The Importance to Manage Data Protection in the Right Way: Problems and Solutions

Data has become the most important asset for the companies, and data protection against loss is fundamental for their success. Most of the companies are connected to internet for business reasons and this is potentially risky. Cyber-attacks, hacks and security breaches are no longer an exception. They can range from no or limited impact to Distributed Denial of Services (DDoS), stealing/manipulation of data, or even taking over control of systems and harm the physical world. Some companies work on critical projects that contain documentation to be protected and not publicly disclosed. Data leakage or loss could lead to hazardous situations, so data confidentiality, integrity and protection should be conserved. To reach this goal, it is better to adopt an efficient data protection management, i.e. having effective processes and methodologies in place to enable prevention, detection and reaction to any threat that could occur. Companies should give importance to actions, plans, polices, and address the organizational aspect, and be aware and prepared to manage crisis situations, using the best technological solution for each stage of the cybersecurity management. In this paper, we present solutions and key steps to manage data protection inside Ansaldo STS Company from organizational and technological sides, by using an Information Security Management System that implements the cybersecurity strategy of the company through three phases (prevention, detection and reaction, and checks for compliance and improvement) and by adopting a defense-in-depth approach and maturity models to deploy control in a prioritized and effective way.