Updating the legal framework in Central America will help guarantee data confidentiality. But in order for companies to face growing vulnerabilities and risks, any internal policies or regulations that they establish must be complemented with appropriate technology. In El Salvador and the rest of the region, companies are rethinking their security strategies, including controls, policies, work regulations and internal processes. These new security measures are driven by the evolution of technology, IT security incidents and industry growth.
As far as security policies are concerned, seven out of 10 companies in Central America claim to have them in place, defining how employees should behave regarding the use of the company's IT resources, as well as how to manipulate information according to its confidentiality. With regard to the classification of information, analysts consider that this area requires further work, since only three out of 10 companies have an information classification policy. Not knowing what information is valuable to the company or who should access it causes complications for the teams in charge of protecting it.
In information security, the aim of the protection is to guard the data and avoid losses and unauthorised modification. Protection must first and foremost ensure the confidentiality, integrity and availability of data.
Organisations have to ensure that the security processes implemented in the entity are feasible. In other words, they must be sure that they technically work and serve their purpose, that they are embedded in business processes, and that people respect them. It is essential that they are supported, and approved by the management, because otherwise they lose their credibility. It also means that they must be designed in such a way that they do not paralyse or hinder operational processes because they must support the fulfilment of the organisation's mission, not prevent it.
Because the implementation of measures is not an isolated, single task but a continuous process, the management and maintenance of the measures must be integrated into the business operations, supported by rules and regulations that legalise their application, with sanctions in cases of non-compliance.
Consortium Legal continuously strengthens its practice areas, maintaining itself at the forefront of technological advances with complementary practice areas in data protection, new technologies, IT security, digital crime and corporate compliance.
|María Alejandra Tulipano Illueca|