In one of my recently published ISACA Journal articles, “Clash of the Titans: How to Win the ‘Battle’ Between Information Security and IT Without Losing Anyone,” I pointed out some of the challenges the chief information security officer (CISO) faces when it comes to prioritizing information security interests over IT interests. Although my insights refer mainly to finding common ground with the IT and infrastructure departments, at times the CISO needs to find other resources and common interests with other units to either “finance” the CISO’s solutions or implement the CISO’s policies.
The majority of modern organizations have embarked on the path security operations centers (SOCs) are building. Today, the SOC is not a modern trend; it is a forced restructuring and reorganizing of existing information security or cybersecurity departments. An SOC is a set of staff, processes, technologies and facilities that are primarily focused on identification (detection) and response to cybersecurity incidents, which arise as a result of cybersecurity threat realizations.
From the management point of view, a use case within SOCs is a mechanism for consistent selection and implementation of cybersecurity incident detection scenario rules, tools and response tasks. From the practical (technical) point of view, a use case is a specific condition or event (usually related to a specific threat) to be detected or reported by the security tool.
By 2020, about 40% of the US workforce will be temporary workers. The median tenure of workers age 25 to 34 is 2.8 years. The average working American changes their job 10 to 15 times during the lifetime of their career. When was the last time you spoke to someone who has been with their employer for more than 10 years? We are witnessing the death of workplace loyalty. No one, unless they helped create it, stays with their current employer in the long term. With a US unemployment rate of 4.1% and a global unemployment rate of 5.78%, the demand for professionals in most fields is sky high, giving workers the economic freedom to jump from job to job without fear. We are in the golden age of choice.
Recently, the world has seen more leaders win elections based on promises to fight against corruption in their countries . This shows how eager people are to weed out corruption, terror funding, illegal transactions and to bring transparency to every sphere of human life. People want reform and, if given an opportunity by the government to participate in the process of governance of currencies, both the people and the government will benefit.
The 3 main components in the implementation of the e-governance of currencies are encrypted Quick Response (QR) code printing on currencies, endpoint devices handling currencies and the backend system of the central bank.
Cyberinsurance and data privacy will garner more focus for the remainder of 2018 and beyond. The impending “Equifax effect,” which most of us anticipated, was put forth in late February 2018 by the US Securities and Exchange Commission (SEC) in the form of guidance that states that public companies should inform investors about cybersecurity risk even if they have never succumbed to a cyberattack. The guidance also emphasizes that companies should publicly disclose breaches in a timely manner.
This development perfectly aligns with the (cyber)consumers, providers and regulators (CPR) cycle (see figure 1) I propose in my recent Journal article, which basically necessitates participation from 3 key players—cyberinsurance providers, consumers and regulators. This conglomerative effort not only improves addressing and estimating cybersecurity risk from an insurance coverage perspective but also minimizes cataclysmic breaches. Providers need to be able to identify the right amount of cyberrisk that they are willing to undertake to provide ideal pricing for the coverage. This, in turn, depends on the consumers themselves to quantitatively know how much risk they own.