After attending the White House Summit on Cybersecurity and Consumer Protection, I agree with the paradox raised by President Barack Obama—the very technology that can be used to do great good can also be used to imperil us and do great harm. The President labeled cybersecurity threats as one of the most serious economic national security challenges today.While the resolve of CEOs and government leaders for more global collaboration and information sharing was encouraging, I found it even more reassuring to hear them recognize the need for significantly more skilled cybersecurity professionals. Cyberattacks are damaging enough when intellectual property, personal information and emails are stolen; but the potential for attacks on water and electrical systems and even your car or pacemaker would be far more catastrophic. Cybersecurity is a matter of public safety and must be treated as such.
Q: Your new book came out today, and it’s called Future Crimes. What are these future crimes?
A: It is an understatement to say that there is a dark side to the countless technological advances that have benefited our world in immeasurable ways over the last decade. But did you know that hackers can remotely activate the baby monitor in your nursery to spy on your family? That thieves are tracking you on social media and plotting their home invasions based on those beautifully filtered vacation photos you posted on Instagram? That your new iPad camera, pretty much any kind of smart toy in your home and even your car can be hacked? And this is just the beginning of the tsunami of technological threats coming our way as robotics, artificial intelligence, synthetic biology, nanotechnology and quantum computing advance. In FUTURE CRIMES: Everything is Connected, Everyone is Vulnerable, and What We Can Do About It, I deliver a definitive look at the digital underground—exposing the alarming ways criminals, corporations and even countries are using new and emerging technologies against you—and how this makes all of us more vulnerable than we ever imagined.
Today’s business environment is fraught with risk. Economic, technology and market conditions affect organizations on a daily basis. The constantly “changing risk landscape” is a discussion point in headlines, industry forums, media outlets and board rooms. We are moving to a world where risk management will become the primary source of competitive advantage. Rather than avoiding risk, organizations need the ability to embrace risk with confidence.
Risk management will become the core capability which separates winners from losers. Organizations that understand and manage risk effectively will prosper, while those that cannot will fail. Success starts with the ability to manage operational risk in a manner that frees up resources to focus on the company’s long term, strategic objectives. This does not happen overnight.
Organizations today are being burdened with an unprecedented volume of regulatory and compliance requirements leading to increased operational complexity, challenging production capability and occupying key resources. Integrated compliance frameworks offer a mechanism for these organizations to implement a single enterprise wide solution that allows you to “control once, comply with many.” While the concept is simple, implementation of these frameworks fails as often as it succeeds due to circumstances that could be prevented with up-front planning and coordination. Below are five basic points to consider before you begin your integrated compliance journey:
The days of doing business with a handshake and a smile are long gone. However, one thing continues to remain constant—how few vendor contracts are updated, even if the scope of service changes. This can be detrimental to an organization, particularly if the vendor is handling sensitive data such as personally identifiable information (PII), protected health information (PHI), cardholder data (CHD), or confidential, intellectual property and strategic data (also known as CIPS).
Periodically reviewing—and appropriately updating—master services agreements ensures both parties are aware of the processes, data elements and where the data processing is being performed. In other words; contracts must be continuously reviewed and revised as scopes of work change. The best way (or at least, the cleanest way) to update the master services agreement is via addendums that are signed and dated by both parties.
This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.
The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.
Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.
To volunteer to write a blog or suggest a topic send an email here.