Cybersecurity PLM (Planning, Laws, Management) in a Post COVID World

Cybersecurity PLM (Planning, Laws, Management) in a Post COVID World

Emeritus Professor William (Bill) Caelli, AO
FACS, Fellow ISC2, Hon CISM

The world has changed as a result of the COVID-19 pandemic. With this, the business environment for both the private and public sectors alike has urgently followed in response. Businesses went “on-line” at all levels often over the open, public Internet. The systems used at both the consumer/client and the business/server ends now must face massively heightened threats to confidentiality, integrity, and availability (CIA).

Thus, business trust and confidence in “going on-line” must be largely constrained and modified by the fact of usage in many business cases of systems designed and aimed to be used and operated in a past era of a more trusted information and communications technology (ICT) environment. Moreover, business users are now even faced with usage and even dependence upon ICT products, systems, and services not really designed or developed for critical business operations including the home-based personal computer (PC) connected to business servers via Internet data communications/Internet service providers (ISPs). In addition, attacks on such systems have massively grown in number over a short period with the level of the sophistication of those attacks likewise massively advanced and deployed at criminal as well as nation-state levels.

Globally there has been a notable response by governments through the creation of a more regulatory regime for cybersecurity in both public and private sector operations. These have associated and enhanced legal/societal responsibilities now placed on enterprise management, particularly in the nations of the European Union (EU) and the USA, but also elsewhere including in Australasia and SE Asia.

In fact, the business must now utilize standards for information security risk assessment and management that can clearly outline perceived threats, identify vulnerabilities and propose appropriate countermeasures. In turn, this identification of the threat/countermeasure situation must address the CIA imperative through knowledge and installation of necessary cybersecurity technologies and their associated management processes with relevant personnel involvement.

Overall, this places obligations on business management to understand and plan for compliance under any national or international laws and regulations that are aimed at the governance of information systems. An example includes the emerging legal responsibility for data breach notification to affected parties by management should that occur. Further legislative requirements must be expected in response to the heightened levels of attacks on information systems globally as a result of business responses to the COVID pandemic.

 

How to Get Involved

RPH seeks to engage widely with decision-makers from governments, businesses, the not-for-profit sector and communities. 

A Not-for-profit Think Tank, established with an aim to engage widely with decision-makers from government, businesses, the not-for-profit sector and communities to create impact policy in the larger interest of the society.

Quick Contact

Copyright ©  Research & Policy House - All Rights Reserved - 2024

download

How to get involved

RPH seeks to engage widely with decision-makers from governments, businesses, the not-for-profit sector and communities. You can make contact with RPH by: info@policyhouse.org.au