EDITOR ’ S QUESTION

This newfound impetus is largely due to regulations and guidelines such as General Data Protection Regulation ( GDPR ), which regulates law on data protection and privacy in the European Union ( EU ) and the European Economic Area ( EEA ).

It also addresses the transfer of personal data outside the EU and EEA areas . That ’ s why , when African businesses want to trade with European companies , they often seek the advice of their local legal or audit organisations , who are then ideally placed to promote the advantages of cybersecurity systems and solutions related to the legislation . It is rare that they turn first to an ICT organisation or systems integrator , which would usually have practical experience , skills and certifications in cybersecurity and protecting data .

Clearly , there are important security policy considerations that CIOs , CISOs and information security teams should be making before rolling out a SOC . of the business by orchestrating integrated and automated solutions with skilled human oversight .

However , many organisations invest in technology and the right mechanisms , but they do not necessarily have the skills and procedures in place to provide the cybersecurity they need . It is like handing a gun and a two-way radio to a receptionist with instructions to guard the company perimeter . It ’ s ludicrous . Yet , that ’ s what many companies are in fact doing when they ask their desktop administrator to implement and operate their cybersecurity solution .

Cybersecurity must be integrated , and it must be placed in the hands of sufficiently skilled operators . It must be properly implemented and continually updated . It must be monitored with the correct mediation and remediation . It ’ s no good that a security system tells you a window has been broken at the back of your property . You need someone , properly equipped and trained , to go back there and check it out .

A SOC is more than merely buying a set of tools . It is underlined by a strategy based on a proven framework , it is managed , and serviced by skilled analysts and cybersecurity engineers 24 by 7 by 365 .

For example , when you bake a cake you need a recipe , ingredients , and at least one oven . You wouldn ’ t then bake a cake by first heating the oven , shopping for each ingredient in turn as you mix it , before placing the mixture in the oven . It could take days , many trips to the shop , and enormously waste whatever fuels your oven , potentially ruining it in the process .

The online nature and interconnectedness of financial transactions today present many cybersecurity risks . Financial services is a sector firmly in the crosshairs of hackers . A SOC is intimately linked to the bread and butter of financial institutions . p

Similarly , SOCs benefit from well thought out , systematic approaches that consider the business processes , personnel , markets and infrastructure . Effective SOCs are developed in concert with regulatory requirements and legislative guidelines . CIOs , CISOs and infosec teams combine the people , processes , and technology to support the risk appetite

CALLIE VAN VUUREN , GM , CYBERSECURITY , NEC XON

www . intelligentcio . com INTELLIGENTCIO AFRICA 29