2024-07-04

SECURITY HINTS & TIPS:

ISO 27001:2022 need to know

ISO 27001 is an international standard for managing information security. It provides a framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).

Goal: To protect three aspects of information:

  • Confidentiality: Only authorized persons have the right to access information.
  • Integrity: Only authorized persons can change the information.
  • Availability: The information must be accessible to authorized persons whenever needed.

MGC 2024 objective of ISMS

  1. Achieve ISO 27001:2022 certification in 2024.
    1. Achieving this goal is the starting point of our continuous security improvements.
    2. ISO international standards are recognized across all industries and will assist in making our customers and partners aware

MGC CYBER
HEROES

Our Users identify hundreds of phishing emails each month using the Phish Alert Button (PAB).

Raechell Cranston, Manager for the Manitoulin Transport Customer Service team, identified a phishing email received via their ticketing system, Freshdesk. Our cybersecurity team investigated and discovered a Freshdesk email channel that our email filtering solution did not protect.

Raechell’s alertness and follow-through of our Information Security procedure allowed the problem to be corrected promptly and prevented possible disruption in the Customs Service team operations and beyond. Thank you to Raechell and all the other Cyber Heroes who help keep our business safe!

  1. Obtain an overall pass rate of 98% on continual phishing testing.
    1. Phishing emails are one of our single biggest active threats
    2. A high pass rate of our testing means users of IR (information resources) are aware and conscious of what they click on
  2. Maintain an overall risk level of medium or lower results through annual external PEN
    1. PEN means penetration testing. In this context, we are looking for a great score on all of our external internet-facing services, such as web and SFTP servers.
    2. Using 3rd party ethical hackers, they look for common vulnerabilities in our services to try and exploit.

Download the PDF

Manitoulin Group of Companies Security Team
Cybersecurity@manitoulingroup.com

Stop, Look, and Think. Don’t be fooled.