Why cybersecurity has become a big governance risk | Adapting IT policies to a new work-from-home normal | 6 tips for re-evaluating your firm's data governance
September 24, 2020
ISACA SmartBrief on Governance
Advancing the best guidance and learning in governanceSIGN UP ⋅   SHARE
Top Story
Executives and boards of directors "have a duty of care and responsibility" to improve their knowledge about cybersecurity because the "cascading carnage" of a failure could bury them, writes Cindy Gordon, founder and CEO of SalesChoice. "Leaders are recognizing that they have often been asking the wrong questions and often applying the wrong methods," she writes.
Full Story: Forbes (9/21) 
LinkedIn Twitter Facebook Email
Northwestern University MS in Information Systems
Prepare for IT management roles and build the skills needed to design and implement technology solutions that propel organizations forward. Choose from eight specializations to suit your goals. Study online and on campus. Learn more.
Governance Matters
Having employees working from home won't work as an excuse with regulators or customers if data are compromised, writes Tomas Honzak, GoodData's head of security and compliance. In this analysis, Honzak outlines five steps for adapting to the new reality, such as by giving workers amnesty for finding ways to work not sanctioned by the IT department.
Full Story: CPO Magazine (Singapore) (9/17) 
LinkedIn Twitter Facebook Email
Updating your company's approach to data governance might be necessary because processes and priorities are changing, writes Karen Schwartz. In this analysis, Schwartz offers a half-dozen tips, including lawfully purging data when it grows stale.
Full Story: IT Pro (9/21) 
LinkedIn Twitter Facebook Email
Introducing COBIT Focus Area: Information Security
Providing guidance related to information security and how to apply COBIT to specific information security topics/practices within an enterprise. In today's world how can you do without it? Learn More
Compliance and Risk Management
Building an in-house compliance committee starts with parties to exclude -- the board of directors and CEO, who should be taking a broader view, writes Matt Kelly. Chaired by the chief compliance officer, the committee of voices from across the company should set an agenda and avoid the problem of "siloed risk management."
Full Story: Security Boulevard (9/22) 
LinkedIn Twitter Facebook Email
New from ISACA
Establishing a common language among all board members, especially nontechnical members, is a difficult task. So, how can these 2 references be combined to align corporate and IT aspects and facilitate the relationships among board members, executive management, CEOs, CIOs, assurance providers and internal auditors? Full Story: ISACA
LinkedIn Twitter Facebook Email
IT Strategy
Boards of directors need not be technically oriented to govern security activities, only capable of asking the correct questions, writes Audrey Katcher of accounting/consulting firm RubinBrown. In light of COVID-19, tech leaders should take a broader approach and assess "business risks" as opposed to individual security flaws, she writes.
Full Story: Journal of Accountancy online (9/18) 
LinkedIn Twitter Facebook Email
Creating or updating standards for cybersecurity at the company level may be considered "low-hanging fruit" by many but actually constitutes "a heavy lift," writes ISACA board member Pamela Nigro, vice president of information technology and security officer at Home Access Health Corp. In this commentary, Nigro lists steps for nailing down cybersecurity governance, noting that tone must be set "at the top that makes cybersecurity, and cybersecurity governance, a priority."
Full Story: TechTarget (9/23) 
LinkedIn Twitter Facebook Email
Policy Developments and Legal Trends
Corporate compliance officers are trying to figure out how to gather data and analyze it in light of federal prosecutors being instructed to emphasize that area in investigations. Piyush Sharma of Alexion Pharmaceuticals notes there's "no magic formula for this" because each company has a different risk profile.
Full Story: The Wall Street Journal (tiered subscription model) (9/22) 
LinkedIn Twitter Facebook Email
Not being heard is no reason for silence.
Victor Hugo,
writer, poet, dramatist
LinkedIn Twitter Facebook Email
Certifications  |    Certificates  |    Training and Events  |    Resources  |    Membership  |    Enterprise
SmartBrief publishes more than 200 free industry newsletters - Browse our portfolio
Sign Up  |    Update Profile  |    Advertise with SmartBrief
Unsubscribe  |    Privacy policy
SmartBrief, Inc.®, 555 11th ST NW, Suite 600, Washington, DC 20004