Roles and responsibilities in information security

[shukla7789]

Discover how to structure your company's information security without violating the privacy and confidentiality of your data.

s Cyber ​​Resilience and how to achieve it?

With the unprecedented rise in digitalisation and the volume of data being collected and stored , cyberattacks have also skyrocketed. In the year of the pandemic alone, an increase of around 600% is estimated . They have also grown in sophistication and scope.

That is why information security has become the employment database of all departments and its best practices today determine the realization of alliances, agreements and businesses.

The importance of data privacy and integrity is not in question. It is an unavoidable responsibility of businesses, which if left vulnerable can mean multi-million dollar losses.

The roles and responsibilities structured around information security present a dichotomy that is due to their origin. Depending on whether their origin is in an area outside the organization, as is the case of service providers; or whether they reside within the organization, their responsibilities will vary, despite sharing the same objective: to ensure the integrity of the data in the end .




HubSpot BLOG

The WEF Global Risks Report 2020 stated that in 2021, cybercrime damages are expected to reach $6 trillion , which is equivalent to the GDP of the world's third-largest economy.

Source: McAfee


Information Security as a Service
The responsibility of service providers, as the most common representatives of figures external to the organization that can interact with its information, creating a security breach, is summarized in the form of a document.

Service level agreements establish the objectives that should guide and commit these IT companies in outsourcing mode, defining their responsibility regarding data protection.

The basic aspects that this statement of commitment must cover are:

Control of technologies, and also of their operation.
Making backup copies, which act as a backup.
Implementation of recovery processes, to be put into operation if necessary.
It should be noted that system owners, owners and those in charge of information, are not exempt from their responsibility in terms of information security, since they will be responsible for other obligations, such as all those related to data management and governance, which are essential to maintain the privacy and security of data in the organization within the desired standards.