On the 19th and the 26th of May 2021 ISACA NL Chapter and NOREA will organize the two-part Square Table webinar ‘Standards versus hackers and lawmakers’. Beforehand we asked one of the speakers, Michael Petrov, founder of Digital Edge, a few questions to give you some insight on the contents of this webinar.
Could you explain the title of the event (‘Standards versus hackers and lawmakers’)? Why does it say standards versus lawmakers for example?
This is framed this way because lawmakers impose regulatory requirements on the businesses. Laws make businesses responsible for implementing safeguards to prevent harm to their clients. So our argument is that things like ISO standards can be a common ground to answer to both – defend from hackers and provide adequate safeguards to comply with government regulations to avoid penalties and lawsuits.
In your presentation you refer to the ‘bad guys’. Could you give an example who these bad guys are and explain what problems typically arise?
Well. During the presentation we are joking that from a business standpoint you can get financial damage from both – hackers and the government. We explain what financial damages are. But certainly bad guys are the hackers. Government is someone who can penalize you, strip you out of a license etc.
Could you maybe give us an example of a case you might discuss?
We will be concentrating on laws in US and touch on GDPR. Starting in 1999 the United States began enforcing regulations with information security and privacy requirements that used risk analysis as the basis for compliance. The Gramm-LeachBliley Act Safeguards Rule,11 the HIPAA Security Rule,12 and the Federal Trade Commission all required that organizations conduct risk assessments to define their own compliance goals. Risk assessments should help organizations determine for themselves the likelihood and impact of threats that could harm the public, and ensure that safeguards would not be overly burdensome. This risk analysis has been commonly described as ‘Risk = Impact x Likelihood.’
We are going to be putting parts of cybersecurity standards in legation to regulatory requirements. In particular what is ‘reasonable’ mean defined in many laws and how to make sure what that reasonable is.
In your presentation you will explain how many organizations are afraid to adapt a standard as they think that they are hard or complex and would require them to change their business processes. Is this fear justified? Could you raise a tip of the veil on the ‘standard techniques’ you will address ‘to demonstrate how it can be implemented in your day-to-day operations’?
Yes, we hear lots of arguments against implementing standards and we will offer the arguments supporting. Also we will not be talking about one standard but we will be looking at the components of the standards and how to implement those components so there are ‘reasonable’ safeguards that demonstrate ‘duty of care’ to take care of their clients. It is not going to be a lecture. It is an analysis, share of experience, practical tips. Risk management is a big part of it.
Register for the Square Table ‘Standards versus hackers and lawmakers’
Dates: 19th and 26th of May 2021
Time: 19:00 – 21:00
In the webinar Michael Petrov, Keith Barry, James Greenberg and Slava Rykhva will dive into the following topics:
• the basics of cybersecurity standards and frameworks
• methodology, verification and audit methods
• implementation, and operation of cybersecurity standards
They will provide participants with a deep understanding of cybersecurity standards, their implementation and operation, the implementation of controls and key performance indicators in the daily activities of IT organizations, as well as self-audit and measurement of the effectiveness of information security management systems taking into account risks.