One main objective of the European Cyber Security Act is to inform business and consumers about the security of ICT products, processes and services, through certification schemes. This webinar provides solid information about the present status of the Act's implementation.
GRC: Be Connected! Cybersecurity Activities & Knowledge
26 janvier 2021 – Cyber Security Coalition
GRC: Be Connected! – about skills, frameworks and knowledge
A new year, and a new collaborative initiative by the Coalition, ISACA Belgium and the Solvay Brussels School of Economics & Management. In a series of six webinars, several hot topics in the field of cyber security are discussed from a very practical ‘point of view’. In a first webinar, some very basic aspects of cyber security are treated: how to manage necessary skills, what about frameworks, where to find knowledge.
Karel De Kneef, CSO of Swift, points out that ‘people make the difference’, with a consequent need to optimize the talent challenge. He presents his organization’s split between ‘protect’ and ‘transform’ activities, the latter targeting improved security, with a list of specific action points. Most of his efforts are spent on ‘security assurance’ (“policies are fine, but check whether they are correctly implemented”), ‘business support’ (“risk based approach and cooperation with the business”), ‘tools’ (“60+ tools and platforms”) and ‘cyber incident detection and response’. Every single point of attention requires people with appropriate skills, with growing needs of business insight and leadership qualities. It pays not only to broaden the horizons of security experts, but also to recruit people from the business side, with attention to diversity!
As frameworks go, the NIST cyber security framework is the leading standard. Umut Inetas, Manager Security Architecture at Ahold Delhaize, offers specific pointers how to apply NIST to organizations. In particular, NIST is a ‘framework of frameworks’ supported by a multitude of ‘special publications’ (SP’s) and FIPS (US Federal guidelines) covering specific sectors and needs. He discusses the three main components of NIST, in casu ‘tiers’ (implementation), ‘profile’ (from ‘as is’ to ‘to be’) and ‘core’ (strategy and roadmap). And of course how to tackle the five pillars: identify, protect, detect, response, recover. Along with these practical aspects, Umut Inetas also provides an insight as to ‘why NIST’ and its future.
The third presentation, by Vilius Benetis, director of NRD Cyber Security, underlines the usefulness of organizations as ISACA and First.org as sources of knowledge, certifications/certificates and trust. He points out why starting a CSIRT (Cyber Incident and Response Team) is important, and how to be about it.
Nos autres articles
This session of the Privacy Focus Group provides a valuable and practical primer for acquiring more insight in the issue of international data transfers after Schrems II and Brexit.
The webinar teaches you that information security must be handled in a structured way. Three Coalition members explain how frameworks such as CISM, NIST and ISO 27001 certification can support you in your role as CISO.
Audits strengthen business operations, yet many organizations are fearful of the process, rather than seeing the benefits of audits. In this webinar, you get better insights in the auditing process and how you can use audits to strenghten and mature your overall risk programme.
This webinar focuses on the context of information security through governance, more particularly on the key role of the CISO and the value of COBIT as a digital governance framework for information security activities supported by the presentation of a best practice.