How to avoid compliance leader burnout
Just as a CISO will be held responsible for a security breach, even if the
incident was unforeseeable, a compliance leader is considered responsible for
all aspects of compliance: getting the appropriate certifications and reports,
making sure the company passes its audits, etc. But if traditional methods of
compliance are used, the compliance leader has no actual oversight on whether
those controls are running. For example, the compliance team may set up controls
over user access, but if one control owner forgets to run their control, the
resulting failure will likely be blamed on the compliance leader. ...
Data-oriented compliance that automatically pulls data from primary sources can
sift through a vast volume of data and give an early signal if it senses a
problem that needs to be looked at by a security person or engineer. This makes
it less likely that a compliance leader will be blindsided by a long-running
failure to implement a control. When a control is built into processes that a
department is already running, it’s less likely to be overlooked by that
department—since the control is part of a process that’s operationally important
to the company.
Simplify Cloud Deployment Through Teamwork, Strategy
Liu suggests that when striving for simplification, IT organizations should
recognize that simplification of architectures is complex and can be disruptive.
That means it’s important to identify the most opportune time that works for the
whole organization. “When simplifying, don’t just think about components like
network switches or storage,” she says. “If you focus on moving or simplifying
one component, your simplification can invite a lot more complexity. Think about
simplifying whole infrastructure solutions. Align at the solution- or
service-level first.” Stuhlmuller advises that enterprise cloud teams should
educate themselves on how networking is done, not only in their primary cloud,
but in all public clouds. This allows them to develop a multi-cloud network
architecture that will keep them from having to re-architect when – inevitably
-- the day comes when the business requires support for a second or third public
cloud provider. “Cloud teams supporting enterprise scale businesses discover
that building with basic constructs quickly increases the complexity and
requires resource intensive manual configuration,” he says.
Most Email Security Approaches Fail to Block Common Threats
Digging into where email defense breaks down, the firms found that,
surprisingly, use of email client plug-ins for users to report suspicious
messages continues to increase. Half of organizations are now using an automated
email client plug-in for users to report suspicious email messages for analysis
by trained security professionals, up from 37 percent in a 2019 survey. Security
operations center analysts, email administrators, and an email security vendor
or service provider are the groups most commonly handling these reports,
although 78 percent of organizations notify two or more groups. Also, user
training on email threats is now offered in most companies, the survey found:
More than 99 percent of organizations offer training at least annually, and one
in seven organizations offer email security training monthly or more frequently.
“Training more frequently reduces a range of threat markers Among organizations
offering training every 90 days or more frequently, the likelihood of employees
falling for a phishing, BEC or ransomware threat is less than organizations only
training once or twice a year,” according to the report.
Why private edge networks are gaining popularity
For edge computing to gain large-scale adoption across enterprises, APIs need to
provide an abstraction layer that alleviates the intensive work of having
developers write code to communicate with each system in a tech stack.
Abstraction layers save developers’ time and streamline new app development.
Alef’s approach looks at how they can capitalize on stable APIs to protect
developers from dealing with complex tech stacks in getting work done. Edge
device processors are getting more intelligent. The rapid gains in chip
processor architectures make it possible to complete data capture, analytics and
aggregated at the endpoint first before sending the result to cloud databases.
In addition, endpoint devices’ growing intelligence makes it possible to offload
more tasks, freeing up network latency in the process. ... All businesses
need real-time data to grow. Small gains in visibility and control across an
enterprise can deliver large cost savings and revenue gains. It’s because
real-time data is very good at helping to identify gaps in cost, customer,
revenue and service processes.
Deep Science: AI simulates economies and predicts which startups receive funding
Applying AI to due diligence is nothing new. Correlation Ventures, EQT Ventures
and Signalfire are among the firms currently using algorithms to inform their
investments. Gartner predicts that 75% of VCs will use AI to make investment
decisions by 2025, up from less than 5% today. But while some see the value in
the technology, dangers lurk beneath the surface. In 2020, Harvard Business
Review (HBR) found that an investment algorithm outperformed novice investors
but exhibited biases, for example frequently selecting white and male
entrepreneurs. HBR noted that this reflects the real world, highlighting AI’s
tendency to amplify existing prejudices. In more encouraging news, scientists at
MIT, alongside researchers at Cornell and Microsoft, claim to have developed a
computer vision algorithm — STEGO — that can identify images down to the
individual pixel. While this might not sound significant, it’s a vast
improvement over the conventional method of “teaching” an algorithm to spot and
classify objects in pictures and videos.
Stack Overflow Exec Shares Lessons from a Self-Taught Coder
As a self-taught developer, Chan describes that life as an entry-level software
engineer as “a really big surprise and shock.” Especially given his past
experiences in the world of programmer job interviews. He was baffled by his
previous experiences interviewing with large companies, finding himself “failing
miserably,” he told the podcast audience. Tech interviews, he said, were “where
it’s like, ‘I don’t even know what a red-black tree is, so please don’t ask me
more interview questions about that kind of thing!'” By contrast, he’d known of
Stack Overflow for years, and considered it the home of “some of the best
engineers that I could possibly think of.” ... Chan recalled learning what all
new managers learn: while you may have been good at your old position, “once you
become a manager, the skillset is completely different.” Or, in his case,
“You’re no longer working with computers and with code anymore. You’re working
with people, right?” There were more conversations, and listening to people —
but also a shift in thought. “This is not about code so much anymore,” he
said.
Founders’ Guide To Embedding Corporate Governance In Your Startup
It would do good for founders to have some role models when it comes to
governance and read about the practices and philosophies deployed by them.
However, they may have to look beyond the startup universe for that because good
governance is usually a sustained phenomenon. Companies that have been in
business for decades could only qualify for the same. In my view, the Tata Group
in general but specifically under the stewardship of JRD Tata has been the
epitome of good governance. Some leading IT services companies like Infosys
could also be studied. One does not have to look far and toward the West for
such role models. Founders will do well to remember that getting an up round
(after passing through diligence) is not a validation that they are doing
everything right. Many times, investments happen due to prevailing market
sentiment and liquidity. This happens in spaces that are hot and market
tailwinds compel investors to close transactions faster. However, such times
don’t last forever. Often, when a fastidious investor comes in to write a big
cheque, such transgressions come to light.
Improving Your Estimation Skills by Playing a Planning Game
When we look at a large, complex task and estimate how long it will take us to
complete, we mentally break down the large task into smaller tasks. We then
construct a mental story of how we will complete each smaller task. We identify
the sequential relationship between tasks, their interconnectedness, and their
prerequisites. We then integrate them into a connected narrative of how we will
complete the large task. All of these activities are good, and indeed essential
for completing any large task. However, by constructing this mental story, we
slip out of estimation mode and into planning mode. This means that we focus
upon the how-to’s, rather than thinking back to past experiences, of potential
impediments and how they may extend the task duration. Planning is a bit like
software development, whilst estimation is a bit like software testing. In
development, we are trying to get something to work. So, if our initial approach
is unsuccessful, we modify it or try something else. Once we have got it to
work, we are generally satisfied and move onto solving the next problem.
How to be a smart contrarian in IT
Start with the end user or the most important stakeholders: Do they find the
end results intriguing? Have you built a proof-of-concept solution that tests
your hypotheses? Can they get some value and provide you with quality feedback
from a minimal viable product (MVP)? Don’t over-engineer a solution to a
problem that nobody cares about. Let your customers lead you to what matters
and do just enough engineering from there. You’ll still need to add standard
enterprise features such as security, user experience, and scale, but the goal
is to add them to a product your client wants and values. ... Before you try
to solve a problem, find out if anyone on your team or at your company has
already solved that problem or has experience with it. Explore wikis and
forums to see if solutions have been documented privately or publicly. Too
often, we fail to ask questions because we don’t want to appear uninformed or
unintelligent. Keep in mind that most people enjoy being asked for advice and
would welcome the opportunity to answer a question, especially early in the
process when they can help you save time and effort.
Get ready for your evil twin
Accurately replicating the look and sound of a person in the metaverse is often
referred to as creating a “digital twin.” Earlier this year, Jensen Haung, the
CEO of NVIDIA gave a keynote address using a cartoonish digital twin. He stated
that the fidelity will rapidly advance in the coming years as well as the
ability for AI engines to autonomously control your avatar so you can be in
multiple places at once. Yes, digital twins are coming. Which is why we need to
prepare for what I call “evil twins” – accurate virtual replicas of the look,
sound, and mannerisms of you (or people you know and trust) that are used
against you for fraudulent purposes. This form of identity theft will happen in
the metaverse, as it’s a straightforward amalgamation of current technologies
developed for deep-fakes, voice emulation, digital-twinning, and AI driven
avatars. And the swindlers may get quite elaborate. According to Bell, bad
actors could lure you into a fake virtual bank, complete with a fraudulent
teller that asks you for your information. Or fraudsters bent on corporate
espionage could invite you into a fake meeting in a conference room that looks
just like the virtual conference room you always use.
Quote for the day:
"The signs of outstanding leadership are
found among the followers." -- Max DePree
No comments:
Post a Comment