Information Security

Information, a valued asset in the modern world, is important for the operation and intelligence of the company's business, and especially for its credibility with Customers and commercial partners. .

The protection of company data is a mandatory, non-negotiable practice. For this reason, modern companies seek to establish an information security structure based on policies, security solutions and adherence to market standards and best practices, aiming to provide an adequate level of security for the business.

The Information security framework encompasses security policies, management processes and mechanisms, control and continuous monitoring of information integrity, prevention of internal and external attacks, data theft, secure access to company information and the continuity of the functions of business in the event of incidents or natural disasters.

The proper functioning of this structure depends heavily on planning, maintenance and constant evolution of prevention against the dynamics of constant and increasingly sophisticated attacks. The company's success depends on the implementation of a robust strategy that allows the capture, access, storage, processing and monitoring of data in a secure way.

Information Security Planning

Information Security planning is a process that must be carried out periodically and may have different scopes. Planning work may include: risk assessment (new and conventional threats), adherence to policies; the effectiveness of established processes; the services and technological solutions used; mechanisms for recovering and re-establishing business functions, and raising awareness among employees.

The main elements that constitute this work:

They need to be analyzed, as they must direct all initiatives that establish new mechanisms and update the company's existing information security structure (Ex.: outsourcing of functions, mobility, business expansion in digital media, internationalization, integration with commercial partners through file exchange and transactions) .

It mitigates the risk of application of penalties by regulatory bodies, due to non-compliance, which is the case of some market sectors. They also help in the establishment of policies, governance, controls and processes for the company's information security structure.

Allows evaluating functions, roles and responsibilities, training, communication and service levels (internal and performed by third parties) .

It allows evaluating the diversity of technological platforms (hardware, software, applications) and the existing mechanisms for the control and monitoring of these environments.

Allows you to evaluate data, including: access privileges, retention policy, storage location, and determine the necessary measures for control and protection.

Permite avaliar a efetividade das diferentes camadas de seguran�a da informa��o, incluindo: programas antiv�rus, patching, e-mail, filtros, firewalls, monitoramento, MDM1 segmenta��o de ambientes l�gicos e f�sicos.

It allows analyzing the established controls, risks (acceptable or not), mitigation actions and contingency plans.

Specific policies and procedures for third-party access to the company's network, information, spaces, information systems.

Determines responsibilities and actions to be taken in the event of incidents to ensure continuity of business functions

Promotes understanding of policies and procedures, responsibilities, and establishing a culture of incident prevention

Benef�cios

Promotes the alignment of information security initiatives with strategic business objectives
Allows you to assess risks and vulnerabilities and define mitigation strategies and actions
Identifies existing gaps and improvement opportunities
Defines and prioritizes short, medium and long-term initiatives
Prevention of financial losses arising from incidents or penalties due to non-compliance (regulatory requirements)
Image and reputation risk prevention
Proactive stance (instead of the �fire fighters� firefighter stance)
It provides greater transparency, easier communication with the organization's executives, speeding up the approval of the necessary initiatives for the good management of information security in the company.

Cyber attacks

We list the results of research carried out recently in relation to the risks of cyber attacks that confirm the importance of information security planning.

In 2017, Brazil became the second country with the highest number of cybercrime cases in the world, affecting about 62 million people and causing a loss of US$ 22 billion. In the previous year, Brazil was in fourth place, but now it is only behind China. (Norton Cyber ??Security)
68% of business leaders believe the volume of cyber attacks is growing. (Accenture)
Hackers attack an average of 2,244 times a day or once every 39 seconds. (University of Maryland, USA)
The average to identify a breach in 2019 was 206 days. (IBM)
A total of $4 billion was the cost of the data breach incident at Equifax, a credit risk assessment firm. (Time Magazine)tion in 2019 was 206 days. (IBM)
In 2018, 10,573 suspicious applications were blocked per day on smartphones. (Symantec)

How can we help your company?

The initiatives to review the existing structure and information security planning can assume different objectives and varied scope, depending on the company's need. Below is an example that might apply to your business:

Revis�o da estrutura existente e planejamento

It offers business and IT leaders a risk assessment in the face of cyber-attack threats and identifies vulnerabilities in the existing structure, and presents an improvement plan, taking into account regulatory requirements, best market practices and alignment with the strategic objectives of the business.

Porque a Citrine Consulting?

Aware of the importance of information security planning work and the strong synergy with its practices, Citrine Consulting has established alliances with experienced professionals specialized in Information Security who are part of its team and add value to the strategic initiatives carried out with its Clients. . We believe that it is precisely by facing business challenges in all their dimensions, that is, business processes, information technology and people (workforce performance), in a coordinated effort, that we can contribute in a differentiated way for our Clients to maximize their results.