Cyber security

How to manage security during network operations and on open systems

Safe management of network operations and/or on open systems.
With the new general regulation regarding data protection GDPR, in force since the 25th of May 2018, companies operating from inside the European Union (or those that process personal data of European citizens) need to adapt to the regulations that are expected for data processing or face heavy penalties.

The concept of personal data in the GDPR is expanding in the sense that we are not just talking about a single piece of personal data such as name and surname, but any information that allows for the individual to be identified either directly or indirectly. The concept of identification through the crossing of data extends also to personal data such as an IP address or an email address.

First of all, the new general regulations regarding the protection of data will not allow information to be collected silently or without consent. Requests for the approval for the processing of personal data need to be more clear and explanatory without creating confusion or doubt with the user under the penalty of cancellation of data collection activities. The methods of treatment need to be subject to a risk evaluation that is linked to the security of the information and the company must also show that they did their utmost to avoid any possible damages.

The new general regulation on data protection does not only provide for a technological/IT adaptation, but it will also require a DPO (Data Protection Officer) who will be the person in charge of the data protection sector especially for the PA and for the companies whose main activity is to carry out the processing of personal data.

An adjustment is required with the following changes:

choosing a team of skilful IT and legal experts is the first step in preparing the firm for the adjustment;

deciding on a project for the adaptation that takes into account all the necessary phases from assessment and risk assessment to the implementation of new processes and training, is the key to addressing such a complex issue;

investing in IT infrastructures: IT adaptation is essential, but improving the IT infrastructure of your company will not only improve the data management but also the protection of company data and information;

the appointment of a DPO (Data Protection Officer) or of a person with the requirements required by the new European Directive.

Understanding and classifying IT risk (IT Service Management) is a top priority for companies that are operating in regulated sectors such as finance and utilities. Keeping up to date on the latest developments is necessary to avoid problematic situations that involve the wasting of time, money and precious data.

In particular, ISO 27001 is a standard that is aimed at organisations that intend to adopt a risk management policy for their IT systems (Information Security Management System, ISMS).

This establishes a series of generic requirements that the holders of the certification are required to have so that the information contained in their IT systems can be considered safe. It does not however distinguish certified bodies either by nature or by size.

The IT Project Managers who deal with these corporate information systems, such as the Information Systems Auditors, the IT quality and process managers and the IT Controllers, are aware of how important it is to anticipate situations like this, and the management of these risks related to information systems starts from the initial choice made by those whose job it is to monitor these.

Basically, a good ITIL protocol is not enough to safeguard IT security.
Understanding which IT structure is right for your business needs is an important part of laying the first brick in the foundation of creating a solid IT structure.

A company that is capable of following a well-compiled Enterprise Risk Management is reliable and efficient, not only internally but also in the guarantee of financial solidity externally.