IASME

The IASME (Information Assurance for Small and Medium Enterprises) is a UK-based organisation that provides cybersecurity certification and assessment services to small and medium-sized enterprises (SMEs). The IASME Governance standard is a set of security principles and guidelines that are designed to help SMEs improve their cybersecurity posture and protect against potential threats.

The IASME Governance standard is based on eight high-level principles:

  1. Governance: This principle involves establishing clear policies, procedures, and roles and responsibilities for cybersecurity within an organisation. It also involves establishing a culture of cybersecurity awareness and compliance.
  2. Risk assessment and management: This principle involves identifying, evaluating, and managing potential cybersecurity risks to the organisation’s assets and systems. It includes conducting regular risk assessments, implementing controls to mitigate identified risks, and monitoring and reviewing risk management processes.
  3. Asset management: This principle involves identifying, classifying, and protecting the organisation’s assets, including both physical and digital assets. It includes implementing controls to prevent unauthorised access to or disclosure of sensitive assets.
  4. Access control: This principle involves establishing and enforcing policies and procedures to control access to the organisation’s assets and systems. It includes measures such as user authentication, access controls, and privileges.
  5. Cryptography: This principle involves using cryptography to secure sensitive information and communications. It includes implementing secure communication protocols, such as SSL/TLS, and using strong cryptographic keys and algorithms.
  6. Physical and environmental security: This principle involves protecting the organisation’s assets and systems from physical threats, such as theft, vandalism, or damage from environmental factors. It includes measures such as secure facilities, access controls, and backup power systems.
  7. Operations security: This principle involves establishing and maintaining secure processes and procedures for operating and maintaining the organisation’s assets and systems. It includes measures such as change management, incident management, and disaster recovery.
  8. Compliance: This principle involves ensuring that the organisation is compliant with relevant laws, regulations, and standards related to cybersecurity. It includes maintaining documentation and records

Compliance: This principle involves ensuring that the organisation is compliant with relevant laws, regulations, and standards related to cybersecurity. It includes maintaining documentation and records to

Share this post:

Other posts you may be interested in

Book a free consultation with a Cyber Safe expert

Our experts can discuss penetration testing, web or mobile application pen testing, continuous protection, and all levels of certification.

Contact our cyber team to discuss any and all of your cyber needs.
Fill in the form below and one of the Cyber Safe experts will be in touch.
Contact
  • Newcastle office: 0191 249 3003
  • London office: 0203 793 9679