More
CALL To Numbers
To Know
-
The most essential waste of time
Celfocus' trade-off for Information Security
CALL To Numbers
—
Oct 2016
Feeling secure and really being secure are in fact completely different things. However, having both requires us to trade something off, give something in return of that feeling/reality.
For organisations, information is their most important asset. Therefore, its security is crucial. How much are we willing to trade off and why has information security become so important?
If we associate the intrinsic value of information to the rapid technological innovation (which isn’t always secure) and the difficulty of the law to combat attacks on information; it is likely that they will have a very significant increase in the years ahead. These attacks can have a very negative impact on organisations, not only on a financial perspective but also on their image and credibility in the market.
Another aspect that will have a significant impact on the organisations’ information security is their readiness to meet the requirements of the new General Data Protection Regulation, which came into effect this year. This regulation foresees a transitional period of two years for its implementation. Organisations will have this time to adapt to the new rules.
The new Regulation introduces significant changes to the current rules of Data Protection imposing new obligations to organisations, whose breach is punishable by heavy penalties that could amount to 4% of the total annual turnover or €20.000.000,00.
Organisations that deal with personal data, our customers, will be among the first to implement these obligations and to reflect them to their suppliers, Celfocus.
Given this “new” importance and these new external requirements, Celfocus has made a trade-off. To feel and be secure we have invested in the creation of a team with roles, responsibilities and skills to:
We consider information security as a priority investment, one that allows Celfocus to competitively position itself in a demanding market. A market that has already integrated information security as a standard business requirement.
In that sense, we have developed an information security framework that is currently operationalizing the approved information security policies.
The operationalization of the strategy and information security policies allow, among other factors, to assess and manage the security risks, properly allocate resources and comply with the laws, regulations and contracts in force.
Although in the initial phase of this work more attention has been given to the aspects related to contracts and the technologies associated with information and communication, we cannot underestimate at this stage, relevant components such as information security awareness or the incorporation of information security requisites in the project management framework.
Information security awareness is essential for the creation of a positive security culture whose center is the person, who is often the weakest link in the security chain. Statistics show that often the investments, which can be high, in technological security components are compromised with security breaches due to unsafe behaviours from the organisations’ personnel.
Promote the security of its own information and indirectly of its customers and to position itself in the international market, allowing Celfocus to answer RFP/RFQ’s that are getting more demanding on this matter.
Celfocus is developing a security culture that will promote the flexibility to integrate new requirements from its customers in the areas of security, risk, compliance and business continuity.
The feeling of security and the reality of security don't always match, says computer-security expert Bruce Schneier. In his talk, he explains why we spend billions addressing news story risks, like the "security theater" now playing at your local airport, while neglecting more probable risks — and how we can break this pattern.
Feeling secure and really being secure are in fact completely different things. However, having both requires us to trade something off, give something in return of that feeling/reality.
For organisations, information is their most important asset. Therefore, its security is crucial. How much are we willing to trade off and why has information security become so important?
If we associate the intrinsic value of information to the rapid technological innovation (which isn’t always secure) and the difficulty of the law to combat attacks on information; it is likely that they will have a very significant increase in the years ahead. These attacks can have a very negative impact on organisations, not only on a financial perspective but also on their image and credibility in the market.
Another aspect that will have a significant impact on the organisations’ information security is their readiness to meet the requirements of the new General Data Protection Regulation, which came into effect this year. This regulation foresees a transitional period of two years for its implementation. Organisations will have this time to adapt to the new rules.
The new Regulation introduces significant changes to the current rules of Data Protection imposing new obligations to organisations, whose breach is punishable by heavy penalties that could amount to 4% of the total annual turnover or €20.000.000,00.
Organisations that deal with personal data, our customers, will be among the first to implement these obligations and to reflect them to their suppliers, Celfocus.
Given this “new” importance and these new external requirements, Celfocus has made a trade-off. To feel and be secure we have invested in the creation of a team with roles, responsibilities and skills to:
We consider information security as a priority investment, one that allows Celfocus to competitively position itself in a demanding market. A market that has already integrated information security as a standard business requirement.
In that sense, we have developed an information security framework that is currently operationalizing the approved information security policies.
The operationalization of the strategy and information security policies allow, among other factors, to assess and manage the security risks, properly allocate resources and comply with the laws, regulations and contracts in force.
Although in the initial phase of this work more attention has been given to the aspects related to contracts and the technologies associated with information and communication, we cannot underestimate at this stage, relevant components such as information security awareness or the incorporation of information security requisites in the project management framework.
Information security awareness is essential for the creation of a positive security culture whose center is the person, who is often the weakest link in the security chain. Statistics show that often the investments, which can be high, in technological security components are compromised with security breaches due to unsafe behaviours from the organisations’ personnel.
Promote the security of its own information and indirectly of its customers and to position itself in the international market, allowing Celfocus to answer RFP/RFQ’s that are getting more demanding on this matter.
Celfocus is developing a security culture that will promote the flexibility to integrate new requirements from its customers in the areas of security, risk, compliance and business continuity.
The feeling of security and the reality of security don't always match, says computer-security expert Bruce Schneier. In his talk, he explains why we spend billions addressing news story risks, like the "security theater" now playing at your local airport, while neglecting more probable risks — and how we can break this pattern.
Feeling secure and really being secure are in fact completely different things. However, having both requires us to trade something off, give something in return of that feeling/reality.
For organisations, information is their most important asset. Therefore, its security is crucial. How much are we willing to trade off and why has information security become so important?
If we associate the intrinsic value of information to the rapid technological innovation (which isn’t always secure) and the difficulty of the law to combat attacks on information; it is likely that they will have a very significant increase in the years ahead. These attacks can have a very negative impact on organisations, not only on a financial perspective but also on their image and credibility in the market.
Another aspect that will have a significant impact on the organisations’ information security is their readiness to meet the requirements of the new General Data Protection Regulation, which came into effect this year. This regulation foresees a transitional period of two years for its implementation. Organisations will have this time to adapt to the new rules.
The new Regulation introduces significant changes to the current rules of Data Protection imposing new obligations to organisations, whose breach is punishable by heavy penalties that could amount to 4% of the total annual turnover or €20.000.000,00.
Organisations that deal with personal data, our customers, will be among the first to implement these obligations and to reflect them to their suppliers, Celfocus.
Given this “new” importance and these new external requirements, Celfocus has made a trade-off. To feel and be secure we have invested in the creation of a team with roles, responsibilities and skills to:
We consider information security as a priority investment, one that allows Celfocus to competitively position itself in a demanding market. A market that has already integrated information security as a standard business requirement.
In that sense, we have developed an information security framework that is currently operationalizing the approved information security policies.
The operationalization of the strategy and information security policies allow, among other factors, to assess and manage the security risks, properly allocate resources and comply with the laws, regulations and contracts in force.
Although in the initial phase of this work more attention has been given to the aspects related to contracts and the technologies associated with information and communication, we cannot underestimate at this stage, relevant components such as information security awareness or the incorporation of information security requisites in the project management framework.
Information security awareness is essential for the creation of a positive security culture whose center is the person, who is often the weakest link in the security chain. Statistics show that often the investments, which can be high, in technological security components are compromised with security breaches due to unsafe behaviours from the organisations’ personnel.
Promote the security of its own information and indirectly of its customers and to position itself in the international market, allowing Celfocus to answer RFP/RFQ’s that are getting more demanding on this matter.
Celfocus is developing a security culture that will promote the flexibility to integrate new requirements from its customers in the areas of security, risk, compliance and business continuity.
The feeling of security and the reality of security don't always match, says computer-security expert Bruce Schneier. In his talk, he explains why we spend billions addressing news story risks, like the "security theater" now playing at your local airport, while neglecting more probable risks — and how we can break this pattern.
.png)
