050_EETE

EETE JULAUG 2012

LAST WORD New EU Data Directive will Publisher André rousselot +32 27400053 drive turning point for security andre.rousselot@eetimes.be editor-in-Chief Julien happich By Shaul Efraim +33 153907865 julien.happich@eetimes.be ThE EUROPEAN COMMISSION is quarterly or annually, depending on the editors planning a raft of new directives on data business sector. Some organizations also nick flaherty security that commentators say will come perform more regular internal checks, but +44 7710236368 to be seen as an important turning point. the design of these is open to interpre- nick.flaherty@eetimes.be The New 24-hour data breach disclosure tation and their frequency varies from Christoph hammerschmidt rules are a golden opportunity for orga- organization to organization. +49 8944450209 nizations willing to embrace automation. The reality of the data breach Directive chammerschmidt@gmx.net The Directive includes a number of tough is that administrators could be asked to ContributinG editors new provisions on data handling, but the audit their security stance at any moment Paul buckley element that will give security profes- in time as a breach is uncovered, with +44 1962866460 sionals the most immediate only a few hours’ notice. paul@activewords.co.uk anxiety is the insistence Referring back to an audit Jean-Pierre Joosting that organizations doing possibly months or weeks +44 7800548133 business in the 27-nation in the past will be useless; jean-pierre.joosting@eetimes.be EU zone inform national CISOs will require an over- information commissioners view of security policies, CirCulAtion & finAnCe of data breaches affecting compliance and data pro- luc desimpel consumers or citizens within tection that reflects what is luc.desimpel@eetimes.be 24 hours, or risk heavy fines happening at the moment AdvertisinG ProduCtion & for not doing so. This is a the request is made. This rePrints radical jump. having been makes complete sense - lydia Gijsegom under little or no obligation can any company possibil- lydia.gijsegom@eetimes.be to formally disclose a data ity understand its security breach in most EU countries, “For the first time state using an audit that Art MAnAGer companies will suddenly be is possibly months out of Jean-Paul speliers required not only to inform everyone will be playing date? here the Directive ricardo Pinto ferreira some detail on an acceler- by the same rules based of discipline organizationsGimposes an important levelthe authorities but do so inountinCC A ated timescale. Moreover, on a swift response” should welcome. reGionAl AdvertisinG the change will affect not What such continuous rePresentAtives only companies in the EU but those doing auditing does do is render manual assess- Contact information at: business in it, making the Directive the first ment impractical. The solution - auto- http://www.electronics-eetimes.com/en/ de facto global data breach law. mated auditing in real time – goes from about/sales-contacts.html Informing the authorities that a breach being a useful convenience to an essential has been discovered sounds straightfor- component of any security infrastructure. ward but assuming administrators have Today, realtime security and auditing evidence that something has gone awry, requires that organizations integrate infor- european do they have the tools to say precisely mation from multiple types of hardware business press what without delay? What sort of report- system, and across a range of vendors EuropEan BusinEss prEss sa ing systems do they have to explain the that generate reports through proprietary 144 Avenue Eugène Plasky extent of a breach? Do possible security management consoles. On top of this any 1030 Brussels - Belgium failures have any regulatory and legal reporting infrastructure must also make Tel: +32 (0)2 740 00 50 consequences and if so, what? A major sense of the flow of security data from Fax: +32 (0)2 740 00 59 consequence of this development is that different elements of the system, compar- www.electronics-eetimes.com old-fashioned periodic, manual secu- ing this to a set of security policies. At any VAT Registration: BE 461.357.437 rity audits and the manual configuration moment, security managers must be able RPM: Brussels processes that underlie them should be to react quickly when a particular setting Company Number: 0461357437 viewed heading for obsolescence. infringes the policy and have the means to © 2012 e.b.P. sA Currently, security is often measured describe what action was taken and why. for regulatory and compliance purposes A key issue is whether this change ELECTRONIC ENGINEERING TIMES EUROPE is published 11 times in 2012 by European Business Press SA, 144 through an external audit that takes place from causal to mandatory and continuous Avenue Plasky, 1030 Bruxelles, Belgium Tel: +32-2-740 00 50 Fax: +32-2-740 00 59 auditing will be viewed positively by the email: info@eetimes.be. VAT Registration: BE 461.357.437. RPM: Brussels. Volume 14, Issue 07 EE Times P 304128 Shaul Efraim is Vice President of people tasked with putting it into practice, It is is free to qualified engineers and managers involved in engineering decisions – see: http://www.electronics- products, marketing and business the security professionals themselves. eetimes.com/subscribe development at Tufin Technologies - This is the biggest unknown of the data Copyright 2012 by European Business Press SA. All rights reserved. P 304128 www.tufin.com breach Directive. 50 Electronic Engineering Times Europe July/August 2012 www.electronics-eetimes.com


EETE JULAUG 2012
To see the actual publication please follow the link above