* Carlos Borella
In the last months one of the main topics addressed and that has presented major concerns for companies is the LGPD (General Data Protection Act). Companies are working hard on understanding and later applying LGPD guidelines to meet regulatory requirements.
But in fact, what is the impact of these “new” control objectives on cyber security processes?
Asset identification and consequently threats can be carried out through the data map (essential product generated during the LGPD adequacy process) and will provide inputs for your risk management process.
Thinking about protection, still based on the data map, it can enable companies to reassessment of its lines of defense, from the point of view of architecture or infrastructure, as well as defining priorities and new SLAs for the vulnerability and patch management process, since the information assets that have the most sensitive information from the point of view of GDPR should have a smaller exposure window.
From a detection standpoint, it is necessary to carry out a proactive event monitoring, considering your corporate environment or not, which will allow the identification of internal anomalies and / or possible leaks involving your company's brand.
The process most impacted by the LGPD is that of the response, since in the event of an information security incident that entails risk or damage to the holders, the company must inform the national authority and the holder of its occurrence, within a period stipulated by the national authority. Thus, the incident management process it must be structured to allow the provision of information for the correct response process.
Finally, your recovery strategy may have to undergo updates, since the information assets impacted by the LGPD control objectives, may not have been correctly evaluated in its current Continuity Management.
* Carlos Borella he is currently CEO of Safeway and Specialist in Cybersecurity and Information Security.
- What changes with the sanction of Law 13,853 / 19
- The categorization of “Personal Data”
- Acceleration of Privacy Regulations
- Points of attention in companies with LGPD
SAFEWAY is an Information Security company, recognized by its customers for offering high value added solutions through Information Security projects that fully meet business needs. During these years of experience, we have proudly accumulated several successful projects that have earned us credibility and prominence in our clients, which constitute in large part the 100 largest companies in Brazil.
Today through more than 22 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.
Let's make the world a safer place to live and do business!