October 12, 2014

Effective IT governance enhances risk management and statutory and internal compliance
The Indian Companies Act has always provided for controls in information systems as a mandatory internal control requirement as a significant corporate governance requirement. The importance of IT governance is now further accentuated by the new Companies Act 2013, which provides for robust and structured risk management and internal controls, with specific requirements as regards internal controls that are relevant to financial reporting and electronic records. Effective IT governance enhances risk management and statutory and internal compliance.

Living Systems and the Information First Company
Put another way, NewCos are “information first” companies. They map the flows of information in a market, and organize themselves so as to exploit or leverage those information flows, even if the flows are “potential information” - information used in a new way, a manner which may be more efficient, productive, or valuable. Put information first, and let that determine how best to organize energy and matter. Industrial era-companies, on the other hand, value their hard assets first (energy, matter), and only view information as a way to organize or protect those assets.

NIST Cybersecurity Framework: Don’t Underestimate It
The framework also highlights why it is important for senior management to establish and supervise a cybersecurity program. The framework places senior management at the top of the decision-making process and holds senior managers responsible for compliance with the framework. Although senior managers without a technical background might be tempted to defer responsibility to their IT departments, complying with the framework requires them to be educated about the choices their company faces and to take responsibility for allocating appropriate resources to address risks.

Conquer the Top 20 critical security controls
The CSC emphasis on integration and automation makes it align very well with the Security Connected approach from McAfee (part of Intel Security). The Security Connected framework enables you to establish a robust risk management process with integrated solutions and management that protect your infrastructure—including IT and incident command systems (ICS) without impairing system availability. Because our and partner solutions share a unified, policybased management platform and real-time threat intelligence, organizations can move easily to adopt incremental controls as part of a consistent, efficient process.

New iRobot App Lets You Control a ‘Bot Army With an Android Tablet
The new control hub is called the uPoint Multi-Robot Control system, and it’s an Android app. It supports hopping between individual robots, so if you have several in your setup and simply tab over to control a different machine. With it, controlling the robots is even easier than driving a remote-control car. In the simplest setup, the app’s live-view screen shows you a feed from a robot’s front-mounted camera, and tapping on locations simply drives to that point. You can also drag your finger from the robot to different parts of the scene to lead it there. Doing so shows the drive path the machine will take, curves included. It makes it incredibly easy to navigate the robots around obstacles and corners.

FDA Follows NIST Framework in Cybersecurity Guidance for Medical Devices
While not yet mandatory, the FDA strongly recommends that manufacturers follow the guidance in explicitly addressing cybersecurity risks in premarket submissions for medical devices, particularly those that rely heavily on software, access patient data, and connect with electronic networks. So what, exactly, are the highlights of the FDA’s guidance for medical device manufacturers? And what are the take-away lessons for companies in the industry, whether or not they’re in the process of seeking premarket approval for new devices? Following the NIST Framework, the FDA recommends that companies focus on five core functions in addressing and managing cybersecurity risks: Identify, Protect, Detect, Respond, and Recover:

The Protection Revolution - A Needed Counter to Attacks
As security professionals, we need to follow a similar trajectory to hackers and apply lessons learned from the Industrial Revolution to become faster, more efficient, and more effective in our sector: a “Protection Revolution,” if you will. Just as technologies and capabilities for attackers have improved, so have technologies and capabilities for defenders. This gives us a unique opportunity to move toward security systems built on a foundation of broad-based visibility, depth of data collection, the ability to learn through correlation and context, and then dynamically apply controls.

Strategies for Security Governance
When dealing with contested security issues, or when escalating security risk issues to senior management, assume that your audience does not understand information security. Your narrative messages should be short—preferably one page and no longer than two pages. Talk in business risk terms and terminology. Be factual: issues must be dealt with in a straightforward manner. Do not sugar coat or exaggerate issues. Fear, uncertainty or doubt should not be used. Jargon should be explained or not used at all. Senior management should be updated at least three times a year on the general risk posture of the organization and outstanding high risk security issues that are being monitored.

Leading Enterprise Organizations Have Established a Dedicated Network Security Group
This “us-and-them” mentality appears to be legacy behavior. According to ESG research, 47% of enterprise organizations now claim that they have a dedicated group in charge of all aspects of network security (note: I am an ESG employee). Additionally, network security is done cooperatively by networking and security teams at 26% of organizations today, but these firms insist that they are in the process of creating a dedicated network security group to supplant their current division of labor.

How CIOs can plug critical gaps in IT governance
Cyber security is a fast-changing and complex field whose professionals will benefit from access to a foundational body of knowledge, education, and thought leadership from chief information security officers (CISOs) and other security experts working in the industry. By using industry frameworks such as COBIT to gain access to key tools, specific guidance they require, and access to the latest tips and insights from the industry, these professionals can ensure they are keeping up to date with ever-changing industry challenges and increasingly sophisticated attacks.

Quote for the day:

"You cannot be a leader, and ask other people to follow you, unless you know how to follow, too." -- Sam Rayburn

No comments:

Post a Comment