SECURITY THREATS ABOUND
One quick look at the news and you'll notice that attacks to companies all around the world are happening every single day.
Protecting your company from such attacks and their consequences is a must. To achieve this you need to know your vulnerabilities and how to address them.
DEALING WITH INCIDENTS
Is your company ready to respond to an IS or Privacy incident? It is not only a question of bringing services back alive, but also how to deal with limited services during the recovery process.
Independently if developed in-house, off-the-shelf or internet-based, applications have inherent risks that must be mitigated. For example, an access control vulnerability could allow unauthorized individuals to access your customer data.
The resulting impact to your business reputation and to you as an individual could be significant.
There is a large number of regulations that require IS and Privacy controls to be in place. Independently of industry, Due-Diligence and Due-Care must be easily demonstrated. Otherwise, penalties may be severe. For example, the GDPR fines for privacy violations could be up to 4% of the overall income of the company. Finally, many regulations include penalties directly to C-Level executives.
THE WEAKEST LINK
The majority of security incidents are related to accidental or intentional unsafe practices by internal staff. Personnel is a key resource and keeping the team aware and ready to identify and react to IS and Privacy incidents is an absolute must.
There are companies that invest heavily in the implementation of Information Security and Privacy programs but are continuously experiencing problems.
More often than not, this is a result of the lack of alignment between business and IS/Privacy goals, which leads to segregated strategies and excessive complexity.