Specialist in Risk & Compliance guarantees that the best practices in information security are a great ally of IT in the search for foreign currency and to unload projects
Compliance is the series of measures and rules that corporations implement and must follow to be in compliance with a framework, and collaborate to mitigate risks. These risks may include regulatory, tax, labor, competition and reputational issues, but it is mainly the business integrity risks related to fraud, corruption and criminality that require companies to take action. We also need to consider that as technology advances, such as Artificial Intelligence, new scenarios need to be designed.
“The application of the best security practices in markets that are not so mature, as is the case in Brazil, is a great challenge to be overcome. CISOs (Chief Information Security Office) or those responsible for information security in companies, know that they are not always a priority in the division of companies' budgets, and as much as everyone knows the importance of information security, in times of increasingly tight, their projects are often not prioritized”, assesses Isabel Silva, specialist in Risk & Compliance and Director of New Business at Add Value Security.
Even so, Brazilian companies have already taken an important step towards compliance. The consultancy Deloitte and the Brazilian Network of the Global Compact of the United Nations (UN) conducted a survey, released at the end of 2022, to assess how Brazilian companies treat compliance. Data collection heard from 113 companies, 58% of which with annual revenues above R$ 500 million (39% are listed on the stock exchange, and 17% have foreign capital).
The numbers indicated that 88% have an internal sector that is responsible for managing compliance, and 37% have a specific area for the subject. Among the companies surveyed, 89% considered that compliance improved financial results (37% a lot, 52% a little), and 73% foresee expanding investments.
“In fact, compliance is a great partner for IT and information security in the quest for budget. With the new obligations and rules that come into force, security projects tend to be removed or prioritized. We have already passed several regulations such as ISO 27001 (information security management system), PCI DSS (data security standard for the payment card industry) and LGPD (General Data Protection Act), each best information security practices are increasingly targeted, and we also have technologies in full development such as Artificial Intelligence, for example, which are still outside the regulations, but which in the future may be included in new versions of the standards. Therefore, adaptations to the cybersecurity architecture will have to be carried out,” explains Isabel.
AI and Compliance
The learning systems of solutions that use AI are prepared to detect discrepancies in patterns, users or networks. AI can be used predictively to monitor risks and analyze real-time data streams across a wide range of business activities.
“Technology always comes as an ally. Artificial Intelligence together with human expertise can make great advances in compliance and information security, both in public bodies and in private companies. Although edges have to be smoothed, there is an important potential for improvements in the scenario of regulatory compliance, impact analysis and provision of alternatives”, emphasizes Isabel.
About Isabel Silva
Business development director with extensive experience in cybersecurity. Expertise in the area of credit cards, sales management, data center, computer security and information security management. She was risk director at VISA and regional manager at BeyondTrust. In addition, she was Director of Business Development at Trustwave. She was Head of Security at Add Value and is now a partner and director of New Business Development at Add Value Security. She holds a bachelor's degree in Business Administration and Management, General from ESAN – Escola Superior de Administração e Negócios.
About AddValue
Founded in 2003, Add Value brings long experience in cloud technologies, hyperconvergence, networking, information security and virtualization. Headquartered in São Paulo and regional offices in Rio de Janeiro, Curitiba, Belo Horizonte, Brasília and Fortaleza, the integrator serves the entire national territory, in addition to participating in projects abroad. Its portfolio of solutions is wide, with emphasis on alliances with manufacturers such as: Citrix, Nutanix, Akamai/Guardicore, Palo Alto Networks, Darktrace, Qualys, Crowdstrike, Proofpoint, Commvault and others. More information visit the website: www.addvalue.com.br
EN 
PT 
