GRC: Be Connected! – about skills, frameworks and knowledge


A new year, and a new collaborative initiative by the Coalition, ISACA Belgium and the Solvay Brussels School of Economics & Management. In a series of six webinars, several hot topics in the field of cyber security are discussed from a very practical ‘point of view’. In a first webinar, some very basic aspects of cyber security are treated: how to manage necessary skills, what about frameworks, where to find knowledge.

Karel De Kneef, CSO of Swift, points out that ‘people make the difference’, with a consequent need to optimize the talent challenge. He presents his organization’s split between ‘protect’ and ‘transform’ activities, the latter targeting improved security, with a list of specific action points. Most of his efforts are spent on ‘security assurance’ (“policies are fine, but check whether they are correctly implemented”), ‘business support’ (“risk based approach and cooperation with the business”), ‘tools’ (“60+ tools and platforms”) and ‘cyber incident detection and response’. Every single point of attention requires people with appropriate skills, with growing needs of business insight and leadership qualities. It pays not only to broaden the horizons of security experts, but also to recruit people from the business side, with attention to diversity!

As frameworks go, the NIST cyber security framework is the leading standard. Umut Inetas, Manager Security Architecture at Ahold Delhaize, offers specific pointers how to apply NIST to organizations. In particular, NIST is a ‘framework of frameworks’ supported by a multitude of ‘special publications’ (SP’s) and FIPS (US Federal guidelines) covering specific sectors and needs. He discusses the three main components of NIST, in casu ‘tiers’ (implementation), ‘profile’ (from ‘as is’ to ‘to be’) and ‘core’ (strategy and roadmap). And of course how to tackle the five pillars: identify, protect, detect, response, recover. Along with these practical aspects, Umut Inetas also provides an insight as to ‘why NIST’ and its future.

The third presentation, by Vilius Benetis, director of NRD Cyber Security, underlines the usefulness of organizations as ISACA and as sources of knowledge, certifications/certificates and trust. He points out why starting a CSIRT (Cyber Incident and Response Team) is important, and how to be about it.

Other blog posts

How do data protection rights fare in Corona times?

In this GDPR anniversary webinar, three privacy experts focus on the challenges they face when assessing and implementing government measures adopted in the fight against COVID19. The Corona pandemic has risen awareness of the importance of privacy, not only in our private life but also in the employer-employee relationship, and the need for a broader democratic testing of privacy threatening technologies.

EU Cybersecurity Act: moving forward

One main objective of the European Cyber Security Act is to inform business and consumers about the security of ICT products, processes and services, through certification schemes. This webinar provides solid information about the present status of the Act's implementation.

Share this useful content with friends: