ISACA Now Blog

Knowledge & Insights > ISACA Now

GDPR Compliance as a Competitive Advantage

Laszlo Dellei, MBA, CISA, CGEIT, CRISC, C|CISO, ISO27LA, CEO of KERUBIEL LTD.
Posted: 1/17/2019 3:04:00 PM | Category: Government-Regulatory | Permalink | Email this post

Laszlo Dellei Last year was a milestone in the field of privacy as the General Data Protection Regulation (GDPR) put privacy into the spotlight in and outside the European Union. The heightened interest in data protection resulted in the growing publicity of unlawful data processing, data breaches, and similar incidents, drawing the attention of the general public to the conduct of data controllers.

One example is Facebook, which has misused the personal data of its users on multiple occasions. As a result, many users decided to delete or hibernate their accounts, a process that may lead to significant loss of income to the company, which has partially based its business model on the economic exploitation of users’ information. The case of Facebook, as well as data subjects’ reaction to similar scandals, highlights the importance of the relationship between the use of personal data, data subjects’ trust, and the digital economy.


The US Government Shutdown’s Potentially Lasting Impact on Cybersecurity

Jason Yakencheck, Senior Managing Consultant, IBM Public Service - Cybersecurity & Biometrics, and ISACA Greater Washington D.C. Chapter President
Posted: 1/16/2019 9:00:00 AM | Category: Security | Permalink | Email this post

Jason YakencheckThe partial US government shutdown is the longest in modern history and continues to drag on as both political parties remain entrenched, refusing to budge from their respective positions. The inability to reach an agreement, or at least to open the government, may have lasting impacts on the effectiveness of cybersecurity in the federal government.

The near-term effects of the shutdown are more apparent than some of the downstream impacts. We regularly see or hear about the furloughed staff not receiving a paycheck, the growing list of .gov websites with expired Transport Layer Security (TLS) certificates, the unavailable National Institute of Standards and Technology (NIST) content, or bare bones staff left to perform system monitoring. Conversely, it is much harder to quantify the adverse long-term impact of the prolonged government shutdown. Let’s take a closer look at some affected elements, though the extent of the consequences will only be known at a later date.


A New Approach to Finding Cybersecurity Talent for the Future

Sandy Silk, CISSP, Harvard University Information Security Director, Education and Consulting
Posted: 1/15/2019 3:24:00 PM | Category: Security | Permalink | Email this post

Sandy SilkThe cybersecurity profession is facing a shortage of qualified talent to fill an increasing demand for positions, as so many reports inform us. What I find self-fulfilling about our “talent dilemma” is the acknowledged rapid rate of technology change, yet the ongoing quest for specific technical experience and expertise. We seek plug-and-play people to match technology components, rather than individuals with foundational skills and an aptitude and desire to learn changing technology.

As processes and people internal and external to our organizations continually adapt to ongoing technology changes, our profession needs individuals with skills in systems thinking, problem-solving, innovation, and collaboration. Cybersecurity professionals also need strong business proficiency, including communications skills and the ability to manage risk in support of desired business outcomes and risk tolerance levels of our organizations. We need a workforce that reflects the diversity of customers we serve, going beyond external traits of gender and race, to a robust variety of experiences and ways of thinking.


The Business Risks Behind Slow-Running Tech

Anna Johannson, Writer
Posted: 1/14/2019 3:04:00 PM | Category: Risk Management | Permalink | Email this post

Anna JohannsonEntrepreneurs and IT leaders frequently underestimate the true power that slow technology has to negatively impact a business. It’s tempting to wait as long as possible to upgrade or replace your team’s devices; after all, every additional month you get out of a device results in measurable cost savings for the business. But all those slow, aging devices are probably interfering with your business more than you realize.

The roots of slow technology
Slow technology comes in many forms, but always has the same characteristics in common. Processing becomes slower, making it harder for employees to complete their tasks in a timely manner, and occasionally stalls productivity altogether (like when those devices crash).


Start with the Why: A Strategic Lifecycle for Information Security

Dr. Tim Sattler, CISM, CISA, CRISC, CGEIT, CISSP, CCSP, Corporate Information Security Officer at Jungheinrich AG
Posted: 1/10/2019 3:02:00 PM | Category: Security | Permalink | Email this post

Tim SattlerMany presentations by information security managers for stakeholders within their organizations include the depiction of a lifecycle in one form or another to underline that information security is not a one-off project, but a continuous activity. However, often these depictions focus on what you do (such as NIST Cybersecurity Framework: Identify – Protect – Detect – Respond – Recover) or how you do it (such as Deming cycle: Plan – Do – Check – Act).

As useful as these lifecycle models are, they often do not resonate as well as expected with the audience, because they do not give the reason why we do information security. Marketing professionals will tell you that you need to start with the why to get your message across. Only the why gives stakeholders purpose and motivates them to take action.

About This Blog

 

This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.

To volunteer to write a blog or suggest a topic send an email here.