A workplace is a social place, and much of the learning that occurs there is social learning. Social learning occurs through observation of other individuals’ actions and behaviors. It is not a mere imitation of the behaviors of others in an environment, but a reasoning process in which the individual examines others’ behaviors and makes conscious decisions about whether to adopt or reject this learning. Social learning occurs continually, although we might not be aware that it is taking place.
One motivation for social learning in the workplace is the individual’s desire to fit into the environment. Social learning is relevant to promoting secure behaviors in the workplace. It is not limited to the physical world, but extends to the virtual world by using social media tools. It can be incorporated into existing security awareness efforts to strengthen them. Social learning is beneficial across all generations, but especially to millennials because of their early adoption of social media as a core communication and connectivity mechanism.
One thing to keep in mind is that the term black swan is applied to an unknown threat. Therefore, there is no fail-proof strategy against it. A good resilience program may not stop a threat altogether, but it definitely can reduce the impact of the risk.
Segregation of duties (SoD) has been a source of guidance for audit and accounting systems for a long time; nevertheless, many IT security controls imposed by recent trends and regulations can be viewed through its lenses.
Privacy by design and privacy by default, for example, as required by the new EU regulation recently approved by the European Parliament, require that duties are well separated and roles are well defined from the beginning.
Privacy by design must be introduced in the design of processes and in the design of systems and tools. For example, a client recently asked for a solution to make service desk personnel able to reset user passwords without knowing the user’s new password and without resorting to the self-help password reset. This does not only require a supporting tool but also a sound access management process in which SoD is the central issue.
Businesses of various sizes are extremely worried about information security. On a daily basis, we hear news of banks and financial institutions losing customer records, confidential information and money due to cyberattacks. Cyberattacks have increased exponentially over the last 5 years, and attack methods are becoming more sophisticated each day. On average, enterprises take about 100 days to identify an attack. It takes even more time to investigate, plug the gaps and prevent similar incidents. The goal of my recent Journal article is to help enterprises and security leaders realign the strategy of their information security teams by empowering the chief information officer (CIO) and the chief information security officer (CISO).
The ISO 31000:2009, Basel III recommendations, the EU Capital Requirement Directives and the Own Risk and Solvency Assessment (ORSA)/Forward Looking Assessment of Own Risk (FLAOR) processes of Solvency II Directives profoundly affect the financing and the insurance of companies in all business sectors and local authorities.
US companies use US National Association of Insurance Commissioners (NAIC) recommendations based on the fundamental principles of ORSA; EU firms refer to FLAOR recommendations; and companies in other countries (e.g., Canada, Japan, China) refer to Solvency II as an international best practice.