Topics In Demand
Notification
New

No notification found.

Cybersecurity and Privacy
Cybersecurity and Privacy

September 2, 2021

304

0

The ability to protect our sensitive information emanates from the term privacy, and security is the element of protection. Privacy cannot exist without security. While privacy in a broader sense deals specifically with the regulatory aspect to protect the company’s data, security is the technical feature rendering protection to the data. As soon as the data is entrusted to a company, the company has the incumbent obligation to be transparent and layer the corporate practices, procedures, and measures adopted to ensure the highest level of security. As most data breaches occur due to human error or technical inadequacy, education about security and data protection at both employee and customer levels are essential steps organizations need to take.

In 2018, the General Data Protection Regulation or GDPR came into force. In addition, the concern over cybersecurity is pushing countries to establish national privacy regulations. This marked a shift in approach towards cyber-security and privacy and how the organizations would manage and protect data.

There has a clear distinction between a privacy and security team within the organization, but the new privacy regulation and policies are diluting this, and both privacy and security personnel shall have to work together as a team. In the present perspective, the privacy professionals in the organization need to be accustomed to technical methods and security with legal compliance.

A dynamic tool for strategic decision making is always an “ as risk-based approach that is interactive as per industry practice. This approach helps decode the executive-led teams’ decisions about risk reduction. Many leading companies are shifting from a maturity-based cyber-security model to a risk-based model to optimize risk reduction.

Once the organization has a clear understanding of the approach to manage the cyber risk, it must communicate the same to the stakeholders. This works as a golden thread as all the components of the organization work in tandem by adding value to the risk management element. Enterprise leadership and the cyber-security team can identify and resolve the risk together along with other stakeholders. The entire organization, from the head to the frontline, would move about cohesively.  Various methods and models can be incorporated into the cyber-security and privacy framework for risk assessment. The most resilient mode of operation as per USA’s NIST (National Institute of Standard and Technology) is as below:

1. Identify the risk associated with data, assets, and systems – This refers to using quantitative risk analysis to identify data threats.

2. Adopt a protection mechanism while dealing with critical security services - The core of the cybersecurity protection mechanism is mitigating the risk and saving the assets.

3. Develop a detection mechanism to prevent cyber threats - Companies do this by strengthening the technology environment and replacing the traditional decision-making process.

4. Appropriately responding to the cyber-crime - It can be achieved through a cyber-security investment that would provide the most protection and least damage.

5. Restore any services or capabilities harmed or damaged by the detected incident - The Chief Information-security and Privacy officers and the development team should work together to restore the services as the Privacy and information security personnel have limited ability.

Cyber-security threats and privacy-related issues are two sides of the same coin, and these unforeseen threats continue to surface every other day. Therefore, cyber-security must be treated as a part of design thinking in this digital era. A seamless view should be taken to eliminate any vulnerabilities possessed by a traditional information security system, and security must be embedded as a core feature.

- This article has been written by Afreen Bano, Technical Architect, Pitney Bowes India.


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


Pitney Bowes (NYSE:PBI) is a global technology company providing commerce solutions that power billions of transactions. Clients around the world, including 90 percent of the Fortune 500, rely on the accuracy and precision delivered by Pitney Bowes solutions, analytics, and APIs in the areas of ecommerce fulfillment, shipping and returns; cross-border ecommerce; office mailing and shipping; presort services; and financing. For 100 years Pitney Bowes has been innovating and delivering technologies that remove the complexity of getting commerce transactions precisely right. For additional information visit Pitney Bowes at www.pitneybowes.com.

© Copyright nasscom. All Rights Reserved.