Charmaine Valmonte is a seasoned security industry professional specializing in the areas of Information Security, Government Liaison, Disaster Recovery, IT Security, Risk & Compliance, IT Governance, Security Operations and Threat Intelligence areas. She boats of an extensive career spanning over 24 years during which she has been associated with a variety of companies such as UnionBank of the Philippines, IBM, and ADP, along with being a retired Major in the US Army.
In conversation with Prisila, Correspondent, Asia Business Outlook Magazine. Charmaine emphasized the need for organizations to adapt cybersecurity frameworks to evolving business needs and technology, highlighting the significance of a Zero Trust approach and compliance with data protection regulations such as GDPR or HIPAA.
Organizations must continuously update their standards and analyze their current positioning with reference to the standard that is applicable to their business operations
Tell us about the common challenges organizations face while implementing cybersecurity frameworks within their systems and processes.
One of the key challenges while implementing cybersecurity standards is the presence of large number regulatory frameworks. To tackle this challenge, companies must follow one particular standard or framework - be it ISO 27001 Cybersecurity framework, CIS or having a 'Zero Trust' policy in place. Once you select a particular standard, you need to ensure that you have an in-house compliance team that will constantly keep a check on whether the chosen framework is being complied with across processes and functions. Also, companies must ensure that they always on track of the standards as they mature and have new requirements and feed them into their program manuals for hassle-free operations going forward.
How can organizations ensure that their cybersecurity frameworks remain adaptable to changing business needs and technology landscape?
Organizations must continuously update their standards and analyze their current positioning with reference to the standard that is applicable to their business operations. Also, they must practice this as a continuous ongoing process and not treat it as a one-time thing. This way businesses can stay aligned with the changing market dynamics and ever-evolving tech landscape.
"Having a Zero Trust strategy enables organizations to protect the identity of both the users and the systems, while simultaneously being able to constantly monitor all the access privilege authorizations"
Explain the importance of following a Zero Trust approach and complying with data protection regulations like GDPR or HIPAA.
While GDPR mainly relates data privy and data protection, HIPAA relates to specifically protecting information related to healthcare. On the other hand, Zero Trust approach is applicable to all kinds of environment across every single business model in any given situation. Having a Zero Trust strategy enables organizations to protect the identity of both the users and the systems, while simultaneously being able to constantly monitor all the access privilege authorizations. The concept of data protection comes into picture when the company is handling any kind of data that relates to an individual's identity. Thus, it is paramount for businesses to encrypt this kind of data both while sharing and storing it. As you go through your architecture and service environment, it is important to ensure that you follow the Zero Trust methodology, which essentially means trusting no one, always verifying the identity of all users & systems before providing access to sensitive data.
What impact can AI/ML technologies have on enhancing the effectiveness of cybersecurity frameworks within an organization?
One of the key things that AI/ML can do with reference to regulatory compliance and frameworks is enabling the organizations to utilize these standards, incorporate them through AI/ML within your infrastructure and map your configurations across the entire process to be able to monitor your compliance towards those standards. For instance, if you are following the Cybersecurity Framework that relates to identify, protect, detect, respond and recover, then there are specific control items that you can integrate with AI /ML to understand the compliance levels of your systems & application in accordance to that particular framework. This is where AI/ML can assist organizations in analyzing their infrastructure using different frameworks and offer updated real time score against the standards that are being practiced.
We use cookies to ensure you get the best experience on our website. Read more...