Daily Tech Digest - October 20, 2019

3 Concepts Defining the Future of Work: Data, Decentralisation and Automation

3 Concepts Defining the Future of Work: Data, Decentralisation and AutomationData analytics can help to interpret the business environment, enable managers to act and result in sustained superior performance and competitive advantage. The introduction of descriptive, predictive and prescriptive analytics in your work means that the traditional way of decision-making, based on experience and expertise, is exchanged for data-driven decision-making. When organisations provide more people with access to knowledge, power is distributed more equally, enabling employee empowerment within an organisation. This power shift is necessary to fully benefit from big data analytics. The future of work, therefore, will result in flatter organisations. Where those employees facing the customer or those directly involved in building a product use data to optimise their decisions. This requires a change in company culture, as real-time insights from data require real-time action from employees and management. Fewer managers and more empowered employees will radically change your culture.

7 steps to a successful ISO 27001 risk assessment - IT Governance Blog

An information security risk assessment is the process of identifying, resolving and preventing security problems. Your organisation’s risk assessor will identify the risks that your organisation faces and conduct a risk assessment. The risk assessment will often be asset based, whereby risks are assessed relative to your information assets. It will be conducted across the whole organisation. ISO 27001 is explicit in requiring that a risk management process be used to review and confirm security controls in light of regulatory, legal and contractual obligations. ... ISO 27001 does not prescribe a specific risk assessment methodology. Choosing the correct methodology for your organisation is essential in order to define the rules by which you will perform the risk assessment. The methodology needs to address four issues: baseline security criteria, risk scale, risk appetite, and a scenario-based or asset-based risk assessment. ... If opting for an asset-based risk assessment, you should work from an existing list of information assets, which includes hard copies of information, electronic files, removable media, mobile devices and intangibles, such as intellectual property.

Friendly reminder: Biometrics are not the best way to secure your phone

ZTE Axon 10 Pro in-display fingerprint sensor
If there’s ever an appropriate time to call a gigantic tech conglomerate “red faced,” it’s probably now. In a terse statement released yesterday, Samsung acknowledged some clear cases and screen protectors can be used to bypass the fingerprint sensors on the Galaxy S10, Galaxy 10 Plus, Galaxy S10 5G, Galaxy Note 10, and Galaxy Note 10 Plus. You don’t need a 3D printer, super-high-res camera, latex molds, or any cloak-and-dagger nonsense. A dirt-cheap phone case is all you need to unlock someone’s Samsung flagship. It’s hard to excuse this massive breach of trust, and it’s even harder to understand why Samsung has so far failed to apologize to customers. Yet, this embarrassing mishap isn’t that surprising in the scheme of things. The truth is, fingerprints and other biometric authentication methods are flawed. You shouldn’t rely on them if you actually care about mobile security. PINs and passwords are much more secure — if less convenient — methods of authentication.

Six Reasons Why We Need to Take a Collaborative Approach to AI Development

Wisdom of the crowd is a known phenomenon, but despite that companies focus on selecting and working with people at the top who are highly specialized. This is under the assumption that they have a better and more correct knowledge, which is partially true, as knowledge was not easily accessible to all. However, with online education, knowledge, especially in the field of AI, is now accessible to all. One does not have to go to a university to learn the same thing as someone at Stanford or MIT can learn. This has again made the playing field flat and led to the democratization of AI. ... ‘What seems chaos at first, one starts to appreciate the experience and realize the relevance of working in self-organizing environment, where crucial conclusions and optimal solutions eventually emerge as winners. It is very well welcomed and valuable experience. It makes me proud to be a part of it.’- Vjeko Hofman, 10+ years of experience as a Software Engineer.

These are all the ways that remote working is stressing you out

One of the reasons for this could be the “out of sight, out of mind” mentality that’s commonplace toward remote workers, which leads to a lack of trust, feelings of being an outsider, and a tendency for people to think their colleagues are talking negatively about them behind their back. One study of 1,100 workers found that the 52% who worked from home at least some of the time were more likely to feel left out and mistreated, as well as unable to deal with conflict between themselves and colleagues. Navigating sensitive territory in a virtual team is an essential skill. If we’re not careful, issues can fester. Emails can be misinterpreted as being rude or too direct. And, with no visible body language, it’s tricky to convey our true meanings. In a virtual environment there is a tendency to focus too much on tasks and too little on relationships. This kind of transactional leadership can be the route taken by leaders who want to get the job done but fail to recognize how important the people are who are completing these tasks.

Are We Doomed to Repeat the Past When it Come to Hacking?

On an almost weekly basis, another organization or government agency owns up to having been “hacked” – admitting that its systems have been breached. For every company that discloses an issue, there are likely 20 – 30 more that keep it under wraps. We know this because more than half of all U.S. businesses have been hacked. The attacker may have removed sensitive personal data or trade secrets for later sale on the dark web, or sought to disrupt operations, causing negative reputational and financial impact. But regardless of attacker motivation, cybercrime damages are predicted to cost the world $6 trillion dollars in damages annually by 2021. George Santayana gave us the great quote, “Those who cannot remember the past are condemned to repeat it.” Unfortunately, we haven’t been particularly good students of history – at least in terms of protecting our critical infrastructure from hackers. ... Known as “cyberhardening,” this method prevents a single exploit from propagating across multiple systems. It shrinks attack surfaces, eliminates vulnerabilities, and stops malware from being executed. Read more about this transformation process here.

The Fundamentals of Cyber Risk Management

“Organisations should invest in identifying and updating their crown jewels (using parameters like whether the assets are internet exposed, hosted on cloud, managed by third party etc.) and associated threats at regular intervals.” This includes “a comprehensive view of where all key information assets reside, whether self-managed or managed by a third party, including any unstructured data (e.g., spreadsheets, documents, PDFs, emails, etc.). This should include risk classification and level of granularity, appropriate to the entity’s size and complexity, plus current risk controls.” You’ll notice that Mistry hones in on an important asset management aspect of cyber-risk: third party vendors. “Organisations should implement a third party tiering system which can be created using parameters like the location of services, number of records accessed, data type accessed, etc,” he says. “Tiering of the third parties can help determine the frequency of controls assessment and the level of evidence required to ascertain the security posture of third parties.”

U.S. Financial Services Cyber Security Market Insight & Future Assessment

This report is a resource for executives with interests in the cyber security industry. It has been explicitly customized for the cyber security industry and financial services decision-makers to identify business opportunities, developing technologies, market trends and risks, as well as to benchmark business plans. Considering the economic and business implications of cyber attacks, it has now become mandatory for the financial industry to significantly increase its investments in state-of-the-art cyber security technologies, solutions, and outsourced services to detect, prevent, analyze and resolve the epidemic of financial cyber crime. According to the Cyber Security Market Report "U.S. Financial Services: U.S. Financial Services: Cybersecurity Systems & Services Market - 2016-2020" report, the U.S. financial institutions cyber security market is the largest and fastest growing private sector cyber security market. Its cumulative 2016-2020 market size is forecasted to exceed $68 Billion.

Guerrilla Analytics – how to deliver analytics in the cut & thrust of business

Guerrilla Analytics – how to deliver analytics in the cut & thrust of business
“Guerrilla Analytics is data analytics performed in a very dynamic project environment that presents the team with varied and frequent disruptions and constrains the team in terms of the resources they can bring to bear on their analytics problem.“ Most analytics leaders I know can relate to that reality, whether or not they formally work in an Agile environment. Enda goes on to outline, in useful detail the risks and challenges that such an approach needs to address. Demonstrating why more than a general CRISP-DM approach is needed as a working methodology. As a foundation for the rest of this book he then explains the 7 principles of Guerrilla Analytics. These cover practical day to day decisions about storage, documentation, automation, audit-able work, knowledge management & code design. ... Starting with Data Extraction, Enda shows how his 7 principles can be applied to improve practice. Some of the examples get into very specific detail. But the themes and lessons learnt help avoid this becoming too technical or distracting.

Data management strategies are evolving – so must enterprises

“Data has been placed in higher value than oil, and we, as humans, create more than 2.5 exabytes of data every single day,” says Tim Galligan ... “This data boom has truly created a need in the enterprise to secure and manage its own data. The more data we have to manage, the trickier it becomes to properly govern who is accessing that data, what we’re doing with it and how secure it actually is.” Because of the increased data-sharing capabilities within organisations, GRC is now evolving into integrated risk management (IRM), which provides a far more holistic approach to an organisation’s data security procedures. “The pervasive nature of sensitive data, along with the related security and privacy issues it brings, is a drive of this movement,” says Doug Wick, vice-president of product at ALTR. IRM is a set of procedures that enables a risk-aware organisation to use technology and strategy to speed up decision-making and performance, through human intervention and automated playbooks – used to define a scenario and then create actions from it to play out the process – to prevent a situation from spreading.

Quote for the day:

"The smartest people in the meeting are the ones that don't say anything until they have something of value to say." -- @LeadToday

No comments:

Post a Comment