The digital revolution in motion
The digital revolution implies permanent challenges for public and private companies.
Evolving to meet new customer usages is “business as usual” for IT departments. This revolution can take many forms: dematerialisation, e-government, e-commerce, Internet of Things, big data, blockchains, mobile payments, online banking, social networks, cloud computing, smart grids, autonomous cars, chatbots, etc
Information security risks: threats, vulnerabilities, impacts
Diverse cyber threats must be taken into account (intrusions, distributed denial of service, ransomware, defacement, fraud, spoofing, compromise, social engineering, accidents, disasters, etc.).
These threats exploit organisational, technical or human vulnerabilities (weak detective and reactive processes, poorly configured devices, insecure developments, patches not installed, lack of awareness, lack of skilled resources).
Impacts can be financial (loss of revenue, financial markets, etc.), legal (General Data Protection Regulation, Network and Information Security Directive in Europe), reputational (deterioration of the brand image) and operational (malfunction of IT tools, loss of data). For industrial systems, it can ultimately jeopardise the safety of people (SCADA, ICS, etc.)
Security measures
The protection of information systems is a major priority for both companies and nations. In France, the National Information Security Agency (ANSSI) increases its staff regularly.
Many frameworks and standards are available (ISO 27001, NIST, CIS, PCI DSS, etc.) to anticipate new situations, detect suspicious events, prevent and respond to security incidents. Nevertheless, the implementation of these best practices remains a real challenge.
Security departments (CISO, Security Operation Centers, etc.)
Information Security professionals have to lead and coordinate diverse activities:
- Establish the context and information security requirements with the collaboration of business lines and management. Legal and regulation aspects and communication to the board are key points.
- Analyse risks and help to determine the acceptable level.
- Treat the risk by implementing and checking effectiveness of security controls in all areas (processes, roles and responsibilities, IT operations, network and system hardening, penetration testing, etc.).
- Respond to cyberattacks and coordinate action plans.
PROSICA consultants have strong expertise and recognized experience in information security and business continuity plans. We advise our customers with pragmatic and applicable recommendations to help them to protect their sensitive information and keep their business secure.
