Loading...
Publication
Harmonized privacy and information security framework, including maturity and risk exposure
| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 2.06 MB | Adobe PDF |
Authors
Advisor(s)
Abstract(s)
Numa sociedade de consumo cada vez mais digital onde as organizações estrategicamente têm de adotar o seu modelo de negócio a essa realidade, mas ao mesmo tempo têm também de garantir a conformidade com recursos limitados, a um número crescente de obrigações legais relacionadas com a Privacidade e Proteção de Dados, Segurança de Informação e Cibersegurança, serão metas difíceis de realizar.
A conformidade legal, por exemplo com o RGPD ou com a NIS na Europa, poderá ser garantida através da utilização de partes de standards ou frameworks existentes sobre estes temas, nomeadamente, a utilização das ISO/IEC, das NIST, da ENISA, da Nymity, entre outras. No entanto, a questão dos recursos sejam eles humanos, financeiros ou de outra natureza não são infindáveis, e nem sempre estão disponíveis com a mesma ordem de grandeza nas organizações.
O desenvolvimento de uma framework harmonizada, que abranja as temáticas de Privacidade, Segurança de Informação e Cibersegurança, que inclua por cada requisito uma visão de maturidade e exposição ao risco será fundamental e contribuirá para as organizações poderem fazer uma gestão mais eficaz e eficiente dos seus objetivos, recursos, riscos, e ainda garantirem um grau de maturidade mais elevado face aos requisitos legais.
In an increasingly digital consumer society, organizations must strategically adapt their business models to this reality, while simultaneously also ensuring compliance with limited resources, with a growing number of legal obligations related to Privacy and Data Protection, Information Security, and Cybersecurity. However, achieving these goals with limited resources present significant challenges. Conformity, for example, with the GDPR or NIS in Europe, can be ensured using parts of existing standards or frameworks on these topics, such as ISO/IEC, NIST, ENISA, Nymity, among others. However, resources, whether human, financial, or otherwise, are not endless and are not always available in the same order of magnitude across organizations. The development of a harmonized framework covering the topics of Privacy, Information Security, and Cybersecurity, which includes a maturity and risk exposure view for each requirement, will be fundamental and will help organizations to manage their objectives, resources, and risks more effectively and efficiently, while also ensuring a higher degree of maturity concerning legal requirements.
In an increasingly digital consumer society, organizations must strategically adapt their business models to this reality, while simultaneously also ensuring compliance with limited resources, with a growing number of legal obligations related to Privacy and Data Protection, Information Security, and Cybersecurity. However, achieving these goals with limited resources present significant challenges. Conformity, for example, with the GDPR or NIS in Europe, can be ensured using parts of existing standards or frameworks on these topics, such as ISO/IEC, NIST, ENISA, Nymity, among others. However, resources, whether human, financial, or otherwise, are not endless and are not always available in the same order of magnitude across organizations. The development of a harmonized framework covering the topics of Privacy, Information Security, and Cybersecurity, which includes a maturity and risk exposure view for each requirement, will be fundamental and will help organizations to manage their objectives, resources, and risks more effectively and efficiently, while also ensuring a higher degree of maturity concerning legal requirements.
Description
Keywords
Framework harmonizado Conformidade Privacidade Proteção de dados Segurança de informação Cibersegurança.