(ISC)², the world's leading institute focused on education and professional certifications in information security and cybersecurity, suggests that information security managers take some actions to anticipate trends, prevent attacks and preserve the value of internal data in organizations.
“Cyberattacks are becoming more and more sophisticated and the theme has been gaining attention worldwide. It is necessary to prioritize the education and awareness of users to avoid the leakage of strategic information from the company”, says Walmir Freitas, Member of the Advisory Council of (ISC)² for Latin America.
Check out 5 recommended actions below:
1 – Know the company's priorities
The first step for a well-designed Information Security strategy is to deeply understand the environment and the scenario in which the organization operates, and it is necessary to understand the relevance and profile of the information in order to establish criteria for secrecy and criticality. All areas of the organization must be involved so that there is a complete understanding of the organizational environment. "Access levels must be decided together and must follow a clear hierarchy so that users only have access to what they need and do not compromise the confidentiality and integrity of information", says Walmir Freitas, Member of the Advisory Board of the (ISC )² for Latin America.
2 – Create simple and clear rules
The rules for use and access to information must be simple, clear and objective so that all users are able to understand and apply them. To comply with the rules with commitment, people need to understand the possible impacts of their non-compliance. These rules must consider the organization's hierarchy, norms, policies and procedures, in addition to the daily needs of users.
3 – Train and communicate
Ongoing training is an important step in the Information Security strategy. Users need access to company rules and policies for any queries, and must always be up to date on any changes that may occur. E-mails, communications, bulletin boards and training allow users to keep safety guidelines in mind and understand the consequences of their actions, thus avoiding the deliberate or unintentional leakage of information.
4 – Use the correct tools
There are several tools for preventive control and detection of threats to Information Security. Preventive control tools encompass the early blocking of threats and educational initiatives for users. Detection control, on the other hand, monitor actions to understand the behavior of users and help monitor the daily changes of companies. They automate the process, prevent data leakage and loss based on pre-established standards. Its use, however, must be done assertively so that there is no excessive access impediment that hinders the development of the work, nor too free, so that there are no leaks.
5 – Lead by example
People tend to give more importance to example than to rules, which is why managers have a fundamental role in the dissemination of the company's Information Security policies. Managers must be well trained in rules and policies, demonstrating their application on a daily basis, advising users on the consequences of their actions and generating a learning cycle. Employees who see their managers as role models tend to be less likely to leak and perform better.
“Cyberattacks are becoming more and more sophisticated and the theme has been gaining attention worldwide. It is necessary to prioritize the education and awareness of users to avoid the leakage of strategic information from the company”, says Walmir Freitas, Member of the Advisory Council of (ISC)² for Latin America.
Check out 5 recommended actions below:
1 – Know the company's priorities
The first step for a well-designed Information Security strategy is to deeply understand the environment and the scenario in which the organization operates, and it is necessary to understand the relevance and profile of the information in order to establish criteria for secrecy and criticality. All areas of the organization must be involved so that there is a complete understanding of the organizational environment. "Access levels must be decided together and must follow a clear hierarchy so that users only have access to what they need and do not compromise the confidentiality and integrity of information", says Walmir Freitas, Member of the Advisory Board of the (ISC )² for Latin America.
2 – Create simple and clear rules
The rules for use and access to information must be simple, clear and objective so that all users are able to understand and apply them. To comply with the rules with commitment, people need to understand the possible impacts of their non-compliance. These rules must consider the organization's hierarchy, norms, policies and procedures, in addition to the daily needs of users.
3 – Train and communicate
Ongoing training is an important step in the Information Security strategy. Users need access to company rules and policies for any queries, and must always be up to date on any changes that may occur. E-mails, communications, bulletin boards and training allow users to keep safety guidelines in mind and understand the consequences of their actions, thus avoiding the deliberate or unintentional leakage of information.
4 – Use the correct tools
There are several tools for preventive control and detection of threats to Information Security. Preventive control tools encompass the early blocking of threats and educational initiatives for users. Detection control, on the other hand, monitor actions to understand the behavior of users and help monitor the daily changes of companies. They automate the process, prevent data leakage and loss based on pre-established standards. Its use, however, must be done assertively so that there is no excessive access impediment that hinders the development of the work, nor too free, so that there are no leaks.
5 – Lead by example
People tend to give more importance to example than to rules, which is why managers have a fundamental role in the dissemination of the company's Information Security policies. Managers must be well trained in rules and policies, demonstrating their application on a daily basis, advising users on the consequences of their actions and generating a learning cycle. Employees who see their managers as role models tend to be less likely to leak and perform better.
EN 
PT 
