the foundation for cyber security might be built in the classroom, but the defence fortress is moulded in the real world.
The theory I was taught in class goes a long way in helping me understand the complex world of cyber security. Working with a diverse range of clients, however, means that I am constantly learning new tips, tricks and ways that cyber security professionals are fighting back against the hackers.