Editor’s note: ISACA board director Jo Stewart-Rattray is providing onsite updates from her participation in the UN Commission on the Status of Women, which is taking place from 12-23 March at UN headquarters in New York.
Negotiations on the second reading of the roadmap document ran long into the night late last week. In fact, I didn't get back to my hotel, which is a five-minute walk from the UN, until 2 a.m. Saturday. The second version was completed with additions and deletions marked, as the facilitator of the sessions has to take all views and offerings into consideration in the most neutral way possible.
Microsoft Exchange is one of the primary solutions organizations use to provide email services for medium and large organizations. Exchange directly serves as an information transport mechanism and indirectly as a storage medium for organizational data in the form of attachments and email message content. This blog post seeks to cover a high-level subset of some audit considerations surrounding an Exchange 2010 and newer environment to help your organization assess whether proper oversight and controls exist to limit the likelihood of unauthorized information disclosure, disposal or modification.
I’m here to let you know about a new Perspective that I’ve created for the ISACA audience.
The Perspective article is titled Reasonable Software Security Engineering, and there are two key messages. The first is that software is eating the world. This isn’t my message; it’s that of venture capitalist Marc Andreessen, who uses the phrase to emphasize just how much software is being created and how critical it is to every business. The second is that products are less relevant to defense than how you create that software. As the software that runs your business is now custom, your defenses need to be built in.
We should all know by now what GDPR is and be aware of its implications and fines, so the goal here is not to repeat what others have covered in depth. Rather, I would like to share some learnings from the field (an international perspective). From speaking and working with executive-level security and risk executives, I would like to shed some light on how organizations are viewing GDPR, using the retail/hospitality (“RH”) industry as a reference to frame the discussion.
My focus here will be on some of the key security aspects within the GDPR, namely (but not limited to) Article 24.1 and 24.2, which make reference to “appropriate technical and organizational measures” and “data protection policies” for processing data.
The last couple of days at the UN Commission on the Status of Women (CSW62) have been spectacular. There have been ministerial roundtables, the delivery of member-state statements and a range of wonderful side events.
This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.
The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.
Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.
To volunteer to write a blog or suggest a topic send an email here.