search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
W


ith the General Data Protection Regulations (GDPR) coming into


force in May 2018, we asked leading security professionals on their views.


Will this bring about a step change in our approach to securing data?


What other factors will impact cyber security in 2018?


Don Randall, MBE, CSyP Chairman City of London Crime Prevention Association


The security industry has to understand, interpret and practise the intention of


GDPR: it should not inhibit the gathering and sharing of data, providing cyber security hygiene measures are in place. Technological advances and business imperatives will mean there is ever more data, and ever more sharing, but this must be done abiding by the rules around the security and retention of data.


John Unsworth Chief Executive London Digital Security Centre (LDSC)


The implementation of GDPR can only be a good thing for the protection of


data and helping to drive a shift in how many organisations obtain, store and use personal information.


Will GDPR be the step change in our approach to securing data? On its own, I don’t think so. The security of personal information requires more than just a new regulation; it requires consumers and organisations to realise just how valuable data is to the ever-increasing number of cyber criminals and to take all precautions within their power to protect it.


It requires businesses to appreciate the role they have in keeping consumers safe, and looking after the sensitive information they request from every consumer. It requires consumers to demand from businesses, What are you doing with my data?


10 © CI TY S ECURI TY MAGAZ INE – WINT ER 2017


How are you using it? How are you storing it? How are you keeping it safe?


It needs all procurement processes to have the security of information as a key consideration before entering into contracts with third parties.


The security of data requires everyone to do their bit, and not just leave it with the IT department.


Jean-Philippe Deby Business Development Director Genetec


Given the unique challenges involved in terms of GDPR, surprisingly


little has been devoted to the process of ensuring compliance for the operation of video surveillance, access control and other physical security systems. Any public or private organisations using CCTV to monitor public accessible areas should be concerned and operators need to focus on adopting privacy by design.


Under the terms of the EU GDPR, data that is anonymised or pseudonymised is classified as lower risk. The appropriate use of encryption and automated privacy tools is, therefore, a logical first step. For example, video redaction that blurs out people’s faces in video unless there is a legitimate reason to reveal their identity can minimise the dangers of having security cameras deployed in public spaces.


Don’t forget, owners of on-premises video surveillance, access control or ANPR systems are responsible for all aspects of EU GDPR compliance, including securing access to the systems and servers storing the information. However, by working with an approved cloud provider it is possible to offload some of these responsibilities and significantly reduce the scope of activities required to ensure compliance. It is also highly cost-effective.


Nevertheless, it is important to realise that it isn’t a full abdication of responsibility. You remain accountable for ensuring data is classified correctly and share responsibility for managing users and end-point devices.


Vicki Gavin Chair Women’s Security Society


GDPR is the marriage of privacy and security, where privacy covers all aspects of the use and maintenance of


personal information and security ensures the personal data has been appropriately protected.


Achieving this will require a diverse set of skills, and while convergence to a single point of control would seem to be the answer, it


www. c i t y s e c u r i t yma g a z i n e . com


doesn’t really address the variety of different specialist skillsets required to deliver such a complex set of controls.


An holistic approach is required with close partnership between all of the security functions. I am sure this will lead to contention for the small number of individuals who are able to demonstrate that they already have both cyber security skills and privacy skills. As there are clearly not enough of these people to go around, we really need to get a lot smarter about recruiting and retaining talent.


If we look at the world of cyber security today, we can extrapolate and get a picture of what the future will likely hold. But this doesn’t have to be. If we look at today’s practices, we can identify a number of opportunities for improvement:


• Avoid qualification creep, identify the minimum qualifications required,


• Review the minimum qualifications for bias and eliminate it,


• Review CVs to include rather than exclude candidates,


• Assemble a diverse interview panel, and • Retain good candidates through ongoing development.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32