What is wrong with CyberSecurity?
According to an article in The Hill the new DHS breach illustrates perfectly what is wrong with today’s cyber security practices. They say that “organizations should focus less on how a breach occurred (hacking, insider, fraud, etc.) and focus more on building up and preserving customer trust in their products and services“. A light and humorous, albeit bleak talk by James Mickens is also vocal that computer security is “not even close”. Our CEO Dr. Lang and many others have also previously talked about how cybersecurity is a market failure.
At ObjectSecurity we have made that point many times. When do clients dive deeper, when do they start really looking outside the compliance checkboxes? Often when its to late when the hack already happened and when the privacy of their users and employee’s is already compromised.
Unfortunately the articles mentioned above mostly “admire the problem” instead of providing concrete solutions.
An often heard argument is of course costs, but also that companies can’t get good insight into all their systems, security policies, applications and users. We have worked on many ideas and solutions to make it easier for companies to get these insights to be able to build up and preserving customer trust in their products and services. And of the tools we developed is our OpenPMF Policy Auditor – a cost effective tool that helps any organisation get 100% insight into their technical security policies without the help of expensive consultants.
And even when companies have visibility into their policies, they often lack the tools to make consistent technical policy enforcement happen across all their systems, security policies, applications and users. For that, we have developed OpenPMF Security Policy Automation, which gives you a consistent policy management umbrella: you can author and maintain all policies consistently in one convenient tool, and OpenPMF takes care of translating your policies into the matching technical access control enforcement.
Read the whole article here, watch James’s video here, and read more about OpenPMF Auditor here and OpenPMF Security Policy Automation here.
Don’t panic over GDPR, you still have 132 days.
Judging from all the General Data Protection Regulation (GDPR) articles out there it seems like the world is in panic. Many organizations are very afraid of the implications and the fines that can go up to 20 Million euro or 4% of the turnover, global, of any company. But is it really something to panic about? We don’t think so. First of all, you still have 132 days. Secondly, we are here to give you a few tips to get started getting ready for GDPR:
- Raise Awareness within your company about the importance of GDPR
- Document what personal data you store, identify where it came from and why you store it
- Clean up and remove unused personal data, that is no longer required for regulatory or historical reasons
- Create an organizational chart showing which role, or third party, is responsible for each element of GDPR
- Update security data policies and procedures
- Prepare for a data breach and document (train) what to after a breach.
- Understand the rights that people have and prepare to be challenged
- Determine technical solutions that help comply with GDPR
And last but not least: talk to experts to be fully prepared. And as we offer to all our clients and partners and the wider community, just give us a call to get more information and support to become GDPR compliant.