Daily Tech Digest - February 20, 2017

How to organize an enterprise cybersecurity team effectively

An organization's cybersecurity team needs to manage and perform the right functions. So what's the best way to determine those functions? Carnegie Mellon University's well-respected Software Engineering Institute has created a framework that proposes structuring a cybersecurity team around four key functions. ... A framework that is based on an approach developed by security expert Mike Rothman is likely more realistic and pragmatic for many organizations. In this framework, an organization's cybersecurity team has an individual (e.g., a CSO) who has overall responsibility for implementing an organization's cybersecurity program, and who is the team's coordination point. This person is responsible for ensuring compliance with security policies and communicating cybersecurity program results to senior management.


6 ways IoT will change project management

Despite the more collaborative approach in projects that Agile development offers, IT still goes off to code and test most new apps on its own. When the apps are ready for staging or final end user review, the end users get plugged back in. This won't work with IoT projects, because IoT is so integrally linked into company operations that the software and hardware can't be separated from its actual operating environment. For instance, if an IoT robot is being used in a distribution center to pick and pack items from shelves, the software, the communications, the data collection and the operation of the robot in its warehouse environment have to be tested on the floor. It is not enough to finish the IT part of the project and just insert the technology. IT and operations have to work hand in hand on IoT 100% of the time, for the entire duration of the project.


Why Tech Should Get Involved in Regulating IoT Security

What’s needed is a sense of collective responsibility that involves vendors, government, and even consumers. “The moment that consumers know their fridge can spoil their own food but might also be attacking the neighbor’s fridge, they might say, I want to be a responsible actor. Most civilians want to be responsible actors,” Kolkman said. Earlier this month, Schneier proposed on his blog that a new government agency is required because existing agencies are not equipped to cope with the fluid nature of the Internet. During RSA, Schneier made a Skype appearance at the Linux Foundation’s Open Source Leadership Summit in Lake Tahoe, California, where he repeated that call for a new agency. “My worry is the alternatives are not viable any longer. Government is going to get involved regardless,” he told that audience.


Sustainable Development Through Bitcoin

The origins of bitcoin lie in code and cryptography. In its early adoption, it has attracted the attention of bona fide entrepreneurs operating in a gray regulatory area prone to over-reaction, plus speculators and criminals. In the space of eight years, bitcoin (and its underlying protocol) has grown to the extent that central banks around the world and large financial institutions have begun to take serious notice. This is good. Still, while its ecosystem is growing, many of its use cases are still hypothetical or untested, and some advocates are prone to wishful thinking. A few betray a whiff of technological fundamentalism. Meanwhile, the Sustainable Development Goals arose in 2015 after sustained political debate and empirical evidence on what has and has not worked to improve the lot of people and planet. Their number and complexity is an admission that the world we live in is interdependent. Long-term fixes in one location can have positive effects elsewhere.


Breaking big data into business sense

Even contextually analysed data can’t do any good if it’s not being properly utilised. And when it comes to getting the most out of your data, it’s all about how you see it. Whatever big data analytics tool companies deploy should use data visualisation technology to help decision makers identify patterns. For example, a CIO might benefit from a dashboard that shows the number of unsatisfied customers over a period of time and lets them review the areas of the highest customer dissatisfaction. Visually representing these issues, with options to drill deeper into each graph, will help the CIO fully understand the situation, even at a glance. To completely enable visualisation in an analytics tool, users should be able to create graphs and dashboards in real time by dragging and dropping customised and out-of-the-box data fields. They should be able to combine multiple reports into a single, live dashboard, eliminating the need for multiple tabs and simplifying analysis.


IoT And Privacy: Turning Pitfalls Into Benefits

Companies can find themselves at risk if they haven't taken the appropriate steps to protect consumer interests, especially if they end up having a data breach where consumer information is exposed or stolen. Litigation can be costly and result in settlements that require micromanagement of the business, and no one wants that.  "Then you are under the spotlight," she said. Concerns are growing as more high-profile startup companies offer devices and then stop supporting them due to an acquisition or the business closing down. When creating a privacy policy, organizations need to look at the entire life cycle of the device, from creation to updates to end of support. To get you started in the right direction with your privacy, security, and IoT policies, Hutnik promises she will offer a very focused session that helps people identify "key low hanging fruit that they should know but don't know.


Business Process Compromise: The Biggest Cyber Threat You’ve Never Heard Of

Application control can lock down access to mission critical systems to ensure nothing is altered. And file integrity monitoring (FIM) will be able to spot any signs of unusual activity inside your network which could indicate an attempt to compromise key processes. Intrusion prevention is important in preventing lateral movement as attackers look to move around, gathering information as they go. And advanced machine learning capabilities can be a useful aid to detecting malware designed to evade traditional filters. The key here is to spot any incursion or attempt to modify systems before the bad guys have time to do any real damage. With dwell time regularly averaging over 100 days, we need to get better at this.


Not investing in employees’ mental health is bad business

This isn’t about not hiring millennials and just hiring older workers. It’s about the fact that as older workers retire, there is a growing need to increase employee care and provide for the mental health of the employees coming in. If you don’t want to do that these younger employees will increasingly underperform and become problems that will significantly reduce the firm’s ability to compete. In the end, these young employees are our sons and daughters, they are our legacy, and they will be the ones who assure the work we did lasts into the future. Not investing in them isn’t just bad business, it is stupid management and fixing that should be a far higher priority than it is. The fact that similar problems exist at the top of the company is also an irony that shouldn’t be lost on any board of directors.


How To Develop An Internet Of Things Strategy

It all begins with a landscape analysis. You need to thoroughly understand your industry and competitors — strengths, weaknesses, opportunities and threats (SWOT). This will help you see the megatrends and forces at play in your market. "Creating a landscape analysis and value chain of your industry is a very important thing to do," Rossman tells CIO.com. "Studying the market: What are they saying about IoT in your industry? Truly understanding what is your worst customer moment: Where do customers get frustrated? What data or what event improves that customer experience? What's the sensor or IoT opportunity that provides that data?" ... The next step, Rossman says, is to create a value-chain analysis and profit-pool analysis of your industry. It should be a broad view of the industry, don't give in to tunnel-vision with a narrow view of your current business.


Tata Motors and Microsoft India Collaborate to Provide Connected Cars

Tata Motors will continuously develop and launch new connected services and applications that make it easier for people to stay connected to work, entertainment and social networks, with greater safety & security as well as services to maximize better use of newly found in-car free time. In addition, Tata Motors’ recently launched ring-fenced vertical, TAMO, will act as an open platform to foster innovation through a startup ecosystem and develop vehicles with on-the-go connectivity. In its first phase, the advanced offerings will incorporate technologies such as cloud computing, analytics, geo-spatial & mapping and increased human-machine interface, creating a new benchmark in the industry for connected vehicles. TAMO will provide a digital eco-system, which will be leveraged by Tata Motors to support the mainstream business in the future.



Quote for the day:


"One of the best things you can do in your pursuit of growth is to systematize it." -- @alexgoldfayn