While organizations may think that they have done everything needed to prepare for GDPR, they may not have thought about how they arrive at assurance over GDPR, especially considering that being prepared for GDPR is different from having GDPR as part of operations.
GDPR has now been in force for over a year, so would it be correct to assume that all organizations have taken the necessary steps to ensure compliance? Based on our work and feedback from others, it appears that this is not the case, and far from it. But the big question is will the magnitude of the recent fines imposed on British Airways (£186m) and Marriott (£99m) make stakeholders think again?
Government regulators and representatives of Equifax announced a settlement on penalties and consumer restitution related to the 2017 data breach that exposed sensitive information belonging to 148 million people. The potentially $700 million agreement, the largest of its kind, revealed on 22 July, still needs to be approved by a court.
In addition to the actions by state and federal US agencies, in May Moody’s credit rating agency downgraded Equifax, making it the first company to have its credit outlook negatively affected for cybersecurity reasons.
In late December 2018, NIST published a second revision of SP800-37, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. The revised publication addresses an updated Risk Management Framework (RMF) for information systems, organizations, and individuals, in response to Executive Order 13800 and OMB Circular A-130 regarding the integration of privacy into the RMF process.
Now that the dust has settled, we are taking another look at the update. If achieved as intended, these objectives tie C-level execs more closely to operations and significantly reduce the information technology footprint and attack surface of organizations. They also promote IT modernization objectives, and prioritize security and privacy activities to focus protection strategies on the most critical assets and systems. It also more closely incorporates supply chain risk management into the framework.
Smart home gadgets have been among the most popular holiday, housewarming and any-occasion gifts for the last few years. Whether it’s an interconnected home security system, a pet camera, or a voice-activated assistant like the Amazon Echo, homeowners and renters alike love having these tech gadgets in their homes.
In fact, research has shown that homes with smart home devices sell faster and for more than those without. Additionally, renters show great interest in living in rentals that have interconnected gadgets and are willing to pay more for these units. Therefore, many landlords have been rushing to turn their properties into smart homes.
Editor’s note: Stafford Masie, CEO of Google Africa (2006–09) and Non Executive Board Member at ADvTECH, will be the closing keynote speaker at the 2019 Africa CACS conference, to take place 19-20 August in Johannesburg. Masie, an inventor, mentor and keen observer of how to humanize technology, recently visited with ISACA Now to discuss how enterprises in Africa and beyond can take advantage of the major technological forces of the day, such as artificial intelligence and advances in fintech. The following is a transcript, edited for length and clarity:
This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.
The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.
Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.
To volunteer to write a blog or suggest a topic send an email here.