Latin American companies need to increase their investment in cybersecurity, including security awareness training for employees. Data breaches and cybercrime used to be seen as shocking, alarming and difficult to fathom. Today, they seem almost run of the mill. The world and many of its criminals have gone digital, and yet countless organizations have yet to embrace new strategies that can...

New data breach notification proposals from President Obama and other political leaders will only exacerbate the impact of these incidents. The stakes surrounding cybersecurity aren’t just increasing – they are expanding. For years now, business leaders have understood that data breaches are a serious issue, one which firms must do everything in their power to avoid. After all, these incidents can...

The consumerization of IT is when employees use their own personal mobile devices, such as laptop computers, tablets, smart phones, etc. at work, referred to as BYOD (bring your own device). This use is becoming increasingly common and exposes companies to a variety of risks, including the protection of personal information. Canadian businesses appear to be leading the world in IT consumerization...

Information security governance is a subset of corporate governance and can complete or encompass the governance of information technologies. It directs or strategically aligns information security activities and ensures that the company’s business objectives are reached. It also guarantees that information security risks are adequately managed and that information resources are used responsibly...

As a follow up to the Business Continuity Management program article , here is a more detailed description of the development and implementation phase objectives and content of the Business Continuity Plan (BCP) for major incidents. This plan is in fact a set of plans which is comprised of the following main components: Emergency action plan and damage assessment This is a response plan to deal...

The ISO/IEC 27002 standard is part of a family of international standards (ISO 27000) for the management of information security. It includes the best industry practices to protect the availability, integrity and confidentiality of information. A risk assessment is initially necessary to identify priority controls to be implemented within a company in order to improve the information’s security...

Identity theft is not a new phenomenon, but has evolved with the advent of information technology. Nowadays, access to a large amount of information available on the Internet, the exploitation of IT or the use of various scams allow fraudsters to obtain private or confidential information about their victims in order to steal their identity and then commit malfeasance. Information sought for...

In April 2013, the Canadian government announced its action plan for cybersecurity and highlighted the successes realized within the framework of its cybersecurity strategy to enhance cyberspace security for Canadians. One such measure involves the Canadian Cyber Incident Response Center (CCIRC), which supports Public Safety Canada, acting as the national coordinating center for cybersecurity...

The business continuity management program (BCM) covers the prevention, response and organization of actions required after an event which could significantly disrupt business operations. This ongoing program is more than an IT recovery plan. Here are the steps and components of a BCM, their relationships and the winning conditions necessary to implement such a program within a company. Governance...

Ransomware is one the many scams that Internet users dread. Once this type of malicious program is installed, it asks the user for “ransom” to unlock the computer, using various pretexts and pretending to be a local police authority. In one case, a user clicked on a malicious link and was bombarded with pornographic pop-ups. The user attempted to restart his computer, when he received a message...

Cloud computing services require special attention in regards to information security and privacy. This is especially important when using credit card data while cloud computing in order to meet PCI-DSS ("Payment Card Industry – Data Security Standard") standards. To this end, the SSC ("Standard Security Council") published a document entitled “Information Supplement: PCI DSS Cloud Computing...

Nowadays, information security is a very common term used in the business world. Previously, security was simply a matter of installing a firewall to protect a corporate network by adding barriers to prevent intruders from access it. In the last few years, information has become electronic, or should I say virtual, in its primary form. What used to be on hard copy or paper form is now stored...

What is the value of the information stored on your computer equipment or paper documents? What would the impacts be if your personal or confidential information fell into the wrong hands (e.g. financial loss, loss of image / reputation, regulatory or legal non-compliance)? Can you be certain that a proper destruction method was used on the information (whether in digital or paper form) to ensure...