Certified project managers have a diploma or other certification document demonstrating their competence. Some project management certifications even require each candidate to have several years of practical experience. Reference: PM.MBA

In real life, however, often certified senior project managers forget what they learned. Project risk is a key part of project management as a science. As professionals in various fields prepare to take their BVOP exam, they study all the topics in the BVOP Ultimate Guide as well as the project risk sections carefully. Even Scrum Master candidates, who are generally Agile specialists, need to know good project management practices. That is why the BVOP Certified Scrum Master exam also includes risk as an exam topic. Reference: BVOP

We share an interview with Peter Brown, a certified project manager with an interest in IT and security.

Consumer data protection enters as a topic along with the GDPR. What should companies look out for?

In my opinion, the regulation is overexposed, and the new moments are the sanctions and our mutual obligations. Now it turns out that companies managers that have worked together for a long time and had a common business are starting to enter into contractual data relations.

But the GDPR was there before, but it was not observed. The paranoia on this topic now shows what data protection has been like in the past.

The reason for the regulation was the overly aggressive targeting of consumers. We stopped believing, and personal data began to be seen as a shopping cart. And the business ended up in a supermarket where the goods for vegetarians are on the left and for carnivores – on the right. And if you are a vegetarian – go in and take everything from the left, whether you need it or not.

But personal data is one of all types of data. The strategic plans of the company or the new products developed are no less important than managers the data of employees or customers.

The big paradox in the GDPR is that the regulation removes personal data from the concept of “information”. Another paradox is that the GDPR requires personal data to be disguised in log files, but the user may abuse or write a post calling for terrorism. If the data in the logo is masked, we will know that it was not Peter who made the payment on a given date, but that someone made the payment. And if this is related to criminal activity, the specific perpetrator will not be able to be identified, which is also a problem for law enforcement agencies.

But if we mask the data, how will we fulfill the provisions of PSD 2 (Second EU Payment Services Directive)? According to managers, banks must immediately return the money to the customer if he disputes the payment and then recovers the loss in court. But how to do it? After one law we have deleted everything for you and we have no legal basis to keep the information? This creates many more ways to commit fraud.

We work on the prevention of such inconsistencies caused by the directives. For several years we have been focusing on initiatives in the context of open banking. As an example, I can give Appathon and Hackathon, competitions for developers who present ideas for easier implementation of PSD2.

Our strategic plan Transform 2019 managers is based on innovation in the transformation of the banking operating model to improve the customer experience, respond to ever-changing customer needs, and adapt to new regulatory requirements.

What are the most common attempts at fraud in the financial sphere?

Phishing attempts have become more frequent for 3-4 months. They are not personally oriented to certain people, the so-called spear-phishing, in general, by attacking all kinds of people, without assuming whether they use some kind of banking or not. Public e-mail servers are being attacked by sending fake emails urging users to take action. From the general mass, some people give in and so begin to provide their identity (usernames and passwords) and create new conditions for future fraud. All banks are protected and there is no way anyone can make a payment through electronic banking when they reach your account, but this way you can see your balances, payments – what you have and how you distribute your finances. And that makes you a target for future attacks that are already specific to this type of banking. The attacks are against all banks, as we detect about 3-4 attempts at phishing per day, and 90% are not against our clients or services.

What type are most of the threats to IT security today – hacker attacks (which predominate) or research by competitors?

In reality, hacker attacks are much more visible, but the damage that industrial espionage can do is no less. On the one hand, hacker attacks are organized and targeted and always aim at abuse, fraud, gaining control, stepping into another type of crime, but in terms of research – have we ever wondered what that means?

The dilemma of which is the lesser evil is interesting – whether we will give funds to recover from a hacker attack or we will give the equivalent, but for marketing research, obtaining information that gives a competitive advantage, manipulating the market…. How often have we asked ourselves the question – where do they get my data from, why exactly are they looking for me, why exactly do they recommend it to me, is the medicine I am taking not just crushed sugar?

Social engineering and espionage are hacking methods, and they don’t have to be in an IT environment. If we answer quite honestly what research by competitors means, we will find that these are the first three main steps of any hacker attack. Where are the boundaries? Let’s not forget that the road to hell is paved with good intentions. What will a company do after researching its competitor? This is not about honest business, but about survival, about giving the advantage to achieve a bigger share, bigger profit. I will stop here because I do not claim to determine what is good or wrong in running and doing business, but the idea I share is that there is no real difference between hacking and researching a competitor, just a play on words.

What would you recommend to companies to protect themselves?

My advice will be more modest, but also as a last resort – above all, hire a competent team that respects corporate values ​​and rules. Do not spare funds to develop and involve your employees in the cause and faith of one family, because in reality they should live and think like one family. This recommendation also has its financial dimension. When we take into account the losses and profits – you will determine the high profits. Never divide your employees, every Cinderella is a potential princess, every soldier carries a general’s staff.

Don’t let service or resource providers give you advice on how to protect yourself or change your processes, because then you’re looking for a buttonhole, it makes you sluggish and you’re unable to respond in a timely and proper manner.

Always doubt when there are lackeys around you, consulting is a business and it is not related to your business managers, it generates profit for other companies at your expense. We have a saying “many grandmothers – skinny baby” and this is because everyone will give you advice but will never ask you what you want. Technology is a good thing, automate, robotize, don’t skimp, but never forget the person who, as such, can make an irrational decision and save or drown you.

Do not take away the environment of people and do not turn them into machines, because they will behave like automatons. And this is a bad scenario, but it can be a criterion for you to stimulate, reward, encourage question,… or just believe and go hand in hand in harmony.

Mr. Brown, is there a difference in the attitude to information security managers on the part of browser and protocol developers and corporate IT experts?

Concept-level browsers are designed to provide a user-friendly and unified interface that is easy for the end-user to provide with content or functionality. (laughing). Increasingly, it is possible to integrate with other applications, which on the one hand is facilitation, but at the same time creates controversies in the field of security.

Very often the convenience of using a single password or account in an Internet application, for all related services is an opportunity for a malicious third party to obtain complete information about your correspondence, personal data – the real equivalent is to have a universal key that opens your car, your home, your cash register… or have one PIN code for any credit or debit card.

Everything on the Internet is very easy and convenient and gradually we start not to get up from our place and live on our computer. This is a problem for the older generation, but the younger ones have accepted it. Children already live in a fictional world: they are managers or square humans, and they have 100 lives. And the generation to come has no brakes, ie. criteria for good and evil. Because in the virtual world, good and evil are together and always cost $ 200 and give you a new life or a new account. But in the real world, this is not the case.

Excessive social media managers connectivity is another danger that comes from here. From a marketing standpoint, they bring many benefits. But so most company managers focus only on making more money and neglecting the IT environment and hardly investing in it, and at best buy a “ready-made” or cheaper solution to make an application. But the lack of additional requirements for licensing the client interface and the ability to visually overshadow the functional leads to the fact that businesses often adjust their lives to what a technology company has done. Companies ignore the security risk and indulge in the joy of what they see – the colorful and flashing screen that the developer has made.