While certainly not the biggest data breach in recent memory, this Rogers Communications incident demonstrates how a seemingly small employee error can have significant consequences in the realm of cybersecurity. Data breaches have become major news topics and with good reason. These incidents have major implications not just for the businesses affected but also for their...

Latin American companies need to increase their investment in cybersecurity, including security awareness training for employees. Data breaches and cybercrime used to be seen as shocking, alarming and difficult to fathom. Today, they seem almost run of the mill. The world and many of its criminals have gone digital, and yet countless organizations have yet to embrace new...

Information security governance is a subset of corporate governance and can complete or encompass the governance of information technologies. It directs or strategically aligns information security activities and ensures that the company’s business objectives are reached. It also guarantees that information security risks are adequately managed and that information resources...

As a follow up to the Business Continuity Management program article, here is a more detailed description of the development and implementation phase objectives and content of the Business Continuity Plan (BCP) for major incidents. This plan is in fact a set of plans which is comprised of the following main components: Emergency action plan and damage assessment This is a...

In April 2013, the Canadian government announced its action plan for cybersecurity and highlighted the successes realized within the framework of its cybersecurity strategy to enhance cyberspace security for Canadians. One such measure involves the Canadian Cyber Incident Response Center (CCIRC), which supports Public Safety Canada, acting as the national coordinating center...

The business continuity management program (BCM) covers the prevention, response and organization of actions required after an event which could significantly disrupt business operations. This ongoing program is more than an IT recovery plan. Here are the steps and components of a BCM, their relationships and the winning conditions necessary to implement such a program within a...

Cloud computing services require special attention in regards to information security and privacy. This is especially important when using credit card data while cloud computing in order to meet PCI-DSS ("Payment Card Industry – Data Security Standard") standards. To this end, the SSC ("Standard Security Council") published a document entitled “Information Supplement: PCI DSS...

Nowadays, information security is a very common term used in the business world. Previously, security was simply a matter of installing a firewall to protect a corporate network by adding barriers to prevent intruders from access it. In the last few years, information has become electronic, or should I say virtual, in its primary form. What used to be on hard copy or paper...

What is the value of the information stored on your computer equipment or paper documents? What would the impacts be if your personal or confidential information fell into the wrong hands (e.g. financial loss, loss of image / reputation, regulatory or legal non-compliance)? Can you be certain that a proper destruction method was used on the information (whether in digital or...