Other Blogs
There are no items in this list.
Knowledge Center > ISACA Now > Categories
Mark Kaigwa:  Mobility Has Massive Implications for Africa

ISACA Now recently talked with Mark Kaigwa, African IT entrepreneur, about the future of IT in Africa. Kaigwa is a keynote speaker at the first-ever Africa CACS at the InterContinental Nairobi, Kenya, which takes place Monday, 8 August to Tuesday, 9 August. For more information click here.

The following is a question-and-answer session with Kaigwa.

ISACA NOW:  It seems that the opportunities for IT in Africa are endless. Obviously, social media is huge. What other opportunities for IT in Africa do you see over the next 5–10 years?
KAIGWA:  I see mobility as one of the greatest epochs of Africa’s technological history. The last 7 years has witnessed nations shift from cyber cafés as the gateway to the Internet to the pockets of hundreds of millions on this continent. I believe that it is indeed something to marvel at.

The implications are massive. You can no longer have an election without factoring in the broader thinking that goes into the mobile phones we know and love. To the extent that in Kenya, where the inaugural Africa CACS will be held, serious conversations have revolved around whether mobile money and mobile phones should be used in the voting process. To illustrate, the total number of registered voters is estimated at 15 million while there are 25 million mobile money users.

I think the layer above mobile is what excites me as we’re only beginning to see the possibilities. Look at how connected devices are entering various sectors, such as the education system, where Kenya recently piloted a program that will see 100,000 students explore learning aided by laptops.

For national security, there’s been a push in the private and public sectors. When it comes to traffic and mobility, Nairobi loses a colossal amount in traffic per day. An IBM study found it the 4th most-stressful city for drivers (after Mexico City, Shenzhen and Beijing). The yearlong study was on how drivers react and vehicles behave as they negotiate obstacles on Nairobi streets. The public sector has seen the deployment of a national police surveillance system powered by 4G technology from Safaricom. This included connecting 195 police posts and HD and Ultra-HD CCTV cameras monitoring traffic and security connecting to a national command and control room.

Kenya’s investor community is pushing boundaries in the Internet of Things (IoT) with organizations like BRCK educating customers and the market. There is also Product Health, an organization looking into supporting solar enterprises. I have great interest in the data we are generating and what that data means for consumers and companies.

At the same time I recognize the risks. To illustrate, in Kenya today you have people that fall within the cracks when it comes to complying with the checks and balances of traditional access to capital and loans. However, one peek at their mobile devices tells a much better story than any bank account ever could. Companies from Silicon Valley and Silicon Savannah are battling for the future of finance, especially for lending based on mobile data.

Organizations like Branch, Saida and Tala take information on Android phones and score them on virtual creditworthiness. Small factors like how much airtime one uses, how many times you charge the phone each day, whether they gamble on sports betting web sites are included, in addition to their mobile money transactions. Tala claims to have over 10,000 data points to make a lending decision. No paperwork involved. M-KOPA pioneered this on a broader basis, pushing beyond access to mobile phones and consequently mobile money by exploring what happens when you build credit scoring based on purchasing power from micropayments.

Second to that, I’d say that chat apps and instant messaging applications also excite me. I’ve followed the growth of Ghanaian startup Beam and others using WhatsApp as an onboarding process. Remittances across the continent exceeded aid in 2012. Since the rise of cryptocurrencies there are myriad start-ups solving the payments space. Beam began this way but pivoted to a new and more interesting proposition.

It isn’t what gets the money into the country that matters, but where it goes and the certainty one has that it is buying what it was intended to buy. This means that if a person has sent $10,000 to family members to purchase a parcel of land, what else do they have but the family members’ word to go on when checking to see that this is what it was spent on?

ISACA NOW:  What are the challenges to Africa’s IT revolution? What solutions do you envision?
KAIGWA:  If we take the two above scenarios, they invariably bring security challenges. The issue of cybersecurity is one that has people divided.

The greatest of these is that on the connectivity front. I’m interested in seeing how the debate on net neutrality plays out on the continent, particularly after India’s decision on net neutrality; we have yet to see any clear reverberations on the continent.

The continent isn’t homogenous. There are 54 different negotiating tables for Facebook to sit with regulators. It is also worth noting that the way true regional lines get erased is when telcos are able to use their borderless technologies and economies of scale to facilitate entry for technology giants. The case in point is Airtel as a partner for Facebook’s Internet.org on the continent.

Mobility itself remains a challenge. Yes, one can engage and build with mobile in mind, but that is not the be-all and end-all of technology. Challenges and pain points in the user experience of unstructured supplementary service data (USSD) are an area that needs further thought. The need to go through menu after menu can prove taxing, especially given the number of timeouts. User experience on mobile (outside of apps) remains a challenge. This considering that USSD does not grant uniformity. From an iPhone 6S plus to a Nokia 3310 (were one to be revived and put back on a network) the interaction is virtually the same.

Regarding mobile money, the Brookings Institute noted that when South American countries were compared to African ones (especially those advanced in the penetration and use of mobile money), there were generally higher rates of formal bank account ownership among marginalized groups (i.e., women and low-income individuals) and higher rates of debit card, credit card use and Internet use for bill payments and purchases than the African countries. Conversely for Africans it remains primarily mobile driven. I’m exploring what this means when it comes to delivering a consistent and cyber-secure experience on mobile channels to customer segments not aware of risks and vulnerable to fraud.

ISACA NOW:  Where are African enterprises at from a cybersecurity standpoint? Where are African citizens at, cybersecurity-wise? What are the challenges and solutions?
KAIGWA:  The biggest challenge here remains as seen above, to categorize the continent as homogenous. As is becoming an adage now—Africa is not a country. The contradictions, challenges and comparisons between countries yield different results each time. One can, however, find parallels when looking at the four corners of the continent. Kenya for East Africa, Nigeria and/or Ghana for West Africa, Egypt for Northern Africa and South Africa for Southern Africa.

To illustrate, one of the continent’s main pan-African organizations, the African Union (AU) in 2014 adopted its Convention on Cybersecurity and Personal Data Protection. The Convention sought to improve how African states address cybercrime, data protection, e-commerce and cybersecurity. Presently, only 8 of the AU’s 54 members have signed the Convention, with none ratifying it. The solutions will take a country-by-country examination of common ground and political will to take action as the consequences will be felt by nation states and the current and next generation of Africans coming online.

ISACA NOW:  What will be the key takeaways from your address?
KAIGWA:  The key takeaways will be 3 provocations for Africa CACS based off of looking at the continent and observing the rise in mobility, the opportunity and threats, and how stakeholders in the public and private sectors and the general public can compete or collaborate to Africa’s advantage and strengths.

My talk begins and spends time looking at what one of the more recent digital “arms race” developments looked like and what the consequences are for the ISACA fraternity and beyond.

 Editor’s note:  For more information on the first-ever Africa CACS, 8 August to 9 August, click here.

Pokémon Go Issues Underline Importance of Technology Pros

It is unlikely there are many people left who have not heard of Pokémon Go. Maybe you are an active player, maybe your stock portfolio includes Nintendo shares, or maybe you have heard the warnings about criminal activity related to the game. For the uninitiated, Pokémon Go is a mobile app that uses a phone’s GPS and camera to create an augmented reality experience in which players traverse the physical world and capture animated creatures.

Niantic, Inc.—which actually began as a Google project before splitting off from the company last year—partnered with Nintendo to create the mobile app. Whether you are playing the game or not, one thing is for sure – this is a truly disruptive technology; one that came on the scene and infiltrated people’s lives in record time.

Just how pervasive is Pokémon Go? The app has drawn just under 21 million active daily users in the United States since its 7 July debut. In Germany the game was released on 13 July and rose to the top of the charts in just three hours. In less than two weeks Pokémon Go has attracted more daily active users than Twitter – an app that has been in existence for ten years.

From a practitioner perspective, concerns arise around such rapid and widespread adoption of an emerging technology. Organizations are often unable to accommodate such unprecedented interest—in this case, server issues plagued the game’s developers, particularly in the first few days of its release, when Niantic seemed unprepared for the rapid onslaught of users. High levels of usage may also increase exposure for security flaws, which may be exploited before an organization has an opportunity to correct them.

In the case of Pokémon Go, the software company has also come under fire for privacy concerns related to the game – while an update has since been released that corrects the error, an earlier version of the app granted full Google account access to Niantic when users chose that method of sign-in. When millions of users downloaded the app before the update was released, it is unlikely many of them were reading the fine print to understand the scope of access to their personal information they had handed over.

As technology professionals, we have an opportunity and an obligation to anticipate and prepare for what is next, even when we might not be quite sure what it is. While we may not all be developing the next viral app, we do all serve as advisors on technology in some capacity within our organizations. Technology is evolving at exponentially faster and faster rates, and it can seem daunting to keep pace. But even as advances are made, the old standards ring true – build privacy and security standards into technology from the beginning, optimize risk, and approach future technologies with a healthy sense of cautious optimism.

Africa CACS Keynote Herman Konings to Introduce “Cathedral Thinking”

Trend analyst and consumer psychologist Herman Konings will present the Africa CACS 2016 closing keynote address, titled Cathedral Challenges: What Happens After What Comes Next? Konings is a genuine storyteller who inspires the spectator on an engaging course about the amazing world of passions and interests, trends and future expectations, and about what is and what will be.

Africa CACS will take place at the InterContinental Nairobi, Kenya, from Monday, 8 August to Tuesday, 9 August. For more information click here.

The following is a question-and-answer session with Konings.

ISACA NOW:  What major societal trends do you see in the near and long terms?
KONINGS:  To understand trend watching, it is vitally important to know what a trend is. It is not, as many think, a term exclusively associated with the world of marketing, fashion or design. At its most essential, a trend can be defined as the direction in which something/anything tends to move and which has a consequential impact on the society, culture or business sector through which it moves.

Trends are, therefore—as London-based trend forecaster Martin Raymond describes—a fundamental part of our emotional, physical and psychological landscape; and by detecting, mapping and using them to anticipate what is new and next in the world or business, we are contributing to better understanding the underlying ideas and principles that drive and motivate us as consumers, citizens, users, creators, and decision makers.

From a global point of view, interesting (societal) trends are, among other things, the growth of life expectancy (and the related overpopulation), the digitization of jobs, the sustainability (including mobility) challenge and the collaborative mindset of Generation Y. I have the strong conviction that these global trends are “true” global trends, not only relevant for Northern America, Europe or the Far East, but in the “long-near” (= within 5 to 10 years) also self-evident for Africa.

ISACA NOW:   As a trend watcher, what have you learned about the portability of trends? Does a trend in Europe, for example, generally translate into a trend elsewhere? Can you predict portability? Also, can you predict which trends will move from fad to mainstay?
KONINGS:  A legitimate question is whether trends are portable from one region or even continent to another. Can a trend detected in Europe take root in, for example, Sub-Saharan Africa? The answer is quite complex. One has to take into consideration different demographic, economic, socio-cultural, technological, ecological, political and—maybe the most tricky of all—psychological circumstances. On the other hand—and this is promising—the profound globalization of the 21st century means that younger generations (the so-called “Millennials”—GEN Y—and “Digital Aboriginals” —GEN Z) are behaving more and more in the same way as their peers on other continents. The similarities within a global age group have never been more pronounced as within the group of teenagers and twenty-somethings of today. This will obviously enhance the portability of trends associated with young adults.

ISACA NOW:  What will attendees of Africa CACS take away from your presentation?
KONINGS:  On 9 August, I will introduce the idea of “Cathedral Thinking.” Short-term, instant-gratification thinking seems to fail. Both consumers and business leaders are reconsidering the idea of long-term thinking. Like builders of cathedrals in medieval times (in Europe), when fathers passed the task on to sons, who in turn passed the task on to their sons. Once initiated to the job, cathedral builders knew exactly that neither they, nor their children, grandchildren or even grand-grandchildren would be joining in the housewarming party of that cathedral.

The attendees of my presentation at Africa CACS will learn, among other things, about sensors leading to an Internet that is more adapted to the individual, turning the Internet of Things into an Internet of Me. I will also be discussing the humanization of the digital and “augmented intelligence,” the joint forces of hyper-cognitive intelligence (supercomputers) and both social and emotional intelligence of (bio only) humans.

For more information on Africa CACS, click here.

Life (and Your Career) Is Not a Spectator Sport

Jackie Robinson, the world-famous baseball star, once said, “Life is not a spectator sport. If you're going to spend your whole life in the grandstand just watching what goes on, in my opinion, you're wasting your life.”

Your career and mine may not have the cultural significance that Jackie’s did, but how many of us accidently, or metaphorically, spend our lives or careers in the comfort zone of the grandstands? Watching and waiting for something to happen. We turn and talk to our fellow grandstanders about what “woulda, shoulda, coulda” been. They silently concur and resume watching, waiting.

“And then one day you find ten years have got behind you. No one told you when to run, you missed the starting gun.” --“Time” from the 1973 album Dark Side of the Moon by Pink Floyd

Some of the best, most rewarding things in our lives and our careers come in unexpected ways. We are taught that success and winning are everything. However, which one of two equally talented individuals learns more and works harder to improve:  the person who makes the game-winning play or the person who fails? The winner is carried off on teammates’ shoulders. The non-winner walks alone. The winner may have been skilled, a good guesser or simply lucky, but the “learning moment” is lost in the jubilation. The driven non-winner will be reviewing video, talking to coaches and working on being better.

“Champions aren't made in gyms. Champions are made from something they have deep inside them-a desire, a dream, a vision. They have to have the skill, and the will. But the will must be stronger than the skill.” --Muhammad Ali

My point is this:  Who do you think comes back stronger? Which one steps out of the grandstand and pushes harder? Delivers more? My second and more important point:  which one are you? Do you join an organization or company and then metaphorically sit in the safety of the grandstands? Or do you actively jump in with both feet and participate by stepping out of your comfort zone?

And Now, a Short, But Related Story
I joined ISACA because a friend, the chapter president, asked me to help him do more with the local chapter. As a chief technology evangelist/CIO, it was not at the top of my list of organizations to join, much less be on its board. In my time running large IT shops, I worked closely with a lot of internal and external auditors—some good, some not so good. In my head, my confirmation biasthe tendency to search for, interpret, focus on and remember information in a way that confirms one’s preconceptions—kicked in, and I still saw ISACA as simply an “IT auditing” organization. It is a reasonable assumption that auditors have a similar opinion or bias toward IT professionals.

Over the first few months, while I familiarized myself with the global ISACA organization, its offerings and its direction, a funny thing happened. The people were very giving and sharing. They freely talked about the challenges of being “perceived as a burden,” a “tax collector,” and as “paper tigers.” They wanted to do their jobs as well as they could for their companies and clients. They were very open to understanding the perspective of a “recovering CIO.” Constructively, I gave them both barrels from the IT perspective. Instead of wincing or recoiling defensively, they leaned in and said, “How can we (IT, info sec, the business, and audit) work better together?”

Well folks, I have to admit, I am a sucker for anyone attempting to focus on the business or people side of the equation and work together for the betterment of the business organization. So, I jumped out of the grandstands, gulped down the Kool-Aid, and said, “Put me in, coach!” I became much more involved in several areas beyond those assigned to me. The personal growth was incalculable. Not only did I get some very fresh perspectives on stale thoughts, but I also gained a renewed sense of adventure. Yes, adventure with auditors! This new sense of adventure culminated in March when our chosen delegate to the 2016 ISACA Global Leadership Summit was injured and the chapter turned to me. My old reaction would have sounded a little like, “Um, let’s see…um...400 auditors you say?… three days?…oh, yeah, I just remembered…”

Instead, I went to the Lisbon event and found 400 chapter leaders from over 80 countries, all attempting to “make things better.” It was three days of work, but I met some really extraordinary individuals from around the globe. Their insights and approaches to challenges, challenges the normal American would never face, were simply inspiring. That combined with a global organization attempting to reinvent itself and address the needs of the new era by reaching out to professionals, members, etc., made the experience a truly rewarding one.

NONE of these great experiences would have happened had I sat and watched from the grandstands.

The meta-message:
Changing up US President John F. Kennedy’s famous quote a little, my advice is this:

“Ask not what an organization can do for you, but rather what you can do for the organization.”

Pick one organization inside or outside your comfort zone. Join. Contribute. Expand. Excel!

Editor’s note:  Blair Baker serves as 1903 Solutions’ chief technology evangelist, ghost-executive, catalystic optimizer, interdepartmental liaison, speaker and coach.

The Quest for Leadership Presence:  Finding Your Voice

When you listen to Indra Nooyi, PepsiCo CEO, you hear calm, measured confidence. When you listen to Sheryl Sandberg, Facebook COO, you hear upbeat, energized confidence. And when you listen to Mary Barra, GM CEO, you hear the concise messaging and confidence of a been-there-done-that leader.

Each of these women telegraphs leadership through her voice. When you listen, you don’t think, “I am listening to a woman leader.” You just know you are listening to a leader, a person with a passion for what she wants to convey and the utmost belief in her mission.

Our voices are one of the most powerful tools we can develop and leverage to convey leadership. By the same token, a weak voice lacking a passionate, well-defined, meaningful message will hinder our ability to grow and advance as leaders.

Sheryl Sandberg exhorts us to lean in. The most obvious way to do that is through what we say and how we say it.

One’s voice and the way one talks about their work is a powerful signal that we read instantly. We know leadership when we hear it.

Leaders Stand Out
As a recruiter and career coach for IT audit and IT governance, risk and compliance (GRC) professionals, I listen to a myriad of professional voices as people describe their jobs and careers. The leaders stand out from the moment they speak. They talk about their work with energy and intensity. Their thoughts are organized and they are clear about their contributions to their clients and teams. They communicate what they do by illustrating their work with specific examples.

An important point:  Leaders build credibility by demonstrating what they do and have done, not by talking in generalities.

Indra Nooyi, in an interview about her keys to success, says that excellent communication skills were her focus early on. She worked hard to present a genuine voice and clear messages of her vision.

One can read books about improving communication, but doing the scary work of practicing your leadership voice, making mistakes along the way, is the best way to hone your message and vocal presence. Networking at conferences is an outstanding training ground for trying out messages and getting immediate feedback.

While networking at your next meeting, conference or coffee break, offer something about the exciting work you and your team are doing to drive the enterprise and make it a great place. Your understanding of the bigger picture, and passion about the mission, are critical leadership elements of this communication. Craft your story into a concise one to one and a half minute presentation of the cool stuff you are doing. Leading means communicating a vision for the greater good. This simple act helps you do that.

Illustrate Your Leadership Competencies
I use the STAR (Situation – Task – Action – Result) technique to help candidates create examples for interviews. Behavioral interview questions, designed to help interviewers assess competencies and traits, not the least of which is leadership skills, demand examples that illustrate thought process, character, decision making, judgment, persuasion and conflict resolution. Using STAR as a framework to organize work examples and accomplishments will help you create interesting stories that differentiate you from the competition. Your goal is to be memorable—in a good way. This method will help you achieve that.

People get to know us through the stories we tell. Leaders illustrate their work through powerful stories.

Important tip:  When you acknowledge your team or describe how you fit into it, put the focus on your contributions. This is critical. I prep people for interviews every day. The most common interview mistake I hear—made by men, but even more so by women—is subsuming individual accomplishment under the mantel of “we” and being uncomfortable stepping up and saying this is what I am doing, this is what I bring to the table. 

Leadership presence is something you can cultivate every day. Your work presents you with multiple opportunities to lean in and speak. Small changes in how you present yourself, your vision, your knowledge and your contributions will earn you greater recognition as a leader.

Editor's note:  The ISACA Now Blog section is celebrating Women in Technology Month throughout June by featuring female bloggers. If you are a female blogger and would like to contribute a blog, please contact us at news@isaca.org.

Finding Humor in Governance, Risk and Control

Andrew Tarvin is a best-selling author and professional stand-up and improv comedian. He teaches people and organizations how to use humor to be more effective and productive. Tarvin has worked with more than 100 organizations including Procter & Gamble, GE and Western & Southern Life Insurance, speaking, training, and coaching on topics ranging from humor in the workplace to communicating confidently to strategic disengagement.

ISACA Now recently sat down with Tarvin, who will present Agile Leadership:  How to Lead Up, Across, and Down in a VUCA (Volatile, Uncertain, Complex and Ambiguous) World at the 2016 Governance, Risk and Control Conference from 22-24 August in Fort Lauderdale, Florida, USA.

ISACA Now:  There are so many potential landmines when it comes to using humor at work, but overthinking humor can result in stilted un-funniness. What’s the solution?
Tarvin:  This a great question and a common concern for using humor in the workplace. While there are potential landmines, that doesn't mean humor shouldn't be used at all. Sending an email could theoretically get you fired (such as if you hit "reply all" on a distribution list causing a massive "Don't hit reply all" flurry of emails), but we still use email. Just as email is a tool, humor is a tool.

The key to avoiding landmines while still being funny is intent. If you are using humor to get back at someone or really even "just to be funny," it is more likely to come across negatively. However, if you have a specific reason for using humor (to connect with someone, get people to read an email, etc.), and come from a positive, inclusive perspective, your humor will be better received, creating laughter without offense.

Another way to think about it is that using humor doesn't give you an excuse to be a jerk or talk about taboo subjects in the workplace. An offensive joke may "just be a joke," but it's still offensive.

ISACA Now:  Governance, risk and control are not known for their ability to inspire humor. How can someone inject appropriate humor in otherwise serious tasks and jobs?
Tarvin:  Who says IT governance can't inspire humor? There's so much to laugh about in the auditing and control of computer systems...

OK, so it can be a little dry, but the drier the material, the easier it is to instill humor because it's so unexpected. Just because a job or work is serious doesn't mean that it can't be done in a fun, engaging and inspiring way. When I was a project manager at Procter & Gamble, small changes to how I worked had a huge impact. Simple things like using images in my presentations or giving my project team nicknames, went a long way in making the work more enjoyable. My colleagues from one team still call me Drewsito.

Don't think about using humor as changing what you do, just how you do it. No matter your role, you still have to communicate messages, build relationships and be productive—all things that humor can help you do.

ISACA Now:  Can humor be instilled in an entire organization? How?
Tarvin:  Humor can be instilled in an entire organization, and the answer to how is simple... but not necessarily easy. It’s like how cooking is simple (follow the instructions) but not necessarily easy (my chicken always comes out burnt).

Humor in an organization comes down to individuals making a choice to find ways to enjoy their work more. The best way to encourage people to make that choice is to support them when they attempt to use humor. If someone adds humor to a presentation or email, let them know that you appreciate it (yes, even if the humor didn't necessarily make you laugh).

Having a leadership team that embraces and uses humor is a huge help as well. The number 1 reason people don't use humor at work more often is that they don't think their boss or coworkers would approve. If you can dispel that myth, people will start to try new things; encourage that behavior, and it will start to spread.

It's like a zombie apocalypse. It all starts with a patient zero and spreads from there. (For a more corporate metaphor, see Margaret Mead:  "Never doubt that a small group of thoughtful, committed citizens can change the world; indeed, it's the only thing that ever has.")

ISACA Now:  We’ve all had a supervisor who used humor—or what they thought was humor—in a passive-aggressive or even an active-aggressive manner that was off-putting and more about power than leadership. Can we use humor to safely defuse those situations? How?
Tarvin:  You certainly can use humor to defuse a situation, but how you do it comes down the specific circumstances. Perhaps one of the biggest challenges with humor is that it is very situational; what works in one setting for one person could backfire in a different setting with a different (or even the same) person.

For example, I think puns are like the coolest technologies we support—everyone should want to use them every day. Instead, they tend to be more like audits—people groan whenever they hear about them (sorry, just a joke to all of my auditors out there).

Safely using humor to defuse the situation goes back to having positive intent about the humor you use and really understanding your purpose.

ISACA Now:  Oftentimes when teams want to solve a significant problem or do some major brainstorming the words, “Okay, let’s get serious and focus,” are used. How can humor regain a seat at the table?
Tarvin:  It's important to recognize that serious work doesn't mean it can only be done in a serious way. In fact, the more serious something is, the more power humor tends to have, particularly when it comes to problem solving. Humor and creativity are both about finding unique connections and providing a new perspective.

In one study, students who watched a 20-minute comedy video before being asked to solve a problem were nearly 4 times more likely to solve the problem than students who didn't watch the film. (If you want to know what problem they had to solve, check out the Candle Problem.) Humor gets the brain looking for new connections. Take this simple joke:  "I can’t believe I got fired from the calendar factory. All I did was take a day off." In order to understand it, your brain started making connections between “calendar factory” and “take a day off.” That same process is how we solve problems.

If you're serious about solving a problem, you'll use the best means to solve that problem, and humor is one of them.

How Big Data Demoted Pluto

Let me say in advance that you will not learn a new audit or data analytics technique from this article. It is purely to demonstrate the power of data analytics on a massive scale. My goal is to inspire you.

A few months ago I attended a conference that featured Dr. Neil deGrasse Tyson as the keynote speaker. And yes, he is that guy from the Cosmos: A Spacetime Odyssey TV show.

He was hilarious and engaged the audience, receiving a standing ovation from the data geeks. He inspired me to make even more use of data analytics.

His first comment was about Pluto:  “It is not a planet. Get over it.” And then he said:  “We demoted Pluto because we had more data.” Whaaat? That sentence resonated with me so much that I started researching about the data that demoted Pluto.

I learned how powerful new ground and space-based observatories have completely changed our understanding of the outer solar system. As these tools have evolved over the past generation, so too has our picture of the universe. New capabilities have provided new understandings about our place in the cosmos, but they have also unleashed a baffling torrent of data. Amazing discoveries might be right in front of us, yet hidden within all that information.

Since 2000, the Sloan Digital Sky Survey at Apache Point Observatory in New Mexico has imaged more than one-third of the night sky, capturing more than 930,000 galaxies and 120,000 quasars. Computational analysis of Sloan’s prodigious data set has uncovered evidence of some of the earliest known astronomical objects and has determined that most large galaxies harbor super massive black holes. It has even mapped out the three-dimensional structure of the local universe.

So it was just a question of time until someone started searching for large objects everywhere, including the Kuiper Belt. It was astronomer Mike Brown who was convinced by the data on the Belt that there must be many more nearby objects and that some of them were potentially larger than Pluto.

Bingo! In 2003 Brown thought he had found a new planet that was larger than Pluto. He named it Eris (EER-is). Instead of being the only planet in its region, like the rest of the solar system, Pluto and its moons are now known as just a large example of a collection of objects in the Kuiper Belt.

"You didn’t lose a Planet; you gained a new place in the universe." Dr. Neil deGrasse Tyson

The Kuiper Belt data that led to Pluto’s demotion came from routine observations at Mount Palomar Observatory in California. These data are stored at many repositories, including the National Optical Astronomy Observatory (NOAO) in the United States. The NOAO collects a large quantity and variety of scientific data products, including images, spectra, catalogs, etc., from many instruments deployed on two continents. Wow!

The NOAO has archived all data from their telescopes, accumulating about 10 terabytes of data annually. These data are now available to the public, which is actually an exciting discovery for a data geek like me.

The key to maximizing knowledge extracted from this massive amount of data is the successful application of data mining and knowledge discovery techniques. The data can help classify stars, galaxies and planetary nebulae based on images and spectral parameters, forecasting of sunspots and geomagnetic storms from solar winds, antimatter search in cosmic rays, etc.

Astronomy professor Robert Brunner said:  “Before Sloan, individual researchers or small groups dominated astronomy. You’d go to a telescope, get your data and analyze it. Then Sloan came along and suddenly there was this huge data set designed for one thing, but people were using it for all kinds of other interesting things.” Brilliant!

There you go—factual big data demoted Pluto and not some technicality pushed by a small group of scientists.

I hope you search for interesting ways to use the data available to you. Perhaps to revise long-standing decisions and notions formed when data and easy-to-use analytics tools were less reliable. What truth is hidden on your data just waiting to be set free? You may want to reflect on how much of this all applies to corporate environments.

Editor’s note: The ISACA Now Blog section is celebrating Women in Technology Month throughout June by featuring female bloggers. If you are a female blogger and would like to contribute a blog, please contact us at news@isaca.org.

Corporate Governance:  Evaluating and Directing Value Creation

Organizations are contending with increasingly dynamic and demanding external and internal environments by making good corporate governance accessible and fit for application through the adoption of governance practices that sustain value creation. Governance and management systems are being designed to reinforce and govern a holistic, interrelated set of arrangements that can be understood and implemented in an integrated manner using organizational structures, processes, practices and ethical, conscious behavior.

Governance and Management
Corporate governance is the system that a governing body exercises ethical and effective leadership to establish:

  1. An ethical culture
  2. Sustainable performance and value creation
  3. Adequate and effective control by the governing body
  4. Trust in the organization, its reputation and its legitimacy

Putting corporate governance into practice requires a holistic and integrated set of arrangements that can be evaluated and directed to create the value stakeholders expect.

Organizations often use a wide variety of resources and governance mechanisms to achieve their purpose, strategic goals and to fulfill stakeholder needs. Leveraging resources requires the establishment of accountability, assignment of responsibility, and transparency and fairness in how work gets done.

The implementation of corporate governance starts with an examination of the roles and responsibilities for decision-making processes, specifically those that impact the achievement of strategic goals. This will reveal who is accountable and who is responsible for the practices and governance mechanisms required to achieve governance outcomes. A governance and management system institutionalizes the organizational structures, processes and ethical, conscious behavior.

Technology and Information Governance
While governing bodies are expected to be proactive in ensuring that information assets are leveraged for growth, there are few tools actually available that provide governing bodies with sufficient oversight. A governance and management system provides an integrated solution that brings the governors and the managers together and provides a holistic approach for them to effectively govern and manage the current and future use of technology and information.

Such a system provides the means to institutionalize the enablers of good corporate governance. People, process, technology and information come together in an integrated governance and management system that enables value creation and supports the achievement of strategic goals.

An organization’s capability to govern and manage is developed within a governance and management system and enhanced through the use of a suitable mix of enablers:

  • Principles, policies and frameworks
  • Processes, practices and activities
  • Organizational structures, roles and responsibilities
  • Skills and competencies
  • Culture and behavior
  • Service delivery components
  • Information management

Orchestration and Choreographing the Practices
Corporate governance is not accessible or actionable if the application of the underlying practices cannot be influenced. To achieve the organization’s purpose and strategic goals and deliver value to the stakeholders, the governing body and executive managers must evaluate and direct the regular and ad hoc daily activities of internal and external parties.

Leadership and organizational structures are of little benefit if they cannot influence the organization’s processes and practices, direct the alignment and prioritization of value delivery, govern risk management, optimize resource usage and track performance.

A governance and management system provides the functionality required to orchestrate those responsible and choreograph the implemented practices how the governing body and management want to direct operations, effectively manage risk, consume resources and comply with regulatory obligations.

Being fit for purpose is paramount. Every governance and management system should be crafted in accordance with size, available resources, and complexity of strategic objectives and operations so that it suits the organization and sustains value creation.

Maintaining a Framework for Governance
Regardless of any technical and organizational arrangements deployed by management, these arrangements will be fundamentally undermined if operated outside an effective risk management and governance regime. It is essential that the implemented corporate governance framework ensures procedures, personnel, physical, technical and organizational arrangements, and that controls:

  • Remain effective throughout the lifetime of service delivery and value creation
  • Are responsive to changes in the services and value delivery propositions, and
  • Change in accordance with threat and technology developments

A documented governance and management system ensures that corporate governance is understood and communicates which practices are required to support service delivery, performance standards, value creation, regulatory compliance and internal controls. Records of assigned responsibilities, current status, analysis, evaluation and completion demonstrate compliance with the selected principles, policies, frameworks, standards, and legal and regulatory requirements applicable to the practices assigned.

The governance and management system incorporates the priority, status, sequence and timing of actions; enables the monitoring of capability, progress and outcomes achieved; and coordinates continuous improvement.

Peter Hill will speak on Governance & Management at EuroCACS in Dublin 30 May-June 1 2016.

WIRED Editor David Rowan Predicts Future of Audit, Governance, Risk Management

ISACA Now recently interviewed David Rowan, editor of WIRED magazine and keynote speaker at EuroCACS 2016. He discussed the future of audit, governance and risk management, as well as what can be done to stop cybercriminals once and for all.

ISACA Now: What are some of the changes/innovations audit, governance and risk management professionals should expect in the next 5-10 years?
Rowan: 
We are in a networked world of ever increasing transparency, as well as increasing vulnerability to data breaches. Starting with transparency, the recent breaches of client confidentiality over Panamanian accounts, and the Snowden disclosures before that, are a stark reminder that every professional’s decisions could tomorrow be scrutinized on the front page of the New York Times. If you’re an auditor or a risk management professional, are you comfortable with your advice, your private emails, your entire work life being exposed to the twittersphere? I hope so. At the same time, we’ll find foreign states and criminal gangs investing ever greater efforts in breaching supposedly secure corporate networks to transfer funds or steal proprietary data. How well defended are you against these real and growing risks? Is your CEO taking personal responsibility?

ISACA Now:  Will the technology of cybersecurity ever catch up to or surpass the technology used by cybercriminals?
Rowan: 
The single biggest worry I have today is our growing reliance on networked connections to keep our economy moving—the satellites empowering communications, the servers running our utilities, the corporate decisions being made on supposedly safe internal networks. The bad guys are terrific innovators; they understand psychology as well as technology, so whether they’re spoofing the GPS signal of a satellite to put it out of orbit or hijacking your home computer with ransomware, they’re delivering nicely rising profits at our expense. I’m not sure we’ve seen the political will or the corporate education to confront these criminals with well-resourced defense systems that can scale and can keep up with the bad guys’ rate of innovation. They, after all, have a great incentive:  you used to rob a bank because that was where the money was; today the money is all over the network.

ISACA Now:  You’ve interviewed many global influencers over the years. What key characteristics have allowed them to be so influential? Any examples?
Rowan:  When it comes to entrepreneurs who really build something huge—the Facebooks, the WhatsApps, the Kickstarters—there tend to be a few common characteristics in many cases. Often they are motivated to solve a big problem, something that really makes a difference and not simply make money. That motivation keeps them going through the tough bits. They’re often very resilient personalities who don’t take it personally when things go wrong, so they can get up and push past the problem. They’re often outsiders in some way who don’t see the rules other people rely on:  maybe they had dyslexia at school, or were immigrants who didn’t easily fit in, or were misfits in some other way. They have tremendous self-belief, which lets them motivate their teams as well as attract investors and the media. And often I’ve found they had difficult relationships with their father—I can’t prove this scientifically, but perhaps it’s something that leads them to be driven beyond reason to prove themselves...

ISACA Now:  You will be speaking at the EuroCACS conference 30 May-1 June 2016 in Dublin. Give us a brief preview of what you’ll discuss and what attendees will take away.
Rowan: 
My life is spent travelling to meet the start-ups transforming industries and the investors betting big on them, as well as the research labs designing the way we will interact in the future with technology. So I’ll translate what I’m seeing in real fast-growth businesses to how it will impact successful existing businesses in the next five years—and how consumer behavior is being transformed by everything from mobile screens to virtual-reality headsets. The bottom line is the world will never move this slowly again, as exponential technologies create massive new opportunities to build businesses that could never have existed a couple of years ago. So there’s a risk that delegates will go back to the office with a rather big to-do list of urgent things they need to do to become as innovative as the start-ups...

Chic Geek Speak:  Vanquish the “Nice Syndrome”

We have often heard these pearls of wisdom during our formative years:  “Play nice. If you don’t play nice, no one will want to play with you.” “You have to be nice.” “Be a nice girl.”

Unfortunately, many of us (myself included) suffer from what I’m calling the “Nice Syndrome.” Merriam-Webster dictionary defines nice as pleasing and agreeable. Nice was rewarded, reinforced and subsequently internalized, leading to:

  • Putting other’s needs before your own
  • Over apologizing
  • Consistently asking for permission
  • Denying your own power
  • Not asking for what you want or need
  • Tolerating too much negativity
  • Being overly patient

In the workplace, we continue to be nice. We don’t rock the boat. We play nice even when it means denying one’s self. We sacrifice self and wait for our reward. Unfortunately, the rules we learned as girls no longer apply as women in the workplace. We instead work extra hard, do the work of others, deny ourselves lunch or breaks. We put work first, our families second, and ourselves last.

How then can we break this nice cycle without being labeled a witch or worse? How can we vanquish our misplaced guilt when we no longer play nice? We do this through:  1) language; 2) prioritization; and 3) building our brand.

Never Underestimate the Power of Words
Words create our reality and give us and others a blueprint for interacting with us. Women often use touchy-feely language that lacks self-confidence. These phrases include:  “Maybe we could…”; “I was thinking we might…”; “How about…” Instead use more assertive language:  “I believe it would be best to…”; “I propose that we…”; “It is my understanding that …”

Stop Putting Work Ahead of Everything Else 
Many women of my era are referred to as the “sandwich” generation. We juggle careers, families and caring for elderly family members. We put ourselves so far down the list that we do not recognize our own needs. By playing nice, women put their needs on hold or lower their expectations. They deny their own power. Let go of the beliefs that you are powerless and that standing up for yourself is selfish. Rethink what power means. You have more power than you allow yourself to use. To reclaim your power, start by saying “no” to unreasonable requests. Express yourself in more empowered ways by stating, “I choose to…” which ties back to creating your reality. Take small steps for yourself, such as:

  • Taking lunch breaks
  • Taking short walks outside
  • Establishing set start/stop times, and sticking to them
  • Taking time for exercise
  • Taking meditation or yoga classes
  • Getting regular massages or facials

Build Your Brand
We all know brands that are synonymous with a product, such as Coke or Kleenex. What is your name synonymous with? Once you determine that it will inform you of your brand. It is what sets you apart from others. What is your unique story? It is said that “If you don’t build your image (brand), someone else will.” What are you really good at? Build your unique story.

Appearance is also a big part of your brand. The saying goes, “Never dress for the job you have; dress for the job you want.” Look at successful women. What style of clothes, hair, make-up and jewelry do they favor? I am not advocating a complete makeover, but maybe wear a blazer to important meetings or dress up your blouse and slacks with a scarf.

Also, observe how successful women speak. Do they use a lot of touchy-feely language? What is the pitch of their voice? Your presentation skills communicate your brand. Are you confident in front of a group? Do you talk at an acceptable rate or speak rapidly? Do you use crutch words like “ah,” “um,” and “you know?” Do you over explain or apologize when presenting? Do you use words to minimize importance or ask for permission? Do you speak too softly or at too high of a pitch? Does your voice pitch up at the end of a statement? If you struggle in any one of these areas, I suggest Toastmasters International, which offers a cost-effective communication development course that moves at your own pace.

Do you, like me, suffer from Nice Syndrome? How have you broken through this syndrome? Share your success and struggles in the comments section below.


Today, 28 April, just happens to be International Girls in Information and Communication Technologies (ICTs) Day. The goal of the event is to create a global environment that empowers and encourages girls and young women to consider careers in the growing field of ICTs. For more information click here.

1 - 10 Next