Egon Lenz

The international PCI DSS scope was a project where I was the technical leader ed by Alexsander Almeida (Project Manager), Alexandre Wendt Shima (Information Security Manager), Lucas Carvalho (Cloud Ops Specialist), and Cipher Team (QSA, pentesters, project manager, and others). This project involved a multidisciplinary team (EUA and Brazil) where we worked together in a fast-paced to establish a PCI DSS conformity in international EBANX scope.

The Agile Methodology was used to… Mostrar más

The international PCI DSS scope was a project where I was the technical leader ed by Alexsander Almeida (Project Manager), Alexandre Wendt Shima (Information Security Manager), Lucas Carvalho (Cloud Ops Specialist), and Cipher Team (QSA, pentesters, project manager, and others). This project involved a multidisciplinary team (EUA and Brazil) where we worked together in a fast-paced to establish a PCI DSS conformity in international EBANX scope.

The Agile Methodology was used to perform all the tasks related to the project. Mostrar menos

ISO/IEC 27001:2013 was a project where I was the technical leader ed by Alexsander Almeida (Project Manager), Alexandre Wendt Shima (Information Security Manager), Fernando Fecchio Neto (Information Security Analyst that was responsible for the internal audit) and Maurício José Aguilar (IT GRC Specialist that was responsible for the risk assessment and treatment). The Agile Methodology was used to perform all the tasks related to the project.

During the ISO/IEC 27001:2013 project… Mostrar más

ISO/IEC 27001:2013 was a project where I was the technical leader ed by Alexsander Almeida (Project Manager), Alexandre Wendt Shima (Information Security Manager), Fernando Fecchio Neto (Information Security Analyst that was responsible for the internal audit) and Maurício José Aguilar (IT GRC Specialist that was responsible for the risk assessment and treatment). The Agile Methodology was used to perform all the tasks related to the project.

During the ISO/IEC 27001:2013 project implementation, the following documents, and processes (some of which contain appendices that are not expressly stated here) were written and performed:

Procedure for document and record control;
Procedure for identification of requirements;
Scope of the information security management system;
Information security policy and policies;
Information security risk assessment and treatment methodology;
Information security risk assessment table;
Information security risk treatment table;
Information security risk treatment plan;
Information security risk assessment and treatment report;
Statement of applicability;
Procedure for internal audit;
Procedure for corrective action;
Form for management review minutes;

Also, the following information security controls (organizational and technical) were delivered:

Organization of information security;
Human resource security;
Asset management;
Access control;
Cryptography;
Physical and environmental security;
Operations security;
Communications security;
System acquisition, development, and maintenance;
Supplier relationships;
Information security incident management;
Information security aspects of business continuity management;
Compliance. Mostrar menos

The PIA project consisted of identifying the main risks related to personal data processing and protection, regarding the current laws and regulations applicable to EBANX’s business. I was the technical leader ed by Alexsander Almeida and Giulia Gemignani (Project Manager), Alexandre Wendt Shima (Information Security Manager), Diogo Kastrup Richter (data privacy legal counsel) and Maurício José Aguilar (IT GRC Specialist that was responsible for the risk assessment, treatment, and… Mostrar más

The PIA project consisted of identifying the main risks related to personal data processing and protection, regarding the current laws and regulations applicable to EBANX’s business. I was the technical leader ed by Alexsander Almeida and Giulia Gemignani (Project Manager), Alexandre Wendt Shima (Information Security Manager), Diogo Kastrup Richter (data privacy legal counsel) and Maurício José Aguilar (IT GRC Specialist that was responsible for the risk assessment, treatment, and privacy business process)

The following steps were performed to reach the project’s objectives:

Information gathering, to identify EBANX's main needs, process and business process in scope that use, store or process personal data;
Presentation of personal data concepts and legal obligations to key s;
Understanding of business process activities, through individual
meetings with the key s;
Assessment of privacy principles and privacy risk identification;
Development of action plans for risk remediation;
Development of the PIA Report and PIA Methodology;
Reassessment of PIA Report to identify EBANX’s remediation actions and review of the final version of the PIA report. Mostrar menos

Cyber Essentials is a simple but effective, Government backed scheme designed to help UK organizations with limited experience of Cyber Security to improve their defenses and demonstrate publicly their commitment to Cyber Security, whatever its size. The process of certification has been designed to be lightweight and easily manageable while at the same time providing a respected standard in Cyber Security.