We chat to Vivek Gupta, Vice President – Head of Information Security, GEMS Education about the relevance of winning the CISO100 category at the Middle East Security Awards 2019.
The CISO100 category at the Middle East Security Awards 2019 acknowledges the Chief Information Security Officers who have the task of securing their firm’s data. Held in early April, this year’s recipient was GEMS Education’s Vice President – Head of Information Security, Vivek Gupta.
“They have to protect the data by putting controls in place, defence in depth. Before, when records were kept manually, employees would keep documents locked in their desk or cupboard, then lock their office, then their building, and they would place a security guard outside. Similarly, if the data is on a laptop, we need a firewall to restrict public access. Then, we need another layer of protection that only allows designated internal people to access certain information. This kind of digital architecture is implemented by the Chief Information Security Officer. They understand the business, what data resides where, how to protect the data, and which safeguards to put in place,” said Vivek.
The need for data protection meant organisations started recognising the people who were succeeding in this area. GEMS Education participated in the Middle East Security Awards 2019 as a yardstick to ensure that the practices in place put the organisation on the right track to data protection.
When our parents know we have this award, they know their children are going to a school where there are data protection activities in place.
Vivek said that the award recognises that the information security team is taking the right steps to safeguard GEMS Education and raise its security profile. “In the security world, we never say we have arrived. Technology and digital threats develop too quickly. When our parents know we have this award, they know their children are going to a school where there are data protection activities in place; the organisation believes in best practices,” said Vivek. Moving forward, Vivek said there is a three-year roadmap in place which outlines activities to keep elevating the level of protection.
GEMS EDUCATION HAS THREE PILLARS TO PROTECTING BUSINESS AND STUDENT DATA:
- People Staff are given regular training and reminders not to leave confidential information on their desks, on the printer, or in the dustbin. Some documents need to be shredded. The best technology won’t mitigate human error.
- Policies Policies have been created and rolled out across the organisation regarding passwords, using firewalls on the servers and laptops. Data has also been classified in varying levels of confidentiality. Role-based access control has also been implemented in terms which departments can access which information. Levels of authority have also been delegated in terms of who can sign documents and make decisions.
- Technology Trained people and the right policies are irrelevant without the right technology. The company uses digital infrastructure such as firewalls, and company data is encrypted. Hardware is also regularly updated.