The last two years have taught us that conventional wisdom and knowledge around privacy and security needs a makeover, in particular as it relates to the EU’s GDPR and the California Consumer Privacy Act. Data controllers and businesses, the entities responsible for what happens to personal data under GDPR and CCPA, respectively, are subject to new obligations that place significant organizational risk squarely on their shoulders. Though compliance issues can come from many places, one often-overlooked impact is managing processor/third-party risk.
Stakes are increasing when it comes to leveraging technology to define and deliver new value. The CEO and the executive team leaders are reeling with the challenges of identifying and implementing new digital business models while also wrestling with making smart capital investments to develop and mature organizational capabilities that enable agility and rapid response to new market opportunities. At the same time, board directors are in a quandary, attempting to make sense of the digital landscape, and to obtain assurance that their CEO and executive team leaders are enabling the right culture, acquiring and nurturing the right talent, validating that the technology investments are prudent and reasonable, and effectively capitalizing on business opportunities while mitigating security concerns that pose significant risks to the company’s financial position and reputation.
Governance, risk and compliance professionals shared ideas and gathered insights on how their roles are evolving in light of enterprises’ digital transformation efforts, evolving trends in innovation, and growing regulatory and security risks recently at the sold-out 2018 GRC Conference in Nashville, Tennessee, USA.
The conference, organized by The Institute of Internal Auditors (IIA) and ISACA, took place 13-15 August. Key takeaways from the conference include:
As digital business hastens the speed of application development and gives way to complex, interconnected software systems (think Internet of Things, microservices and APIs), we need to address that penetration testing, although thorough, is slow and expensive. On average, it takes eight months to identify and understand the cyber and regulatory risks associated with any new software, according to research from security company Sonatype.
Software development trends are compounding the issue in that software is being built and released faster (see the “Agile Manifesto”), but the tools and people resources to address security risk are not keeping pace.
Healthcare has experienced significant modernization and is now closely intertwined with IT. But as the industry changes and marketplace demands evolve, new challenges emerge. Understanding how to address these challenges is paramount to the future success of healthcare organizations and their stakeholders.
Five healthcare IT challenges the industry is facingWhat used to be a small intersection is now a fully developed relationship. It’s nearly impossible to understand the current or future state of healthcare without looking at IT and the role it is playing.
This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.
The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.
Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.
To volunteer to write a blog or suggest a topic send an email here.