Information Security Management
The security of IT systems has become essential to ensure that organisations run smoothly. The fast pace of technological development has led to increasing dependence on IT systems, with the emphasis initially on performance.
Over time, it gradually became clear that the speed of means of communication was not the only criterion, but these means also had to prove reliable and safe.
An organisation that wishes to obtain access to confidential data (authentic sources) is subject to a number of security requirements imposed by the European, federal and regional authorities. By means of a strategic security plan that follows the good practices of the international standard ISO/IEC 2700x, it will seek not only to support the technical security measures, but also to evolve towards a level of multidisciplinary security that complies with the laws and standards imposed by organisations such as the National Register (RRN), the Banque Carrefour de la Sécurité sociale (BCSS - central social security database), etc. The monitoring body in this area is the CPVP, the Commission on the protection of privacy.
Another important aspect of this service is the provision of advice on important issues relating to information security and incidents. Within the organisation, the staff also need information on the dangers and risks that may impact on the security of confidential information which they are called upon to process.
Thanks to active collaboration with the technical services, substantiated proposals for improvements may be submitted to the management. The fact is that arbitrary decisions taken on the basis of exclusively technical considerations are insufficient to guarantee the Confidentiality, Integrity and Availability triangle.