As the COVID-19 situation forces businesses and companies to take most of their operations to their employees’ homes, there is a growing need to adapt information security and the way these organizations approach it, says EastWest Chief Information Security & Data Protection Officer Joey A. Regala.
In a webinar hosted by the Financial Services Information Sharing and Analysis Center last April 29, Regala, who also serves as the president of the Information Security Officers Group, established a new C-I-A paradigm for information security officers (ISOs) to follow in the current era of working from home—Culture, Integrity, and Ability, replacing the old framework of Confidentiality, Integrity, and Ability.
Living on the edge
According to Regala, this new mindset is needed to tackle the challenges of remote security, which fall on both extremes—too much security from officers can become inconvenient to employees and clients, while too little can leave them open and vulnerable. ISOs must then be agile and dynamic enough to meet these challenges sufficiently.
Regala emphasizes that a culture of security must be the priority for organizations, which will matter more in protecting information than the actual policies themselves. “Sell the idea of security like an insurance salesman,” he says. “Focus on the why and not the how.”
This culture must then be reinforced by the ISOs’ personal integrity, meaning their ability to practice what they preach and maintain their image at all times. “No matter the circumstance, your integrity should not falter,” says Regala. “Are you really who you say you are on every platform? Stay true to your real self.”
Lastly, both culture and integrity are nothing without the ISOs’ own ability. Regala underscores the need for experience, certifications, and alliances for ISOs to succeed in leading their companies’ information security efforts. He also highlights the importance of working with regulatory bodies such as the National Privacy Commission, the Bangko Sentral ng Pilipinas, the Bankers Association of the Philippines’ Cybersecurity Technical Working Committee, and the like.
With the enhanced community quarantine currently extended by the government to May 15 and social distancing measures still recommended until the threat of the virus is completely eliminated, many businesses are seen to continue work-from-home setups for the foreseeable future, necessitating constant vigilance in information security.
With over 35 years of experience in information security and IT security on financial systems, Regala is considered a pioneer of cybersecurity in the Philippines and one of the most renowned ISOs in the ASEAN region.