How will we conduct an IT-Security
Day for you?
The IT Security Day should aim to answer some questions that highlight
new forms of cyber-attacks e.g. by using spoofing as a technique that
can overcome planned defences.
Participants will have an opportunity to discuss the challenges and apply
their talents to defend their the financial organisation and use the outcome
to identify areas to enhance policies, develop technical solutions and
improve personnel strategies to allow their organisations to respond better
to real work incidents.
General Data Protection Regulation (GDPR)
The existing EU data protection regime is based on the 1995 Data Protection
Directive (95/46/EC). During the last 20 years, there have been significant
advances in information technology, and fundamental changes to the ways
in which individuals and organisations communicate and share information.
Combined with such developments, the various EU member states have adopted
a somewhat divergent approach to implementing the Data Protection Directive.
The directive has created compliance difficulties for many businesses.
In recognition of such challenges, the EU's legislative bodies have developed
a more harmonised data protection law, the draft General Data Protection
Regulation (GDPR). Although the GDPR is not likely to enforceable before
2018, this session will consider the impact of the GDPR on businesses
and what they should be doing now.
Let's address the IT security, Cyber Security and data protection implications
on business and what the organisation should be doing now to address the
future compliance issues?
The cyber security challenge
The proper collective response to the Cybersecurity threats is becoming
more and more complex. Contrary to other business areas, the regulatory
guidelines are still vague. Therefore, each company must establish correct
and clear guidelines;
- When should the board of directors be informed of IT and cyber risks
- Who is responsible and takes ownership of IT and cyber security
policies
- How does management stay aware and maintain policies in an area,
which changes constantly?
- When should the company invest in new knowledge and technology to
follow the latest developments?
- What are the different approaches towards planning, prioritisation
and managing Cybersecurity activities?
- Is your Cyber security strategy sufficient?
Data security, data breaches and security alerts
Data security controls are crucial to ensure that customer and business
information is always protected. IT Risk management programs with organised
operating environments, strong and multi-factor verification and other
controls can provide flexible controls and solutions. How to safeguard
against the third party risks associated with groups that have access
to data and systems.
We review updated controls, user access, separation of system infrastructure,
limits and restrictions and proactive system monitoring;
- How to monitor periodic risk assessments of information security
programs.
The sum of the above will ensure business sustainability and build IT
controls to protect unauthorised access to business communications, intellectual
property or client information.