Login
Login

IASME

The IASME (Information Assurance for Small and Medium Enterprises) is a UK-based organisation that provides cybersecurity certification and assessment services to small and medium-sized enterprises (SMEs). The IASME Governance standard is a set of security principles and guidelines that are designed to help SMEs improve their cybersecurity posture and protect against potential threats.

The IASME Governance standard is based on eight high-level principles:

  1. Governance: This principle involves establishing clear policies, procedures, and roles and responsibilities for cybersecurity within an organisation. It also involves establishing a culture of cybersecurity awareness and compliance.
  2. Risk assessment and management: This principle involves identifying, evaluating, and managing potential cybersecurity risks to the organisation’s assets and systems. It includes conducting regular risk assessments, implementing controls to mitigate identified risks, and monitoring and reviewing risk management processes.
  3. Asset management: This principle involves identifying, classifying, and protecting the organisation’s assets, including both physical and digital assets. It includes implementing controls to prevent unauthorised access to or disclosure of sensitive assets.
  4. Access control: This principle involves establishing and enforcing policies and procedures to control access to the organisation’s assets and systems. It includes measures such as user authentication, access controls, and privileges.
  5. Cryptography: This principle involves using cryptography to secure sensitive information and communications. It includes implementing secure communication protocols, such as SSL/TLS, and using strong cryptographic keys and algorithms.
  6. Physical and environmental security: This principle involves protecting the organisation’s assets and systems from physical threats, such as theft, vandalism, or damage from environmental factors. It includes measures such as secure facilities, access controls, and backup power systems.
  7. Operations security: This principle involves establishing and maintaining secure processes and procedures for operating and maintaining the organisation’s assets and systems. It includes measures such as change management, incident management, and disaster recovery.
  8. Compliance: This principle involves ensuring that the organisation is compliant with relevant laws, regulations, and standards related to cybersecurity. It includes maintaining documentation and records

Compliance: This principle involves ensuring that the organisation is compliant with relevant laws, regulations, and standards related to cybersecurity. It includes maintaining documentation and records to

Share this post:

Other posts you may be interested in

What is Cyber Security?

February 20, 2023
Cybersecurity is a specialist discipline that deals with protecting computer systems, networks, and data from unauthorised access, use, disclosure, disruption, modification, or destruction. It is a rapidly evolving field that [...]
Read more

What is ISO 27001?

February 14, 2023
ISO 27001 is an international standard that outlines the requirements for an information security management system (ISMS). It provides a framework for organisations to follow in order to protect their [...]
Read more

What is Cyber Essentials Plus

February 7, 2023
Cyber Essentials Plus is a UK government-backed cybersecurity certification that helps organisations protect themselves and their customers against cyber threats. It is designed for small and medium-sized enterprises (SMEs) and [...]
Read more

Book a free consultation
with a Cyber Safe expert

Are you looking for a platform that will reduce your risk of cyber attacks, and transform your approach to your data and system security?
Book a call with one of our expert cyber team and let us show you how we can protect your business, your clients, and your data.
Fill in the form below and one of the Cyber Safe experts will be in touch.
Why Cyber Safe?
Contact
  • Newcastle office: 0191 249 3003
  • London office: 0203 793 9679
Cyber Safe T&C's | Terms & Conditions | Privacy Policy
Website by GreyPhox Digital