• The 10 most asked questions about Cyber Security

    We often receive calls and a lot of questions via our contact form, about training courses and certification related to Cyber ​​Security and GDPR. That’s why we’ve created this FAQ with the 10 most frequently asked questions.

    1. What is Security?

    Security is about protecting data, goods and persons against loss and damage. First of all, it is necessary to take sufficient internal measures to prevent computer failure as much as possible.

     

    In any case, minimum security measures include provisions against fire and burglary, access control (physical and software), backup procedures, external storage of backups, no-break and emergency power supplies and lightning protection. When securing data, the emphasis is on the following three things:

    1. Availability:                Accessibility of information when needed.
    2. Integrity:                     Correctness and completeness of information throughout the life cycle.
    3. Confidentiality:        Only access to data for those who need access.


    2. What is Cyber Security?

    Cyber ​​Security is that part of security that has to do with IT. Protection of goods and people is therefore not covered by Cyber ​​Security. Nevertheless, the overlap is increasing, for example, vehicle security and internet monitoring, RFID-chips on loads, etc.


    3. What do I have to do with (Cyber) Security?

    Everyone at work must deal with (Cyber) Security. Think of phishing e-mails, working with personal data, leaving documents at the printer, bragging in the pub about you’re work, working on a public network etc.


    4. Is it not expensive to secure everything?

    Aviation has a famous statement: "If you think safety is expensive, try having an accident." In other words, if something goes wrong, it often costs a lot of money in addition to reputation damage and perhaps lawsuits. Look critically at what you want to protect; not everything is equally business critical and needs the same assurance. A good BIA / Risk analysis is the beginning to determine what is needed.


    5. What is GDPR?

    GDPR stands for ‘General Data Protection Regulation’. GDPR is the new privacy law which will enter into force on May 25, 2018 and will include the use, storage and protection of personal data, as well as the reporting of data breaches. It is a tightening of the already applicable ‘law for the protection of personal information’ and applies throughout the European Union.


    6. How do I know what I need to do for the GDPR?

    Understanding what you are doing with personal data is an important first step. Secondly you have to see if the data is necessary, and if it’s well protected etc. It’s not an easy thing to do. Capgemini can help. With our Business Impact Analysis (BIA and DPIA) and GDPR-review we can help you with your first steps. With workshops for example.

     

    In addition, specifically tailored approaches are also possible. Get in touch with us if you would like to know more about that.


    7. What kind of roles and functions are arising?

    Because of the increasing need for Cyber ​​Security, upper management also pays more attention to the matter. For proper management, roles such as CISO (Chief Information Security Officer) and DPO (Data Protection Officer) are essential and sometimes mandatory for organizations. Ethical hacking and pentesting are also important focus areas.


    8. Which security training should I choose?

    This totally depends on the depth you desire. If you’re not working in IT, but if you do work with computers and personal data, ‘Awarenes’ courses are usually good enough for you. Are you a specialist in the field of cyber security or do you aspire to be? Then expert or certification courses are a must. Do you, for example, know enough about legal aspects because of the GDPR-compliance, or business risks and how to translate those into appropriate measures?

     

    We also have special courses for system architects, developers and builders. After all, Privacy by design is an important area of ​​attention at the GDPR.


    9. Which certificates do exist?

    The importance of certification has increased a lot in recent years. For Cyber ​​Security roles, CISSP is the most important certification. The CIPP/ E and DPO certifications are important from the GDPR perspective. CISM (Certified Information Security Manager) is also a much request certification.


    10. Which courses does Capgemini give?


    10.1 Awareness:


    10.2 Management


    10.3 IT-professionals