Security is so portable…
| January 15, 2012 | Posted by admin under Corporate Security |
Several months ago, I was working for a Telco, where the focus was to protect customer data and our core business, the communication infrastructure. Data Loss Prevention (DLP) and Database Audit Monitoring (DAM) technologies were the most appropriate to see the customer data traffic flow or excessive requests for too many customer data records from our main database and to react appropriately, in conjunction with encryption and SIEM (Security Incident Event Management) tools. Moving to a retail company, I zoomed to the loss prevention concepts, in alignment with the core business demands. Apart from working on the business processes, I realized…
Metrics
| January 6, 2011 | Corporate Security |
Metrics in security are not an easy task. Usually, as a security manager, you reach the metrics level when you have already reached a certain level of security maturity. Going higher means effort, hard work and a structured approach. That means something slow that you can measure… The real challenge is to synchronize metrics with both the security strategy of the company – already aligned with the business strategy – and with the individual objectives of the security manager and his team! Really challenging!
Security as a Business Partner
| August 12, 2010 | Corporate Security |
Not much time before, security was seen like a business killer, a component raising lots of problems to the people really trying to bring benefits to the companies. The security guys were stuck in their very complicated and restrictive policies and procedures, and one exception was really hard to obtain. At present, security is part of the business processes and the security colleagues act like business partners. The root cause is that security has been moved higher in the hierarchy and has access to the business strategy. Moreover, given that new positioning, it has the power to influence the processes…
Data Loss Prevention Concept means Data Protection Strategy
| July 22, 2010 | Information Security |
Security experts introduced very recently the concept of the DLP Process, which contains the enforcement technologies, referred by most people as “DLP”. The information that flows between the storage area and the mobile one (laptops), and even to the not-controlled are like Internet or USB memory sticks, needs protection E2E, and this could be done only trough a complete security architecture based on the following three technologies, who lives in full harmony and interact continuously: Database Audit Monitoring, Data Loss Prevention and Encryption. The DLP technology protects data in storage (file servers), in transit (to Internet, via email, web, instant…
Centralized Security or not?
| June 23, 2010 | Corporate Security |
Centralized because security is not IT Security, is not Information Security, not Network Security, not even Fraud or Physical security, but just Business Security. Business processes cover many enterprise domains, starting with procurement, finance, IT, network and ending with customer care, e-payment and data protection or legal aspects. For E2E security, you need centralized security! Centralized is not enough! The authority is given by the positioning, also! When security team reports directly to CEO, it is clear that all other enterprise units will pay attention to what the Security Officer will say. If not, that officer is just another colleague…
Security – Involved in Legal Issues or Not?
| June 8, 2010 | Posted by admin under Corporate Security |
Who do you believe is the most appropriate person to understand the regulations concerning importing and exporting encryption software? Legal or Security experts? What about the details in the rules concerning digital signatures or computer access and trespass? The answer is in the middle, of course! Security guys are the most appropriate to understand the details. However, they need some translator from Legal language to Human readable language. The message is that Security guys should be involved and should have responsibilities in ensuring that laws governing security related domains are observed and followed in the company. The cooperation model between…
What to ask from a security officer?
| May 30, 2010 | Posted by admin under Corporate Security |
Usually, all security related issues, isn’t it? Yes and no! Security managers should have a Security Program, which is cross-functional meaning that it should extend over all business units. The Security Program is like a project, having a starting point and one deadline, and SMART objectives. This program should focus on priorities, not on all security issues inside the organization.
About this start
| May 25, 2010 | Posted by admin under Corporate Security |
This blog is intended to help CxOs understanding what to ask and expect from security officers. Moreover, the main security concepts will be discussed here, using the CxO language.
