Executives and boards of directors "have a duty of care and responsibility" to improve their knowledge about cybersecurity because the "cascading carnage" of a failure could bury them, writes Cindy Gordon, founder and CEO of SalesChoice. "Leaders are recognizing that they have often been asking the wrong questions and often applying the wrong methods," she writes.
Northwestern University MS in Information Systems Prepare for IT management roles and build the skills needed to design and implement technology solutions that propel organizations forward. Choose from eight specializations to suit your goals. Study online and on campus. Learn more.
Having employees working from home won't work as an excuse with regulators or customers if data are compromised, writes Tomas Honzak, GoodData's head of security and compliance. In this analysis, Honzak outlines five steps for adapting to the new reality, such as by giving workers amnesty for finding ways to work not sanctioned by the IT department.
Updating your company's approach to data governance might be necessary because processes and priorities are changing, writes Karen Schwartz. In this analysis, Schwartz offers a half-dozen tips, including lawfully purging data when it grows stale.
Introducing COBIT Focus Area: Information Security Providing guidance related to information security and how to apply COBIT to specific information security topics/practices within an enterprise. In today's world how can you do without it? Learn More
Building an in-house compliance committee starts with parties to exclude -- the board of directors and CEO, who should be taking a broader view, writes Matt Kelly. Chaired by the chief compliance officer, the committee of voices from across the company should set an agenda and avoid the problem of "siloed risk management."
Establishing a common language among all board members, especially nontechnical members, is a difficult task. So, how can these 2 references be combined to align corporate and IT aspects and facilitate the relationships among board members, executive management, CEOs, CIOs, assurance providers and internal auditors? Full Story: ISACA
Boards of directors need not be technically oriented to govern security activities, only capable of asking the correct questions, writes Audrey Katcher of accounting/consulting firm RubinBrown. In light of COVID-19, tech leaders should take a broader approach and assess "business risks" as opposed to individual security flaws, she writes.
Creating or updating standards for cybersecurity at the company level may be considered "low-hanging fruit" by many but actually constitutes "a heavy lift," writes ISACA board member Pamela Nigro, vice president of information technology and security officer at Home Access Health Corp. In this commentary, Nigro lists steps for nailing down cybersecurity governance, noting that tone must be set "at the top that makes cybersecurity, and cybersecurity governance, a priority."
Corporate compliance officers are trying to figure out how to gather data and analyze it in light of federal prosecutors being instructed to emphasize that area in investigations. Piyush Sharma of Alexion Pharmaceuticals notes there's "no magic formula for this" because each company has a different risk profile.