Risk mitigation and awareness, compliance and regulation and business opportunities will be the 3 axes of work of the new group
We are experiencing a great awakening around the world regarding the importance of information and cyber security, in view of the many challenges facing the increase in the number of hacker attacks, the emergence of the cyber crime industry and the entire technological revolution fostered by cloud computing, IoT, SaaS, PaaS, mobility, big data, automation, artificial intelligence, among other innovations.
Faced with so many changes and challenges, ABES has just created the Information Security Committee, which will be coordinated by Roberto Gallo, CEO, co-founder and chief scientist of the company Kryptus Security of Information, a professional with over 18 years of experience in the area, including working with projects in the Defense Industry.
“Today, we have a movement in Brazil to create an important set of laws, which began with the enactment of the Civil Rights Framework for the Internet. Now, we are experiencing the discussion of laws on privacy of personal data, a discussion already consolidated in regions such as the European Union but which have global effects. For example, Brazilian companies that have users in the European Community, even if the company is based outside the region, are subject to the European Legal Framework. In other words, the world is very interconnected, attentive and concerned about information security and cybernetic issues”, highlighted Gallo.
The executive explained that the Information Security Committee will work on three main axes:
1) Risk mitigation and awareness: there is a need to establish and disclose essential measures in order to protect sensitive information that every company has, such as contractual information, customer lists, a patent that has not yet been deposited, the formation of costs of a certain product, among others. other situations. “Every company, of any size and segment, has specific data to protect”, he summarized.
2) Compliance & Regulation: it is related to the need for companies to comply with laws, best standards and practices and national and international regulations. “They are almost always mandatory, meaning organizations have no choice but to follow them. These rules usually emerged to meet a market need, because companies and institutions were not able to regulate themselves properly”, he explained.
3) Identification of new market opportunities: provided by technological advances such as bitcoin. “Innovations in information security enable new business models, both for the solution provider and for its customers. You have to take advantage of them,” he added.
More awareness and less vulnerabilities.
Gallo considers that companies in Brazil, in general, have a relatively low level of maturity regarding information security and cybernetics when compared to their international counterparts, do not know the laws to which they are subject and are unaware of the opportunities that innovations provide, including those working in the ICT sector. “That's why we have awareness-raising work to do. This awareness needs to be transversal, encompassing the user, the customer and the solution provider”.
“If the Brazilian software industry aims at the global market, systems security is a fundamental aspect. A software company needs to be aware and ensure that their tool is safe. But does it use the features that help reduce program vulnerabilities in the development process?” he pondered.
In Brazil, Gallo assesses that “the public sector is aware that it needs to improve”. On the other hand, the executive recalls that it is necessary, for example, to reduce the vulnerability of IoT equipment and “stimulate the awareness of suppliers in this sector about the relevance of adherence to good security practices”, he warned.
According to Francisco Camargo, president of ABES, the creation of the committee is in line with the association's mission to promote the development of the software and services industry in Brazil, work towards regulations that do not limit competitiveness and promote best practices in the market. Brazilian market, in line with international trends and discussions.
“Attacks are increasingly complex and demand agility from solution providers, customers and users worldwide. We live the reality of the global flow of data, the digital transformation of business and our relationship with the world, people and organizations. Threats also increase and need to be mitigated”, concluded Camargo.
ABES recently launched the ABES AUDITED CODE CERTIFICATE, a service for associates and non-associates, which allows identifying vulnerabilities in a software and presents suggestions on how to correct them, based on an audit process based on the HPE Fortify On Demand solution. .
The entity also maintains committees on Intellectual Property, SaaS, IoT and Regulatory, which are open to the participation of any member.
EN 
PT 
