Importance of Corporate Information Security

With the growing evolution of the Internet of Things (computer, cell phone, devices of the most diverse connected to the network) and more "connected" life forms, the concern in the companies to maintain the security of the data is critical.

It is increasingly possible to transmit information of great importance to an organization on a flash drive, cell phone via MTP transfer (usually never remembered to be blocked by organizational policy), and even in QRCode, photo and even data recorded in format. sound.

We are not in an Interpol scene of cinema films, but we are very close to a reality that the security of a company's data has been increasingly difficult to control, as people with their "things" transmit important information in a simple twit, or photos of the company of friends on Instagram, Facebook, and among many other applications.

The importance of thinking about information security in a company becomes more and more critical because every time we advance in having a modern structure, we think about technological means for this to be implemented.

In recent years, many companies that exist today, work in segments that did not exist 10 or 20 years ago, are new segments that appeared with the current internet network that exists today.

An example of this is the Web advertising agencies, where the main channel of communication is social networks with customers of a certain product or service, quickly answering users' questions using what users use.

When we talk about projects, we also think about security, because if a project ends up falling into the wrong hands, it can be developed more quickly by the competitor and ends up losing the market.

Much of a company's information is exposed daily on the internet, and even from the government, such as Wikileaks revealing secret US government documents.

Companies that care about information security above any item, are not limited to protecting a server or an application, because generally the greatest danger does not come from outside, but from those who work within the organization.

Places like sealed rooms where no one with electronic equipment can enter, with restricted access via biometrics or optics, are no longer fiction and are already part of the day-to-day life of several companies such as banks and large data centers.

In addition, there are currently ways to measure information security in companies through auditing, based on established documentation and standards promoting good practices to ensure that processes do not fail.

The International Institute for Standardization, ISO (International Organization for Standardization, defines good practices in the ISO 27001 standard, and many of them are examples of changing an organization's process so that it is possible to implement a level of security for certain information.

To do information security is to know how to define who can access a certain item, and it is defined with controls, and these controls are from a door with a lock, a login, a lock with biometrics or a spoken password for identification.

There are employees who leave their machine login passwords written on some paper at their desk, without worrying about security, making the security mechanism flawed.

One of the main awareness of information security is not only in the mechanisms that create security, but also in the processes in which people are involved, there must be a common agreement between people in a certain sector and / or department who know that certain information cannot in any case. hypothesis to be revealed.

Information security in a company is not limited to security controls and mechanisms, but also to the mutual awareness of team members and the collaboration of maintaining information with those who have access to that information.

No comments