- Cybersecurity services: Awareness, detection, analysis, response.
- Cybersecurity technologies: Cybercrime detection tools, fight against cybercrime and cybercrime.
- Support for the development of the industry, R + D + i and talent: Development of the national industry, promotion of R + D + i, promotion and identification of talent.
Safe Practices Awareness (INCIBE awareness kit)
Minimum level access procedures to systems
Equipment audit / inspection and backup system
Protect your business
He then took over Jesús Cabrera as CEO at ILIFE Security. Its objective was to raise awareness because ...
WE ALL HAVE COMPETITION,
WE ARE ALL TARGETED.
To reinforce his message, he dissected for us the motivations, modus operandi and consequences surrounding Football Leaks. Thus, starting from a clear economic motivation (specifically, profit in bitcoins), Jesús explained to us that the attack methods used were carefully adapted after studying their objective. Finally, a backup copy at the address of the CEO of the target company was the attacked data, reaching them through emails impersonating identities ("phishing") sent just before a holiday in order to have time to exfiltrate the information using mechanisms of the deep internet ("Deep Web"). Colorin colorado, your data has flown.
Can we consider it an isolated case? Thinking that our information is not valuable to someone is the biggest and main security mistake.
Given that it seems that we have everything to lose, it was up to Agustín Solís as head of the cybersecurity business in Spain at Thales Sistemas de Seguridad present us the last bastion to defend:
Data, the asset to protect
(at all costs)
When all the other controls have failed, we have to put the last barrier in accessing the data. But in addition, the new European standards for data protection (GDPR) oblige companies operating in Europe to take an active role in the security of their information system.
An active role means, for example, that they are obliged to analyze the risk of known threats, establish security procedures, measure the effectiveness of the security measures adopted and, in particular, inform all those potentially affected by security breaches. the same.
Living up to these obligations will be very difficult if we do not align our treatment of information beforehand. The preventive medicine that Agustín Solís recommends is #cryption. That simple, that demanding.
Without a doubt, we will need help. At Thales they propose Vormetric as their answer to this demand and this is how they sell it to us:
- Easy-to-implement, transparent full encryption.
- Separation of roles.
- Audit and registry for forensic analysis.
- Centralized management of cryptographic keys.
Subject data, keep under seven keys, seen. We now focus our attention on security in the development of software applications by the hand of Ramiro Carballo as Director at CAELUM. A challenge.
BSIMM - Building Security In Maturity Model
Ramiro's approach is to establish a framework of activities that guide the effort to improve the security of the software product delivered. How do we start from the expectation of safe software as expected value we have to work on security during the construction of the software because we seek to improve an intrinsic characteristic, that is, something that happens before finishing the final product (more detail in cost-effective quality from Masa K Maeda).
So that our effort is not blown away by the wind, Ramiro proposes that we establish a target level according to the BSIMM Model for Software Security Maturity (Building Security In Maturity Model). Thanks to the BSIMM model and its 12 practices, we will know where we are and how we can improve. Wow! One less excuse.
Get cyber insurance!
"Be Agile. Be Digital. Be Secure »,