KaarbonTech are pleased to announce the appointment of David Montgomery as our full time Information Security Officer.
As the company continues to expand its client base and suite of asset management software products, KaarbonTech recognises that security must remain a top priority.
We have continually bolstered security over the years in line with the ISO 27001 standard. After our rapid expansion last year, surpassing 50 networks managed, we wanted to move to the next level by creating this position. David brings with him over 20 years’ experience as an information security officer and will enhance the systems and procedures already in place.Mark Entwistle
The standard of a software company’s security and resilience is often overlooked when a Local Authority selects a supplier, despite the critical importance and value placed with the providerMark Entwistle
Software is often procured through contractors and subcontractors without the appropriate due diligence. As Local Authorities move to a risk-based approach, the reliance on data collected is more important than ever.
Why Appoint an information security officer?
- We will be exceeding Minimum Cyber Security Standard as set by Gov.UK
- Cybercrime now accounts for more than 50% of all crimes in the UK (National Crime Agency)
- Malicious hackers are now attacking computers and networks at a rate of one attack every 39 seconds (University of Maryland)
- 78% of surveyed organisations were aﬀected by a successful cyber-attack in 2018 (Imperva 2019 Cyberthreat Defense Report)
- 80.9% of organisations were experiencing a shortage of Qualified IT security talent (Imperva 2019 Cyberthreat Defense Report)
With the advancement of Smart Cities, digitising of highway infrastructure and introduction of the IoT (Internet of Things), this widens the scope of potential targets for cyber criminals to exploit.
As big data advancements take place, KaarbonTech want to be at the forefront of cybersecurity and ensure any data collected through our platform will never be compromised.
David Emm, principal security researcher at Kaspersky Lab, expresses his concern on how ready we are for Smart Cities and the associated Cyber Security risks. With the appointment of David, we will be able to nullify the threat.
David will take over the review process for our existing systems as we seek ISO certification. Long term, he will contribute to our development road map to ensure that information security strategies are at the heart of our future developments. KaarbonTech will also pass on best practice strategies to new and existing customers as part of our KaarbonTech Live events. KaarbonTech Live 2020
I have over 20 years’ experience of working in large financially regulated and smaller SaaS organisations that have had to adhere to strict information security requirements from its regulators and customers. My experience will be used to develop an Information Security Management System (ISMS) used to obtain ISO 27001 certificationDavid Montgomery
ISO/IEC 27001 requires that management:
- Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts;
- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
- Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.