We are very happy to announce that LIGS takes another step forward in providing modern programs for contemporary job market needs with new courses focused on Cybersecurity.
Managers without at least basic knowledge of IT and data protection will soon be a thing of the past. That is why we upgraded our IT Management courses for Cybersecurity knowledge every manager should know. Our specialization thus does not suit only IT Managers, but everyone who cares to secure valuable data and protect them against cyber threats.
All of this is possible thanks to our new lecturer Dr. Tan Kian Hua, a renowned Cyber Expert. Want to know why it is important for managers to master cybersecurity issues? Read more below in an exclusive interview with Dr. Tan.
With the increase in cyberattacks, the project manager is also vulnerable to such attacks. They are considered “owners” of the project to external facing, and taking care of data will be their responsibility.
Regardless of the type of project, a project manager is managing, there will intensive data involved across many departments and external vendors. Besides managing the project, the project manager also needs to ensure all the communicated data will be safe. Project managers need to have a serious note on the value of the data, and also the potential effects if they were breached. They need to be aware of the amount of data- and of what kind- will it affect the project in the event of a breach. Especially when dealing with the organization holding sensitive data, like financial records and personal data, which must be protected at all costs. These are the hidden responsibilities of the project manager and they cannot afford to be unaware of what kind of data they’re dealing with.
With the processes in place, the project manager must also know how to educate or work with the people. Data is held by the people and giving them the right access is critical. Too much access, the exposure will be bigger and higher vulnerability. Too little access, the people are unable to perform their duties and will cost the project to be delayed.
Our graduate students not only will stand out in the field of project management, but they will be able to demonstrate the importance of securing organization project data. Having the ability to know how to secure the project data and create competitive advantages for the organization will also create a competitive advantage for the company as a whole.
With technology advancing, data is the key to run the operation for the company. And with data, it makes the company vulnerable to cyberattack. The bigger and more lucrative data the company is holding, the more they are vulnerable to attract attacks. Therefore, the cybersecurity manager is always raising demand.
The cybersecurity manager will be focusing on operational & technical level while the cybersecurity director or Chief Information Security Officer (CISO) will be focusing more on leadership. As managed service is becoming more acceptable, the cybersecurity team is also one of the topics that companies outsource as well.
vCISO (Virtual Chief Information Security Officer) is the outsource term in which company outsourced its cybersecurity service and this is the portion which they will assist corporate with their leadership and technical skills. While the operation portion will be keeping close to the customer and there will be an internal team to due to their daily operation. Therefore, there is still a need for cybersecurity manager just that their focus is shifted towards operation duties.
There is only so much the cybersecurity manager can stretch to cover their responsibilities in their role. The weakest link for cybersecurity in any organization is still people, not all staff know about cybersecurity or care about their cybersecurity. They are not hired to deal with cybersecurity and training for this weakest link is getting serious.
Three key objectives for a project manager are managing processes, managing people and managing data. And in the project, the most vulnerable area for cyber attack will be the people and data. We already know that with more data collected, the company will also be a bigger target.
Managing people for cybersecurity is not about handling their emotion and motivation towards the project, but their behavior towards how they handle the data. Is there any policy to enforce that data need to be encrypted if they are at rest? What do the project stakeholders need to do with the printed information? What kind of data are they allowed to send to external parties? These are just some of the questions the project manager needs to know when handling the project.
Managing data in the project for cybersecurity will be to categorize them and ensure confidential data will be stored out of reach. And using tools to ensure the data remains available at all times. Project managers also need to be aware of the level of data classification and have strict control over this.
In our course, a project manager needs to be aware of the two common threats – people and data. The project manager will act as an extended arm to the IT or cybersecurity team. While they are carrying out their duties, they can add value by ensuring minimizing threats from people and data. And by understanding the cyber landscape and threats they will ensure successful delivery of the project.
On the project level, they need to ensure the basic understanding of the CIA triad.
To understand the concept of confidentiality, we can think of it as roughly equivalent to privacy. The measures for ensuring confidentiality will be the design to prevent sensitive information from reaching the wrong party. This will also ensure that the right party authorized for the information will be able to access it. The weakest link in the cybersecurity infrastructure will be the people. In order to ensure confidentiality of safeguarding the data in the weakest link, training will be necessary. Conducting training will help to familiarize all employees in the organization and also authorize personals to know the risk factors and how to guard against them. Training can stretch all the way to include strong passwords and password-related best practices, and also guard against social engineering methods. This is to prevent employees from bending data-handling rules with good intentions and resulting in potentially disastrous results.
Access of the information if falls to the wrong hand, the damage can be unbearable for the organization. The damage will be categorized according to the date based on the amount of type of damage that could be done on the data should it fall into unintended hands. The level of control, be it more or less stringent to be implemented will depends on the categories of the potential damage.
This portion will give the concept of protecting information from unauthorized alternation, which provides the measure of assurance in the accuracy and completeness of data. The data which need to be protected in this will be data at rest (stored on systems) and data in transit (Transmitted between point A to point B). Controlling data at this level will need to ensure that there will be necessary control at accessing the data at the system level. And also that the users must only be able to alter information that they are legitimately authorized to alter.
As compare to confidentiality protection, the protection of data integrity extends beyond intentional breaches. The other countermeasures protection that can be put in place to protect integrity will be access control and rigorous authentication that help prevent authorized user from making unauthorized changes. Having digital signatures can also help ensure that transactions are authentic and the files are not modified or corrupted.
In the nutshell, effective integrity countermeasures must also protect against unintentional alteration. This alteration includes user errors or data loss that is a result of system malfunction. Equally important to protecting data integrity are administrative controls such as separation of duties and training.
Availability is to ensure that authorized parties are able to access the information which needed. Even how secure your information is but when needed it will take a long time to retrieve the information, it will still fail the cybersecurity value. To break the availability portion, the hacker will need to deny access to the information. The most common way of denying access to the information of any organization will be using distributed denial of service attack (DDoS). In today's world, you will hear news on high profile websites being taken down by DDoS attacks. There are other areas that affected availability.
Do you agree that being familiar with the cybersecurity issues is a must-know for every manager? Upgrade your knowledge with our programs.
Dr. Tan Kian Hua is currently holding a position as the Chief Information Security Officer (CISO) in an Asia Pacific company in Singapore and also engaged by several other SMEs (small and Medium Enterprises) as their virtual CISO, advising on their local and overseas offices in the Asia Pacific. He also served as a consultant for cybersecurity system integrators to finetune their cybersecurity framework and to enhance their internal policy.
Dr. Tan's expertise includes designing and implementing world-class cybersecurity solutions with machine learning abilities. He has spearheaded a team to build the first world-class defense cybersecurity infrastructure from scratch and rectified a cyberattack within one day, which average industry time is twenty-eight days. As a member of the Association of Information Security Professionals (AISP), he has numerous responsibilities at the local community, including creating and educating companies in cybersecurity-awareness. He is passionate to bring up the awareness of the importance of cybersecurity in all companies and continues to ensure a first-class standard for maintaining the cybersecurity procedures. Dr. Tan speaks at numerous events when there is a debate on cybersecurity, including Cloud & Datacentre convention (regionally).
Dr. Tan has helped companies to grow their business and increase profitability dramatically. Moreover, delivering results for any organization looking for a solution to expand their reach, revenues, and stay competitive. The companies he advised include SMB (small-medium business) from two man-size to large MNC (multi-national company) of six thousand staff strength. During his six years in an MNC, he was selected as a young leader undergoing their leadership program. And also the subject matter expert for IoT (Internet of things) and cybersecurity.
Dr.Tan completed his Ph.D. with a USA university with a GPA of 3.8/4. His Ph.D. dissertation research topic is on “Internet of Things & Cyber Security Evolves Strategies Management” and awarded Distinction. He also holds a graduate diploma in Digital Forensics & Cyber Security from Aventis School of Management. Dr.Tan is also an Advanced Big Data Professional and has completed Executive Program in, Internet of Things: Business Implications and opportunities, and, Artificial Intelligence: Implications for Business Strategy, from Massachusetts Institute of Technology (MIT).