(ISC)² is an international non-profit membership organization that aims to inspire a secure cyber world. Recognized by award-winning certification Certified Information Systems Security Professional (CISSP), (ISC)² offers a portfolio of credentials, courses and events that approach security in a holistic and programmatic way, whether bringing together professionals and the general public.
In view of the expansion and sophistication of hacker attacks and cyber crimes, the ABES Portal interviewed Walmir Freitas, Member of the Advisory Board of (ISC)², to talk about cybercrime, the most relevant issues in information security and the solutions and necessary prevention and protection policies.
1 – What are the main threats to information security companies for the coming years?
I would say the main threat is the sophistication of the attacks. Invaders today are basically divided into those who think they have a nobler end in their actions, such as fighting injustices and even terrorists, and those who have more concrete ends, such as obtaining financial gains, working for organizations. criminals, governments and other entities. Both groups are increasingly committed and sophisticated in discovering new vulnerabilities, exploiting new technologies and taking advantage of the weakest link in the chain – the user.
2 – How mobility and the cloud impact positively and negatively on information security?
They are “new” technologies and everything that is new takes time to improve. Thus, they present vulnerabilities intrinsic to their use or functioning. In this way, the first mobile applications, for example, brought new security problems (many have already been fixed) and, nowadays, it is much easier to develop a more secure platform. It's natural evolution. As a positive example we have cloud computing. Although at first companies think they could have a bigger problem with security, many providers have better controls than those present in their original environment. In this way, the information is better protected. Of course, it's not possible to generalize, but the message is that new technologies have security evolving along with the product itself.
3 – What are the types of solutions/software that must compose a secure network environment?
A single answer is difficult, but it is still essential to have a protected infrastructure with latest generation firewalls, edge protection (DLP, antivirus, antispam, etc.), secure applications based on the best standards and, above all, the awareness of users with a effective management (governance). However, the word now is anticipation through cyber intelligence that is materialized through specific tools. It's relatively recent, but it should soon be part of the security feature portfolio.
4 – What is your main tip to guide security programs?
There is no point in having many tools or many people on the team if there is no risk-based planning, that is, it is necessary to protect through prioritizations aligned with the company's business objectives. It is common to invest in resources that are not actually protecting what is most relevant to the company.
EN 
PT 
