The importance of Information Security and Data Protection

The information events organized by the various associations and private event organizers have recently been strongly influenced by the issues surrounding the new risks arising from the digitization of the economy. The high vulnerability of the internal IT structure, the high “art” of hackers and the large number of governmental and non-governmental actors on the one hand, contrasts with the unchanged high level of carelessness of many people in their private and business environments. The Internet of Things brings additional challenges for companies in the security sector. In crisis staff exercises we have seen how little even well-trained staffs have been able to open themselves to the idea that there could be an attack on production control within the framework of Industry 4.0.

The Facebook affair has also made us aware once again that the business model of collecting data is by no means as harmless as we have deluded ourselves. It was touching to see the innocent look Mr. Zuckerberg put on during his questioning in the US Congress. The analysis of “Big Data” can not only be used to optimize investment strategy in asset management, but also to manipulate the democratic processes that are so important to us. This affair only made clear to us what we all already knew but did not want to admit. The greatest asset of ours, both on a private and business level, is the control over our data, our information and our knowledge.

At Verismo we will take this development into account and realign our consulting capacity. For this purpose we will bundle IT-technical and classical consulting knowledge in one overall appearance. The discussion about corporate security cannot stop at fire and intrusion protection. In addition to the superfluous discussion about safety and security, the separation between IT and non-IT security should be a thing of the past. The training of young security professionals, the organization of corporate security and the services offered by consultants should be geared towards this.

How can the reorientation of corporate security as a result of digitalization be implemented? What can a future-oriented security management system (SMS) look like? The various standards and guidelines will certainly provide assistance. There is no special standard for this area. ISO 31000:2018, which will soon be published as a German or Swiss standard, offers several advantages over its predecessors. The idea of a “family of standards” with the necessary special contents risk assessment (ISO 31010), BCM (ISO 22301) information security (ISO 27001) and others is spreading further. However, as I know from my own experience, the work in the ISO committees themselves is occasionally accompanied by tactical skirmishes on the international level. Do we really need a standard for “Legal Risk Management”?

A training program must also be geared to the aforementioned requirements of the future. Our own established seminar program cannot fully achieve this. Our practice-oriented four-day basic course on risk management provides the necessary basic understanding. With our training center we offer excellent training opportunities in a very personal environment. Our web-based tools DEMiOS 2.6 and CUSTODiOS 2.0 offer innovative solutions for tool support in crisis or incident management. In this way, we make a first tangible contribution to the digitalization of security processes. See also our DEMiOS News No.5.

We look forward to hearing from you

Klaus Bockslaff and Team