Eduardo Ritegno, based in Buenos Aires, Argentina, is a senior IT Manager at BNA (Argentinian National Bank). He is a specialist in Systems Development, Project Management, Audit, Governance, Risk & Compliance, mainly in the vertical finance market. He has been working across the American continent & Spain. He also held position as Director of the Argentinian Clearing House, and has been member and Chair of the CRISC Certification Committee at ISACA (Information Systems and Control Association) based in Chicago US, for consultancy work, and member of the Certification Board. Mr. Ritegno participated as a Team member in writing/reviewing COBIT5 professional series, and holds two professional ISACA certifications (CISA & CRISC), and is accredited as Quality Evaluator of the internal Audit (QAR – IIA).
One of Mr. Ritegno’s main concerns is on how we, in the corporate world, shall manage the data risk and keep the information/ data secured at the highest level. Mahendra K. Datu, Chairman of TaboraARGA, was able to interview him during their meeting in the US recently.
A: Independently of the kind on industry or country, I think that the main issues we must never disregard are the following:
- Confidentiality—ensure that transmitted and stored data cannot be read by unauthorized parties
- Integrity—detect any intentional or unintentional changes to transmitted and stored data
- Availability—ensure that users can access resources using all available channels and mobile devices whenever needed.
Currently Mobile devices (BYOD) is one of the top 6 security Risks for companies. And data theft is one of the highest vulnerabilities of portable devices. Moreover, it turns very hard work for the IS areas at companies to apply consistent security policies and to manage those devices when we admit multiplatform (multi-brand, multi-OS) with a single team of agents.