La ventana de AREM. Una herramienta estratégica y táctica para visualizar la incertidumbre

Los fundamentos de la administración de riesgos tradicional poco a poco se han venido debilitando frente a la dinámica, incertidumbre y ambigüedad de los entornos de negocio. Lo que antes era medianamente viable anticipar, ahora es prácticamente imposible establecer un análisis certero que permita ofrecer orientación y claridad sobre qué hacer frente a una situación particular. En este sentido, se introduce la ventana de AREM, cuyo objetivo es ampliar la capacidad de conocimiento del entorno y facilitar una toma de decisiones informada sobre las oportunidades y retos empresariales, buscando ajustar la práctica actual de la administración de riesgos en un mundo dominado por las redes sociales, la computación en la nube, los dispositivos móviles y la información instantánea

Cultura Triple "A" como facilitador de la transformación digital. Primeros resultados empíricos

The digital transformation has become the new mantra for 21st century organizations. In this sense, the academy has made different efforts to establish the best way to make it a reality, with customer expectations and technological convergence at the centre. Therefore, recent research highlights the different key elements needed to mobilize a digital transformation, but few of them focus on reviewing the context of the culture needed to achieve it. In this sense, an exploratory instrument based on the triple "A" culture was designed and applied in some groups in Colombia, whose preliminary results are reported in this document

Estudio de la evolución de la Gestión de incidentes de seguridad informática en Colombia: 2010-2020

The evolutive study of information security incidents in Colombia is an effort made by the Colombian Association of Systems Engineers (ACIS), which for more than 10 years has been applying a national information security survey in order to study and understand the evolution of information security in the Colombian context. The analysis of the results of the last 10 years on the subject of incidents shows the most relevant trends in the country, based on the number of incidents, the types of incidents and how their presence in the organizations is noticed. The reflections that are proposed for each of these elements are contrasted with the readings of international reports in order to situate the specific challenges of the companies in the different sectors of the Colombian industry. El estudio evolutivo de los incidentes de seguridad informática en Colombia es un esfuerzo realizado por la Asociación Colombiana de Ingenieros de Sistemas (ACIS), quien durante más de 10 años ha venido aplicando una encuesta nacional de seguridad de la información con el fin de estudiar y entender el comportamiento de la seguridad en el contexto colombiano. El análisis de los resultados de los últimos 10 años en la temática de incidentes muestra las tendencias más relevantes en el país, basadas en la cantidad de incidentes, los tipos de incidentes y cómo se advierte su presencia en las organizaciones. Las reflexiones que se plantean para cada uno de estos elementos se contrastan con las lecturas de reportes internacionales con el fin de situar los retos concretos de las empresas en los diferentes sectores de la industria colombiana

Modelo de Ciberseguridad para el Sector Logístico y Transporte Terrestre

The increase in the use of information technologies and the automation of processes in companies in the logistics and land transportation sector means that the cyber risks to which they are exposed are increasing, due to the fact that within their operations they share and process large volumes of information between interconnected systems to maintain their service offerings. This has become the challenge for this sector to develop capabilities to maintain the operation of its logistics cycle when it is under adverse cybernetic conditions. This document proposes a model for companies in the logistics and ground transportation sector to establish a level of cyber resilience that seeks to maintain the capacity of their logistics operations even when under cyber-attack. Likewise, explains its application in a representative company of the sector in Colombia to illustrate to companies in the sector a way to manage the causes and effects of any adverse cyber event

Design of a Purple Team for the Colombian Financial Sector Focused on Stock Brokerage Companies (SBK)

Private and public sector companies are suffering cyber attacks globally, so the need to invest in cybersecurity has become a priority. In this sense, several supervisors have formulated regulations around cybersecurity, with a particular emphasis on banks and their challenges but not much on the Stockbrokers (SBK) entities that are the subject of this research work. Although one of the most common methodologies is the simulation of offensive (red team) and defensive (blue team) security, purple teams are emerging as an alternative that enables a broader spectrum of learning and analysis for companies, particularly SBKs This article details a methodological guide for the design and implementation of a purple team in SBKs in order to strengthen cybersecurity governance in the face of contemporary cyber threats. En la actualidad, las empresas del sector privado y público están sufriendo ataques cibernéticos a nivel global, por lo cual, la necesidad de invertir en ciberseguridad se ha convertido en un aspecto prioritario. En este sentido, varios supervisores han formulado regulaciones entorno a la seguridad cibernética, con un énfasis particular en los bancos y sus retos, pero poco sobre las Sociedades Comisionistas de Bolsa (SCB) entidades objeto de este trabajo de investigación. Si bien, una de las metodologías más frecuentes es la simulación de seguridad ofensiva (equipo rojo) y defensiva (equipo azul), los equipos morados se abren paso como una alternativa que habilita un mayor espectro de aprendizaje y análisis para las empresas particularmente las SCB. Este artículo detalla una guía metodológica para diseño y puesta en operación de un equipo morado en las SCB con el fin de fortalecer el gobierno de ciberseguridad frente a las amenazas cibernéticas contemporáneas. Atualmente, empresas dos setores público e privado estão sofrendo ataques cibernéticos em todo o mundo. Portanto, a necessidade de investir segurança cibernética tornou-se uma prioridade. Neste sentido, vários supervisores formularam regulamentações em torno da cibersegurança, com ênfase particular nos bancos e seus desafios, mas pouco nas corretoras de valores (SCBs), as entidades que são o objeto desta pesquisa. Enquanto uma das metodologias mais comuns é a simulação de segurança ofensiva (equipe vermelha) e defensiva (equipe azul), as equipes roxas estão surgindo como uma alternativa que permite um espectro mais amplo de aprendizagem e análise para as empresas, particularmente as SCBs. Este artigo detalha um guia metodológico para a concepção e implementação de uma equipe roxa nas SCBs, a fim de fortalecer a governança da cibersegurança diante das ameaças cibernéticas contemporâneas

Diseño de un equipo morado para el sector financiero colombiano enfocado en las Sociedades Comisionistas de Bolsa (SCB)

Currently, private and public sector companies are suffering cyber attacks globally, so the need to invest in cybersecurity has become a priority. In this sense, several supervisors have formulated regulations around cybersecurity, with a particular emphasis on banks and their challenges, but not much on the Stockbrokers (SBK) entities that are the subject of this research work. Although one of the most common methodologies is the simulation of offensive (red team) and defensive (blue team) security, purple teams are emerging as an alternative that enables a broader spectrum of learning and analysis for companies, particularly SBKs This article details a methodological guide for the design and implementation of a purple team in SBKs in order to strengthen cybersecurity governance in the face of contemporary cyber threats

Reflections and challenges for the academy in the training of security/cybersecurity professionals in Colombia: 2010 – 2020

The evolutionary study of the role of the academy and its challenges in the training of security/cybersecurity professionals in Colombia is an effort made by the Colombian Association of Systems Engineers (ACIS in spanish), which for more than 20 years has been applying a national information security survey in order to study and understand the behavior of security in the Colombian context. The analysis of the results of the last 10 years in the selected topic shows the most relevant trends in the country, based on the challenges that the academy has faced in the formation of security/cybersecurity programs, as well as the data related to the creation of training programs in security/cybersecurity registered by the Ministry of National Education. The reflections that are raised reveal, among others, the most outstanding challenges such as research levels, required infrastructure and strategic alliances, which are contrasted with the readings of international reports and research articles in order to place some concrete proposals for higher education institutions in Colombia in this area. El estudio evolutivo del rol de la academia y sus retos en la formación de profesionales seguridad/ciberseguridad en Colombia es un esfuerzo realizado por la Asociación Colombiana de Ingenieros de Sistemas (ACIS), quien durante más de 20 años ha venido aplicando una encuesta nacional de seguridad de la información con el fin de estudiar y entender el comportamiento de la seguridad en el contexto colombiano. El análisis de los resultados de los últimos 10 años en la temática seleccionada muestra las tendencias más relevantes en el país, basadas en los retos que ha tenido la academia en la formación de los programas de seguridad/ciberseguridad, así como los datos relacionados con la creación de programas de formación en seguridad/ciberseguridad registrados por el Ministerio de Educación Nacional. Las reflexiones que se plantean revelan entre otros, los desafíos más destacados como son los niveles de investigación, la infraestructura requerida y las alianzas estratégicas los cuales se contrastan con las lecturas de reportes internacionales, y artículos de investigación con el fin de situar algunas propuestas concretas para las instituciones de educación superior en Colombia en esta temática. O estudo evolutivo do papel da academia e seus desafios na formação de profissionais de segurança/cibersegurança na Colômbia é um esforço da Associação Colombiana de Engenheiros de Sistemas (ACIS em espanhol), que há mais de 20 anos aplica uma pesquisa de segurança da informação para estudar e compreender o comportamento da segurança no contexto colombiano. A análise dos resultados dos últimos 10 anos no tema selecionado mostra as tendências mais relevantes no país, a partir dos desafios que a academia tem enfrentado na formação de programas de segurança/cibersegurança, bem como os dados relacionados à criação de programas de formação em segurança/cibersegurança registados pelo Ministério da Educação Nacional. As reflexões que se levantam revelam, entre outros, os desafios mais marcantes como níveis de pesquisa, infraestrutura necessária e alianças estratégicas, que são contrastadas com as leituras de relatórios internacionais e artigos de pesquisa para colocar algumas propostas concretas para instituições de ensino superior na Colômbia nesta área

Confianza digital

Estamos viviendo una transformación digital que impacta casi toda nuestra cotidianidad, desde la forma en la que nos comunicamos y trabajamos hasta la manera en cómo tomamos decisiones. El mundo ya no está limitado por fronteras geográficas y el Internet de las Cosas, la Inteligencia Artificial, la analítica de los grandes datos, entre otros, están cambiando el mundo en el que vivimos. Esta revolución crea nuevos retos, como por ejemplo la ciberseguridad, si toda la información y las comunicaciones están digitalizadas, debemos proteger tanto los datos como las comunicaciones y el no hacerlo puede tener un impacto muy costoso para la sociedad, desde el punto de vista del derecho a la privacidad y a la honra y el buen nombre, los derechos de propiedad intelectual, la protección de los ciudadanos, entre otros

An effective cybersecurity training model to support an organizational awareness program: The Cybersecurity Awareness Training Model (CATRAM). A case study in Canada

Traditional cybersecurity, security or information security awareness programs have become ineffective to change people’s behavior in recognizing, failing to block or reporting cyberthreats within their organizational environment. As a result, human errors and actions continue to demonstrate that we are the weakest links in cybersecurity. This article studies the most recent cybersecurity awareness programs and its attributes. Furthermore, the authors compiled recent awareness methodologies, frameworks and approaches. The authors introduce a suggested awareness training model to address existing deficiencies in awareness training. The Cybersecurity Awareness TRAining Model (CATRAM) has been designed to deliver training to different organizational audiences, each of these groups with specific content and separate objectives. The authors concluded their study by addressing the need of future research to target new approaches to keep cybersecurity awareness focused on the everchanging cyberthreat landscape. Copyright © 2019, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited