Application security

Application security is a broad topic that covers software vulnerabilities in web and mobile applications and application programming interfaces (APIs). These vulnerabilities may be found in authentication or authorization of users, integrity of code and configurations, and mature policies and procedures. Application vulnerabilities can create entry points for significant Information security breaches. Application security is an important part of perimeter defense for Information security.

Cloud security

Cloud security focuses on building and hosting secure applications in cloud environments and securely consuming third-party cloud applications. “Cloud” simply means that the application is running in a shared environment. Businesses must make sure that there is adequate isolation between different processes in shared environments.

Cryptography

Encrypting data in transit and data at rest helps ensure data confidentiality and integrity. Digital signatures are commonly used in cryptography to validate the authenticity of data. Cryptography and encryption has become increasingly important. A good example of cryptography use is the Advanced Encryption Standard (AES). The AES is a symmetric key algorithm used to protect classified government information.

Infrastructure security

Infrastructure security deals with the protection of internal and extranet networks, labs, data centers, servers, desktops, and mobile devices.

Incident response

Incident response is the function that monitors for and investigates potentially malicious behavior.

In preparation for breaches, IT staff should have an incident response plan for containing the threat and restoring the network. In addition, the plan should create a system to preserve evidence for forensic analysis and potential prosecution. This data can help prevent further breaches and help staff discover the attacker.

Vulnerability management

Vulnerability management is the process of scanning an environment for weak points (such as unpatched software) and prioritizing remediation based on risk.

In many networks, businesses are constantly adding applications, users, infrastructure, and so on. For this reason, it is important to constantly scan the network for potential vulnerabilities. Finding a vulnerability in advance can save your businesses the catastrophic costs of a breach.

Personal Data Protection Regulation (GDPR) aims to protect the fundamental rights and freedoms of people, particularly the privacy of private life, and to regulate the obligations of those who process these data. From the date of 07.10.2016, this law brings many responsibilities for all organizations that process personal data.

What will change with GDPR?

Administrative fine between 5.000 and 1.000.000 TL  and prison sentence

Required technical and administrative measures to ensure data security

Responsibility of systematically identifying data responsible for data processing companies

All organizations that process personal data are affected by this regulation without any discrimination

Sata can not be processed without explicit consent of individuals

In case of request for information, companies have to give information to the GDPR institution within 15 days

What Personal Data Does Your Business Need To Protect?

• Personal information of employees (identification, address, date of birth, etc.)
• Personal information of customers / patients / guests (marketing databases, health records, contact lists)
• Non-public personal data of business partners and service providers
• Personal information transferred to third parties (accounting records, credit registers, direct marketing)

How Can You Keep Your Data Safe For GDPR Compliance?

Data control

Companies have to know how to use all the data they own. Where the data with sensitive content is moved, who uses this data and for what purpose kind of requirements should be viewed continuously.

Employee training

Each employee should know what data should be used. Companies can set data usage limits by informing employees about security policy.

Data usage rules

Companies must establish clear rules about who can work with personal data. These rules should not remain on paper and should be applied effectively.

Encryption

All data containing personal information must be encrypted. Companies must inform the use of encryption to entire company, including endpoints.

Data Leakage Prevention (DLP)

Preventing data leakage should be implemented effectively and should cover all communication channels. Removable devices such as e-mail, printers, USB, DVD and other communication channels should be controlled to ensure that only certain data can be out of the company.