IT management professional by day, daydreamer by night
I was elected the “Membership and Communications Director” of the Board in the elections that took place online on March 31, 2021 at ISACA Ankara Chapter General Assembly Meeting.
31 Mart 2021 tarihinde online olarak gerçekleşen ISACA Ankara Chapter genel kurulunda gerçekleştirilen seçim sonucunda yönetim kuruluna “Üyelik ve İletişim Direktörü” olarak girmiş bulunmaktayım.
Lostar Bilgi Güvenliği, Siber Güvenlik Farkındalık Ayı çalışmaları kapsamında daha önceden Güvenli Günler Bülteni‘nde yayınlanan yazımdan bir parça yayınlayarak beni de onurlandırdı. Teşekkürler Lostar.
ISACA, ülkemizde de KVKK ile günden güne daha fazla önem kazanan verilerin korunması konusuna yeni sertifikasyonu ile farklı bir boyut açtı.
Şu anda 80 ülkenin veri koruma yasası çıkardığını ve 2023 yılına kadar dünya nüfusunun %65’inin veri koruma yasalarına tabi olacağını düşündüğümüzde konunun ciddiyetini daha iyi anlayabiliriz.
CDPSE sertifikası, 3 ana başlıkta yetkinlik ve tecrübenizi belgelendirmenizi sağlıyor:
Bilgi güvenliği ve özellikle “Kişisel Verilerin” / “Verilerin” korunması üzerine çalışıyorsanız yetkinliklerinizi dünya çapında geçerli bir sertifika ile belgelendirmenin yolu CDPSE’den geçiyor.
Daha fazla bilgi için tıklayınız…
![GüvenliGunlerBulteni-Erdem-Aksoy-0620[1]](https://erdemaksoyorg.files.wordpress.com/2020/06/gc3bcvenligunlerbulteni-erdem-aksoy-06201.png)
Güvenli Günler Bülteni‘nde yayınlanan yazımı okumak için tıklayınız…
As the world is struggling with the Corona virus (COVID-19) pandemic, the security folks are struggling with something else: Securing the remote business… We have been so busy with securing our systems from the viruses that we could not see that a natural virus could cause more problems than the digital ones.
Working remotely was not an option for many companies or not for every position so most of the companies were caught off guard. Many of us were just not ready to transform the business this fast but it’s happening folks and here are some of the concerns you should take into consideration:
1. Security Issues on Mobile Devices
It’s easy to secure your employees’ devices when they are inside your network, under your firewalls but is it the same when they connect from home?
VPN is not the solution for every connection, what if the employee connects to some unsecure site, you never know. Things get more complicated when the employees use their own devices for work.
All you can do is to increase the awareness of the employees and put some strict rules for those you can control, such as strong password policies and access management.
2. Issues with Backup and Recovery
Data loss can be a huge problem for remote business and the problem is bigger if the employees are using their own devices for business.
There are quite good backup and recovery solutions in the market, you can use them secure the data in a centralized backup and recovery system or you can simply make the employees take their own local backups but being on cloud seems to be the best solution for this issue.
![cloud-backup[1]](https://erdemaksoyorg.files.wordpress.com/2020/03/cloud-backup1.jpg)
3. Issues related to Shadow IT
End-users usually tend to use their practical solutions and they use anything possible once they are out of your control.
Shadow IT has been a pain in the neck for many years, users want to use some free applications for which they have no idea of the security concerns.
It used to be easy when the only way to use an application was to install it on your computer and only IT could install software to the corporate PC’s but it is a dilemma when you can use cloud services from home.
The level of security awareness just becomes more important related to shadow IT solutions. End-users must think like security analysts when they are deciding to use an application other than the corporate’s assets and decide not to use if possible.
![shadowIT-light[1]](https://erdemaksoyorg.files.wordpress.com/2020/03/shadowit-light1.png)
There are many more security issues for remote business and it usually comes to the point where the end-users must be aware of the security risks and act accordingly.
Security awareness training programs must be updated with the use cases that we are facing at this coronavirus transformation and companies should invest more on training the employees in order to protect themselves.
Stay home, stay secure!
ISACA Ankara Chapter olarak Tofaş‘ın ev sahipliğinde EY‘ın katkılarıyla düzenlediğimiz yönetişim, risk, uyum, denetim ve siber güvenlik konulu GRCAC Day Bursa semineri 7 Şubat 2020’de Tofaş Akademi Doğu Kampüsü’nde gerçekleşti.
The 4th in a successful series of exclusive Cyber Security for Critical Assets Summits in the MENA region, that brings together the region’s industry leaders to discuss and create best practice industry guidelines. The CS4CA MENA Summit is brought to you by Qatalyst Global.
