Intelligent CISO Issue 16 - Page 45

industry unlocked has become a common trend even in retail organisations, where typically such practices were either viewed as unnecessary or excessive. Another major factor that has resulted in more security due diligence exercises being conducted by retail organisations is that their parent organisation holds a wider portfolio of companies, some of which are closely connected to the domain of information security. These parent organisations have a greater need for maintaining their brand image given their wider presence across multiple domains in the industry and hence they are more inclined towards conducting a thorough www.intelligentciso.com | Issue 16 security due diligence on their vendor organisations. Prioritising security alongside other business objectives is highly recommended even for those retail organisations that do not think that information and security matter to them. Digitisation has touched every aspect of our world, which means that the potential for an embarrassing security breach exists for almost any and every type of organisation. Retail organisations must consider obtaining information security certifications such as ISO 27001:2013 and PCI DSS if their software development and management is done in-house. Protecting information and data is not only about protecting competitive information, but also about protecting brand image in the market. 45