Cybersecurity: the 5 keys to avoiding dangers on the network

Given the vulnerability of personal data, which has become an easy target in the country and around the world to commit cybercrimes, the International Organization for Standardization (ISO) has created the ISO 27001 standard, a certification that arises to protect the identity of users; however, cybersecurity specialists reveal that this shielding is insufficient today because information can fall “into the wrong hands and jeopardize the security of the customer and therefore of an organization”.

As part of the International Information Security Day, which is celebrated today, the company Delta Protect explained that ISO 27001, like other ISO management system standards, represents the first step for protect users from cyber fraud. The problem is that ISO does not carry out certification, it relies for this purpose on external organizations.

He pointed out that ISO does not achieve certification, but rather provides the appropriate controls to achieve it. To do this, it investigates any problems, vulnerabilities and risks that the organization may present. To do this, it uses risk assessment and then defines their mitigation or treatment.

Thus, the security controls required by the standard are implemented through software and equipment. It also establishes the definition of policies and procedures.

Santiago Fuentes, CEO and co-founder of Delta Protect, explained that it is important to take these security controls into account and to go further, because “cyber problems lead to the loss of essential network services, the deterioration of reputation and customer confidence and serious financial problems”.

“This standard is the first step in ensuring that organizations make adequate and timely investments in cybersecurity, but let’s remember that since the pandemic, cybercrime has increased by 400%,” says the CEO.

The company offers organizations a list of hacks that can help prepare for 27001 compliance, such as:

Build a trained work teamwho knows and implements the Information Security Management System (ISMS).

Determine the scope of the ISMS. To do this, you must consider internal factors such as: mission, vision and objectives; governance and organizational structure; What are the roles and responsibilities, policies, goals and strategies of the organization?

Implement all necessary security controls to mitigate identified information security risks. Senior management support is crucial. Moreover, the addition of human, technical and financial resources is essential.

Generate documentation and evidence. Once the controls are in place, retain the necessary documentation to support the ISMS.

Pre-audit / Audit. Once the ISMS is in place with all applicable security controls, the institution or company is ready to be certified by an external body. However, as a best practice, Delta Protect recommends that a pre-audit be performed so that potential auditor non-conformances can be identified and resolved before the next final certification audit.