DPO Outsourcing and the GDPR

Protecting data, be it personal, sensitive or even public is extremely important, and having a competent Data Protection Officer will ensure successful implementation of all the regulations and proper compliance with the GDPR (General Data Protection Regulation) that is coming into force on May 25th, next year .

 

The Data Protection Officer (DPO) is a function mandated by the General Data Protection Regulation (GDPR) aiming to provide enterprise-wide data security governance. The DPO oversee the data protection strategy and its implementation, so that compliance with GDPR requirements is ensured.

 

The DPO is responsible for overseeing the proper use of information technology and supplying staff with information and providing training. The DPO is an independent role, thus is not obliged to adhere to instructions issued by other members of staff in performing DPO role-related tasks. Continue reading “DPO Outsourcing and the GDPR”

Develop Policies for an All-round Approach to Information Security

Taking risks is something we do every single minute, sometimes without even realizing. A risk may be something as little as talking to somebody, let alone major decision making or something life defining. Taking risks alsorelates heavily to IT security, therefore a countermeasure is required – a policy.

 

Information Security Policies are an important administrative security control designed to avoid, counteract or minimize IT security risks. They are an integral and inseparable part of the multitude of possible security controls, without which one cannot claim for effective implementation of any meaningful security actions. Organizations need Security Policy, Standards and Procedures to enforce Information Security in a structured way.

 

Defining corporate security policies, basing them on industry standards, measuring compliance, and outsourced services are keys to successful policy management. Continue reading “Develop Policies for an All-round Approach to Information Security”

CISO-for-Hire?

The CISO (Chief Information Security Officer) is the one person in an organization that bears the primary responsibility for IT asset security, for the strategy, planning and implementation of security measures andinitiatives. The main responsibility of the CISO must always be in sync and know what to do with all possible risks associated with cyber security. Further, the CISO takes care of all regulatory and operational compliance requirements so that all relevant standards and regulations are addressed properly and in a timely fashion.

WHY DO YOU NEED ONE?

The CISO is a useful function to have in your organization, especially today, with all the dynamics we see in the cyber threat landscape. With a CISO you will be able to:

 

  • Achieve an improved overall security posture
  • Be better prepared for what may come
  • Reach business KPI’s more easily
  • When you have new projects, or even with existing ones, you will have security and compliance addressed properly at all times
  • Benefit from all engagements related to risk management as well as in any security or operational endeavors
  • Decrease the impact of risks associated with the nature of your business
  • Keep your business updated with all relevant regulations and compliance or other requirements Continue reading “CISO-for-Hire?”

What is a Corporate Anti-Virus System Good for?

Antivirus or anti-virus software (AV), sometimes also referred to as anti-malware software, is developed with the purpose to detect, remove and prevent the proliferation of malicious code.

 

The consequences of malware infection of a corporate environment may be very different. From loss of valuable information, stealing of confidential information, sending of unsolicited emails and spam, to unsolicited remote computer access and unauthorized malicious attacks on the server.

ENDPOINT SECURITY

The most commonly used product for endpoint security is antivirus software. Many of today’s integrated endpoint security offerings have evolved over time from the initial development of antivirus software. Anti-virus products are often ridiculed for their continued inability to stop the spread of malicious software.

 

Unfortunately, there is no perfect remedy or elixir to stop malware, so antivirus products will still be necessary, though insufficient. Antivirus software is a single layer (of many) for defense-in-depth endpoint protection. Continue reading “What is a Corporate Anti-Virus System Good for?”

Who Needs Strategy Development in IT and Information Security?

As with just about anything, an IT infrastructure also requires a well-thought strategy. The purpose of such strategy is to give the management the information to make informed decisions on security investments. Thestrategy bridges the security function and the business direction.

The Information Security strategy of an organization is the direction or the approach taken to meet one or more objectives related to the secure behavior of that organization. The strategy is realized through initiatives, where each represents an operational plan that achieves one or more security objectives, with to the goal to collectively achieve all of them.

WHY IS STRATEGY DEVELOPMENT NECESSARY?

Just as hackers and criminals never sleep, the Information Security Officer in your organization must regard Information Security not as a product, but as a process. Constantly evolving, adapting, putting up defenses to new and emerging security breach threats. A plan, written, implemented, and then locked away in a drawer, will only do good for a while. Until things change. Again. Continue reading “Who Needs Strategy Development in IT and Information Security?”