How to manage security during network operations and on open systems
Safe management of network operations and/or on open systems.
With the new general regulation regarding data protection GDPR, in force since the 25th of May 2018, companies operating from inside the European Union (or those that process personal data of European citizens), need to adapt to the regulations expected for data processing, or face heavy penalties.
The concept of personal data in the GDPR is expanding, in the sense that it no longer refers only to single personal data such as name and surname, but to any information that allows an individual to be identified directly or indirectly. The concept of identification through the crossing of data extends also to personal data such as an IP address or an email address.
First of all, the new general regulation on data protection will not allow information to be collected with the silent/ absence rule. Requests for the approval for the processing of personal data need to be more clear and explanatory without creating confusion or doubt with the user under penalty of cancellation of data collection activities. The methods of treatment need to be subject to a risk evaluation that is linked to the security of the information and the company must also show that they did their utmost to avoid any possible damages.
The new general regulation on data protection will not only provide for a technological / IT adaptation. It will also require a DPO (Data Protection Officer) who will be the person in charge of the data protection sector, especially for the PA and for the companies that carry out the processing. of personal data as their main professional activity.
An adjustment is required with the following changes:
choosing a team of skilful IT and legal experts is the first step in preparing the firm for the adjustment;defining a project that will adapt, which holistically contemplates all the necessary phases, from assessment and risk assessment to the implementation of new processes and training, this is the key to addressing such a complex issue; investing in IT infrastructures: IT adaptation is essential, but improving the IT infrastructure of your company will not only improve the data management but also the protection of company data and information; appointment of the DPO, or a person with the requirements needed by the new European Directive.
Understanding and classifying IT risk (IT Service Management) is a top priority for companies that are operating in regulated sectors such as finance and utilities. Keeping up to date on the latest developments is necessary to avoid problematic situations that involve the wasting of time, money and precious data.
In particular, ISO 27001 is a standard that is aimed at organizations that intend to adopt a risk management policy for their IT systems (Information Security Management System, ISMS).
This establishes a series of generic requirements that the holders of the certification are required to have so that the information contained in their IT systems can be kept safe. It does not however distinguish certified bodies either by nature or by size.
The IT Project Managers who deal with these corporate information systems, such as the Information Systems Auditors, the IT quality and process managers and the IT Controllers, are aware of how important it is to anticipate situations like this, and the management of these risks related to information systems starts from the initial choice made by those whose job it is to monitor these.
Basically, a good ITIL protocol is not enough to safeguard IT security.
Understanding which IT structure is right for your business needs is an important part in laying the first brick in the foundation of creating a solid IT structure.
A company that is capable of following a well-compiled Enterprise Risk Management is reliable and efficient, not only internally but also in the guarantee of financial solidity externally.