Superhuman resources: How HR leaders have redefined their C-suite role
CHROs have to be able to envision how the strategy will be executed, the
talents and skills required to accomplish the work, and the qualities needed
from leaders to maximize the organization’s potential. Increasingly, that
requires a nuanced understanding of how technology and humans will interact.
“HR leaders sit at a crossroads because of the rise of artificial intelligence
and can really predict whether a company is going to elevate their humans or
eliminate their humans,” said Ellyn Shook, the CHRO of professional-services
firm Accenture. “We’re starting to see new roles and capabilities in our own
organization, and we’re seeing a whole new way of doing what we call work
planning. The real value that can be unlocked lies in human beings and
intelligent technologies working together.” ... CHROs must operate at a
slightly higher altitude than their peers on the leadership team to ensure
that the different parts of the business work well together. At their best,
these leaders view the entire organization as a dynamic 3D model, and can see
where different parts are meshing well and building on other parts, and also
where there are gaps and seams. The key is to make the whole organization
greater than the sum of its parts.
Three IT strategies for the new era of hybrid work
While the hyper-automation strategy will make life much easier for IT teams by
delivering on greater automated experiences, there will always be issues that
humans will have to resolve. Organisations must equip their IT teams with the
tools to handle these issues remotely and securely to succeed in an
increasingly complex environment. This begins with utilising AI and building
on deep learning capabilities that provide critical information to IT teams in
real time. Say an employee is unable to access restricted customer information
from his home network to complete a sales order and needs to enable VPN
access. With the right software platforms, the IT representative will be able
to guide him remotely, to push the necessary VPN software to his device,
configure the necessary access information and provision his access through
automation scripts. IT would also be able to discover the model of the router
used in his home network if required and assist in router settings if the
employee assigns the rights and authorisation. IT can also assess its
vulnerabilities and advise the employee accordingly. In the past, the work
would have to completed in the office. With hybrid work environments, going
back to the office may not even be an option.
Security pros fear prosecution under outdated UK laws
MP Ruth Edwards, who previously led on cyber security policy for techUK, said:
“The Computer Misuse Act, though world-leading at the time of its
introduction, was put on the statute book when 0.5% of the population used the
internet. The digital world has changed beyond recognition, and this survey
clearly shows that it is time for the Computer Misuse Act to adapt. “This year
has been dominated by a public health emergency – the coronavirus pandemic,
but it has also brought our reliance on cyber security into stark relief. We
have seen attempts to hack vaccine trials, misinformation campaigns linking 5G
to coronavirus, a huge array of coronavirus-related scams, an increase in
remote working and more services move online. “Our reliance on safe and
resilient digital technologies has never been greater. If ever there was going
to be a time to prioritise the rapid modernisation of our cyber legislation,
and review the Computer Misuse Act, it is now,” she said. The study is the
first piece of work to quantify and analyse the views of the wider security
community in the UK on this issue, and the campaigners say they have found
substantial concerns and confusion about the CMA that are hampering the UK’s
cyber defences.
An In-Depth Explanation of Code Complexity
By knowing how many independent paths there are through a piece of code, we
know how many paths there are to test. I'm not advocating for 100% code
coverage by the way—that's often a meaningless software metric. However, I
always advocate for as high a level of code coverage as is both practical and
possible. So, by knowing how many code paths there are, we can know how many
paths we have to test. As a result, you have a measure of how many tests are
required, at a minimum, to ensure that the code's covered. ... By reducing
software complexity, we can develop with greater predictability. What I mean
by that is we're better able to say—with confidence—how long a section of code
takes to complete. By knowing this, we're better able to predict how long a
release takes to ship. Based on this knowledge the business or organization is
better able to set its goals and expectations, especially ones that are
directly dependent on said software. When this happens, it’s easier to set
realistic budgets, forecasts, and so on. Helping developers learn and grow is
the final benefit of understanding why their code is considered complex. The
tools I've used to assess complexity up until this point don't do that. What
they do is provide an overall or granular complexity score.
How DevOps Teams Get Automation Backwards
Do you know what data (and metadata) needs to be backed up in order to
successfully restore? Do you know how it will be stored, protected and
monitored? Does your storage plan comply with relevant statutes, such as
CCPA and GDPR. Do you regularly execute recovery scenarios, to test the
integrity of your backups and the effectiveness of your restore process? At
the heart of each of the above examples, the problem is due in large part to
a top-down mandate, and a lack of buy-in from the affected teams. If the
DevOps team has a sense of ownership over the new processes, then they will
be much more eager to take on any challenges that arise. DevOps automation
isn’t the solution to every problem. Automated UI tests are a great example
of an automation solution that’s right for some types of organizations, but
not for others. These sorts of tests, depending on frequency of UI changes,
can be fragile and difficult to manage. Therefore, teams looking to adopt
automated UI testing should first assess whether the anticipated benefits
are worth the costs, and then ensure they have a plan for monitoring and
maintaining the tests. Finally, beware of automating any DevOps process that
you don’t use on a frequent basis.
Security by Design: Are We at a Tipping Point?
A big contributor for security flat-footedness is the traditional “trust but
verify” approach, with bolt-on and reactive architectures (and solutions)
that make security complex and expensive. Detecting a threat, assessing true
vs. false alerts, responding to incidents holistically and doing it all in a
timely fashion demands a sizeable security workforce; a strong,
well-practiced playbook; and an agile security model. As we have learned
over the years, this has been hard to achieve in practice—even harder for
small or mid-size organizations and those with smaller budgets. Even though
dwell time has reduced in the last few years, attackers routinely spend
days, weeks or months in a breached environment before being detected.
Regulations like the EU General Data Protection Regulation (GDPR) mandate
reporting of notifiable data breaches within 72 hours, even as the median
dwell time stands at 56 days, rising to 141 days for breaches not detected
internally. Forrester analyst John Kindervag envisioned a new approach in
2009, called “zero trust.” It was founded on the belief that trust itself
represents a vulnerability and security must be designed into business with
a “never trust, always verify” model.
Distributors adding security depth
“With the rapidly changing security landscape, and home working seemingly
here to stay, this partnership will help organisations alleviate these
security pressures through one consolidated cloud solution. Together with
Cloud Distribution, we will continue to expand our UK Partner network,
ensuring we are offering robust cloud security solutions with our approach
that takes user organisations beyond events and alerts, and into 24/7
automated attack prevention,” he said. Other distributors have also
taken steps to add depth to their portfolios. Last month, e92plus also moved
to bolster its offerings with the signing of web security player Source
Defense. The distie is responding to the threats around e-commerce and
arming resellers with tools to help customers that have been forced to sell
online during the pandemic. The shift online has come as threats have spiked
and the criminal activity around online transactions has increased. “As more
businesses look to transact business online, bad actors are exploiting
client-side vulnerabilities that aren’t protected by traditional solutions
like web application firewalls,” said Sam Murdoch, managing director at
e92cloud.
3 Steps CISOs Can Take to Convey Strategy for Budget Presentations
CISOs recognize they cannot reduce their organization's cyber-risk to zero.
Still, they can reduce it as much as possible by focusing on eliminating the
most significant risks first. Therefore, when developing a budget, CISOs
should consider a proactive risk-based approach that homes in on the biggest
cyber-risks facing the business. This risk-based approach allows the CISO to
quantify the risk across all areas of cyber weakness, and then prioritize
where efforts are best expended. This ensures maximum impact from fixed
budgets and teams. The fact is, the National Institute of Standards and
Technology reports that an average breach can cost an organization upward of
$4 million — more costly than the overall budget for many organizations.
Consider a scenario where one CISO invests heavily in proactive measures,
successfully avoiding a major breach, while another invests primarily in
reactive measures and ends up cleaning up after a major breach. The benefit
is that one (the proactively inclined CISO) ends up spending 10x less
overall. ... While there is more awareness among top leadership and board
members regarding the daunting challenges of cybersecurity, a board member's
view of cybersecurity is primarily concerned with cybersecurity as a set of
risk items, each with a certain likelihood of happening with some business
impact.
Keeping data flowing could soon cost billions, business warned
As soon as the UK leaves the EU, it will also cease to be part of the
GDPR-covered zone – and other mechanisms will be necessary to allow data to
move between the two zones. The UK government, for its part, has
already green-lighted the free flow of digital information from the UK to
the EU, and has made it clear that it hopes the EU will return the favor.
This would be called an adequacy agreement – a recognition that UK laws can
adequately protect the personal data of EU citizens. But whether the UK will
be granted adequacy is still up for debate, with just over one month to go.
If no deal is achieved on data transfers, companies that rely on EU data
will need to look at alternative solutions. These include standard
contractual clauses (SCCs), for example, which are signed contracts between
the sender and the receiver of personal data that are approved by an EU
authority, and need to be drawn for each individual data transfer. SCCs are
likely to be the go-to data transfer mechanism in the "overwhelming majority
of cases," according to the report, and drafting the contracts for every
single relevant data exchange will represent a costly bureaucratic and legal
exercise for many firms. UCL's researchers estimated, for example, that the
London-based university would have to amend and update over 5,000 contracts.
Even the world’s freest countries aren’t safe from internet censorship
Ensafi’s team found that censorship is increasing in 103 of the countries
studied, including unexpected places like Norway, Japan, Italy, India,
Israel and Poland. These countries, the team notes, are rated some of the
world’s freest by Freedom House, a nonprofit that advocates for democracy
and human rights. They were among nine countries where Censored Planet found
significant, previously undetected censorship events between August 2018 and
April 2020. They also found previously undetected events in Cameroon,
Ecuador and Sudan. While the United States saw a small uptick in blocking,
mostly driven by individual companies or internet service providers
filtering content, the study did not uncover widespread censorship. However,
Ensafi points out that the groundwork for that has been put in place here.
“When the United States repealed net neutrality, they created an environment
in which it would be easy, from a technical standpoint, for ISPs to
interfere with or block internet traffic,” she said. “The architecture for
greater censorship is already in place and we should all be concerned about
heading down a slippery slope.”
Quote for the day:
"Beginnings are scary, endings are usually sad, but it's the middle that counts the most." -- Birdee Pruitt
No comments:
Post a Comment