To place Information Security at the center of the management strategy can impact the business continuity directly, CEO of the group Daryus Consultoria e Training, Jeferson D'Addario; the Risk Management and Information Security director of the Federal Court of Accounts (TCU), Rodrigo Coutinho; and CISO (Chief Information Security Officer) and DPO (Data Protection Officer) of the group Cogna Educação, Alex Amorim defended at RNPSeg’20, held last Wednesday, 11/11. Promoted by the National Education and Research Network (RNP), the event was addressed to IT managers at the executive level, with an emphasis on cybersecurity.
The debate was about the resilience issue, which had to be developed, especially this year, for the companies to be able to adapt and survive in the crisis. “Unmapped risk is accepted risk. We've been talking about ransomware for over a year. Why are the companies not prepared for this yet? ”Alex Amorim, from the Cogna group, asked.
For Jeferson D'Addario, from Daryus Consultoria, Risk Management is rationalization of investment. “Risks and Continuity are not costs. This is not consistent with a country which wants to be competitive from now on”, the manager said. “If we don´t understand the business well, what the processes and the information flow are, we will not be able to include the subject as part of the planning. The risk appetite has to be defined with the leadership,” Jeferson emphasized, pointing to the financial loss issue.
The manager of CAIS/RNP, Edilson Lima, also pointed out that it is necessary to talk about security and business continuity with the High Administration. "They have to understand that a cyber-attack brings financial loss, loss to the brand and that information security is not handled only with an information security team only", Edilson Lima said to portal Convergência Digital.
As a representative of the public sector, the director of TCU, Rodrigo Coutinho, warned about the image damage issue. “What body likes to appear in prime time on TV exposed to the population for not delivering a quality service?", Coutinho noted.
For CISO of RNP, Emilio Nakamura, in addition to business contingency plan A, it is important to have an organized plan B. “Resilience and Business Continuity depend on each organization and have different levels. Resilience involves aspects beyond technology, it involves succession of leaders. Security and privacy are everyone's responsibility,” Nakamura said.
RNPSeg'20 is held by the Security Incident Response Center (CAIS/RNP) and has gotten support from the Cyber Treatment and Response Center of the Government (CTIR.Gov), Microhard Informática and the group Daryus Consultoria e Training.
To learn more, go to the event site.
To watch RNPSeg'20 again, the recording of the event is available on the YouTube channel of RNP.