Intelligent CISO Issue 75 | Page 30

EDITOR ’ S question

ANDRE CILURZO , MANAGING DIRECTOR , PROTIVITI
he structuring of information security

T policies in companies is essential , not only to establish data protection guidelines , but also to guide the planning of actions , investments to be made , and the necessary efforts to reduce the risks of information leakage and hacker attacks .

Well-structured information security policies rely on guidelines , not technical specifications , to :
• Identify and prevent threats and vulnerabilities
• Direct the identification of crown jewels ( critical assets for the operation of the company ’ s core
Policies should be reviewed annually , as the threat landscape constantly changes and new threats emerge daily .
Ultimately , a robust information security policy that reflects the business model .
business ) by identifying processes that ensure the company ’ s operation and do not interrupt revenue-generating activities
• Establish security measures based on risk assessment
• Provide guidance on data discovery and classification of critical data
Furthermore , policies should be reviewed annually , as the threat landscape constantly changes and new threats emerge daily , requiring companies to adapt their strategies as the threat environment changes .
It is also essential that cybersecurity awareness based on policy empowers professionals to recognise and report such threats to the IT or information security team in case of situations outside their routine .
The adoption of secure practices in technology use by professionals necessarily involves everyone ’ s understanding of the risks associated with sharing information , the misuse of access credentials and handling information contrary to the information security policy .
Ultimately , a robust information security policy that reflects the business model . Combined with current industry regulations , it will enable the adoption of assertive and effective prevention measures for risk management and quick responses to incidents , strengthening your reputation and demonstrating commitment to protecting your customers and partners .
30 WWW . INTELLIGENTCISO . COM