By Victor Milk *
The importance of fathers and mothers & #8211; an analogy with the SGSI
Even if you are not a parent, you know that this "job" is not easy at all. Keeping up with your child's growth, educating them about right and wrong, respecting differences and facing life's difficulties is a journey that generates some disagreements with them but are part of the parenting process.
Of course there are exceptions, but most of the time children are reflections of their parents. But what does it mean? It means that for your child to be a good person, clearly good things he must witness. For example, a harmonious environment, where respect, honesty prevail and misunderstandings are carried on the basis of conversation without shouting and / or cursing.
Senior Management Involvement
Having recalled the importance of parents' attitude toward their children, let us now turn to an analogy with the corporate world looking at Information Security (SI).
Every organization that seeks to develop, implement and maintain a Information Security Management System (SGSI), need Be aware that to be able to protect their Information in its various formats, whether physically (printed or written on paper), electronically (in digital format) or transmitted orally, should adopt various controls that embrace the personal, process and technology aspects.
O SGSI, It becomes very complex to be masterfully maintained when the top management of the organization does not support or contribute to it. And this is where the analogy It makes sense that the executive body of the company should act as good fathers and mothers.
No wonder that the standard (ISO / IEC 27001: 2013) reserves its requirement “5.1 & #8211; Leadership and Commitment ”to describe the responsibilities Top Management must have to demonstrate its leadership in commitment to the ISMS.
Therefore, if the company's top management (“parents”) requires its employees (“children”) to abide by the policies, processes and procedures defined, so that information is protected throughout its life cycle, it cannot no time be contrary to what you are demanding. Otherwise your bad example could be reproduced, leaving room for questions such as: "Why do we have to follow if they don't even follow !?".
If I as a senior management representative contribute to the creation of the Information Security Policy (PSI) which, for example, defines that the use of the Internet can be done through the proxy, so that there is a control of the content that can be accessed, it would not be correct, to require that my machine be the only one with full access, without using the proxy.
Conclusion
Top management support is very important, in particular, in SGSI implementation, so that the organization effectively and effectively mitigates the risks to its business by integrating Information Security (IS) into its business processes.
If top management does not support the interests of the SGSI and / or other employees and third parties do not follow the processes and guidelines documented in your organization may be the time to hire a specialist consultancy to assist with this process. [SAFEWAY] has the ideal mechanisms to assist you in approaching the parties as well as operationalizing your SGSI.
Source: ISO / IEC 27001: 2013.
* Vitor Leite is an Information Security Consultant at [SAFEWAY]
I would like to schedule a conversation about the implementation of the Information Security Management System (SGSI)?
Schedule a conversation with our team. Choose here the best date here
About [SAFEWAY]
THE [SAFEWAY] is a widely recognized company as a provider of premium information security and cybersecurity solutions. From its extensive portfolio, we highlight several solutions, including those based on platforms:
● Archer da RSA Security, considered by the institutes Gartner and Forrester and by the market itself, the most complete process integration solution for Governance, Risk Management, Compliance and Business Continuity Management;
● [SAFEWAY] Security Tower, supported by IBM Qradar (Watson Technology), IBM Resilient, and other solutions tailored to each organization for their security and cyber defense management needs.
● And others, involving technologies Imperva, Thales, Tripwire and WatchGuard Technologies.
We await your contact: [email protected]
