As much as tools and technology evolve in the cybersecurity industry, organizations remain reliant on clever, well-trained humans with incisive critical thinking skills to protect themselves from the perilous cyber threat landscape. But just as the threat landscape continues to expand, so, too, does the corresponding skills gap that puts organizations at risk of major financial losses and irreversible damage to their brand reputations.
Finding and retaining a sufficient pool of qualified cybersecurity professionals grows ever more challenging, as reflected in ISACA’s recent State of Cybersecurity 2019 research. The retention piece can be especially problematic, particularly for organizations that face substantial resource limitations. Better financial incentives, such as higher salaries and more lucrative bonuses, overwhelmingly came across as the top reason why cybersecurity professionals change jobs, with other considerations such as career development opportunities and better work culture/environment also factoring in among the leading reasons.
The increasing amount of cybersecurity incidents cause a serious negative impact on enterprises, prompting legislators around the world to explore new policies and regulations. Certainly, the GDPR was one of the most popular topics in the last year (the report of the European Commission shows that in May 2018 Google inquiries for the GDPR were more popular than those related to Beyoncé and Kim Kardashian). Having finalized the initial GDPR implementation stage, companies have been proceeding to deal with the practical challenges related to the new requirements. One of them is reporting personal data breaches to a supervisory authority and notifying data subjects.
Your company has decided to adopt the cloud – or maybe it was among the first ones that decided to rely on virtualized environments before it was even a thing. In either case, cloud security has to be managed. How do you go about that?
Before checking out vendor marketing materials in search of the perfect technology solution, let’s step back and think of it from a governance perspective. In an enterprise like yours, there are a number of business functions and departments with various level of autonomy.
Do you trust them to manage business process-specific risk or choose to relieve them from this burden by setting security control objectives and standards centrally? Or maybe something in-between?
Billy Beane was one of the first general managers in the history of Major League Baseball to use data to build out a successful team with a fraction of the budget relative to his peers. Like many IT leaders, he had to do more with less.
Now, imagine that you’re responsible for managing a Periodic Table’s worth of processes central to a successful IT shop.
You’re overworked, underfunded, and the business doesn’t understand why it should dedicate resources to supporting yet another acronym from the DRP, MDM, or COBIT-letter salad. Where do you go from here?
First, you need to think like Billy Beane. Think hard about your most important KPI. Now, reverse-engineer the drivers that factor into it.
SheLeadsTech was back this week at the United Nations for the 63rd Session of the Commission on the Status of Women to continue the critically important work of empowering women and girls by providing access to social protection and appropriate infrastructure, including technology infrastructure. This annual meeting attracts delegations from each of the UN’s member-states and up to 4,000 civil society representatives.
This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.
The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.
Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.
To volunteer to write a blog or suggest a topic send an email here.