ANDRE CILURZO , MANAGING DIRECTOR , PROTIVITI

he structuring of information security

Well-structured information security policies rely on guidelines , not technical specifications , to :

• Identify and prevent threats and vulnerabilities

• Direct the identification of crown jewels ( critical assets for the operation of the company ’ s core

Policies should be reviewed annually , as the threat landscape constantly changes and new threats emerge daily .

Ultimately , a robust information security policy that reflects the business model .

business ) by identifying processes that ensure the company ’ s operation and do not interrupt revenue-generating activities

• Establish security measures based on risk assessment

• Provide guidance on data discovery and classification of critical data

Furthermore , policies should be reviewed annually , as the threat landscape constantly changes and new threats emerge daily , requiring companies to adapt their strategies as the threat environment changes .

It is also essential that cybersecurity awareness based on policy empowers professionals to recognise and report such threats to the IT or information security team in case of situations outside their routine .

The adoption of secure practices in technology use by professionals necessarily involves everyone ’ s understanding of the risks associated with sharing information , the misuse of access credentials and handling information contrary to the information security policy .

Ultimately , a robust information security policy that reflects the business model . Combined with current industry regulations , it will enable the adoption of assertive and effective prevention measures for risk management and quick responses to incidents , strengthening your reputation and demonstrating commitment to protecting your customers and partners .

30 WWW . INTELLIGENTCISO . COM