ISO Standards , NIST Standards , Standards, Regulations & Compliance
APAC Security Organizations in the Era of Digital Trust3 Experts Discuss Value of Frameworks, Industry Certifications and Standards
Security organizations in the APAC region need to adopt widely recognized frameworks to consistently ensure digital trust and protect privacy, according to a panel of experts from the APAC region. Industry certifications are a good investment for improving security programs and business resilience, according to Syahraki Syahrir, CEO and partner at Veda Praxis; Sithira Wanniarachchi, mentor with ISACA Sri Lanka; and Goh Ser Yoong, head of compliance at Advance AI.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
"I would say any organization should adapt to a widely recognized framework. ISACA has a COBIT framework, the NIST cybersecurity framework and ISO standards," Wanniarachchi said. "And if you're looking for business continuity, you have a certification for that. These are well-practiced industry organization certifications."
"It can be applied by a small company to a bigger company. Here it is not about a technology but about the processes you have in place."
Ser Yoong added that standards provide a "common language" across an organization. "Standards provide that understanding," he said. "Most organizations recognize these certifications and what they mean."
Unfortunately, small and medium businesses face challenges in following these standards, said Syahrir, who added that Indonesia launched new privacy regulations last year. "In Indonesia, 90% of businesses are small or medium. Imagine how complex it is to implement such regulations to Indonesian businesses," he said, citing the need for "business process reengineering or a major change in the business."
In this video interview with Information Security Media Group, the panelists also discuss:
- The various elements of digital trust and why it's so important to the business;
- How do set a baseline for cybersecurity and privacy across the organization;
- How to have digital trust with modern approaches such as zero trust.
Syahrir is the CEO and partner at Veda Praxis, a management consultant focusing on digital business and transformation, strategy and GRC. He has been a management consultant and auditor for more than 15 years and started his career at a global consulting firm handling local and multinational clients.
Ser Yoong is head of compliance at Advance AI. He is a seasoned IT professional focusing on information risk management, cybersecurity and data protection. His has more than 15 years of experience at a variety of companies including PwC, BAT, Standard Chartered and AirAsia.
Wannniarachchi is an experienced network infrastructure, security, risk and compliance professional with more than 18 years of experience in manufacturing, distribution, logistics, leisure and information technology domains.