sobota 28. října 2017

GDPR can bring major benefits to governance, security professionals

GDPR can bring major benefits to governance, security professionals
Published October 23 2017, 6:53am EDT - By Vilius Benetis
Plné znění článku najdete na portálu: "information-management"
konkrétně na adrese:
Cituji vybrané části textu:
"Combined with other data management and compliance efforts, the regulation can help solve a number of cybersecurity and privacy issues."
"With some data, it is easy. ... But the question is not only about granting or revocation of rights to process, but also about getting to know which data is stored, how it was processed, with whom it was shared, and having the possibility to remove that data from systems (i.e., to be forgotten)."
"Each of our digital activities touches many systems: computers, servers, information systems, transmission systems, security systems, usage analysis systems, and so on."
"Information systems and the Internet were designed mostly respecting another model – that the owner of the system owns the data as well, unless it is specifically provisioned otherwise."
"Despite all the difficulties, I would argue that implementation of the new regulation brings a lot of benefits to all those involved in IT governance, such as:
"IT staff are forced to talk and understand legal teams, discuss the impact, and better understand threat landscapes and liabilities, which shrinks gaps of understanding.
"Now, the securing of information systems, data and information system life-cycling, and the creating, processing, destroying, auditing, handing over and disposing of data will be assessed.
"Overall, GDPR has the potential to be one of the pillar forces that gets us together to address cyber security properly. While it alone will not be sufficient, combined with other governance and regulatory efforts, real progress can be made."
(Note: This post originally appeared on the ISACA blog, which can be viewed here).