How security leaders can effectively manage Gen Z staff
Gen Z will look for jobs in organizations that share their values. Gen Z is
likely to remind their superiors of such values if they find themselves being
asked to do something that goes against such. Be ready for situations like this
and make sure the company’s values isn’t just a marketing creation. Another way
to look at this is to proactively go after individuals whose values resonate
with the company’s. All working generations have experienced pros and cons of
work from home, the office or a mix of both. This is unlikely to be a Gen Z-only
preference, but younger generations may be more prone to think, “Why do I need
to go to a specific location to do a job I can perform from anywhere?” ... The
two aspects here are peer training and paid training. Gen Z is eager to learn
but also to move forward, now even though this may not be effective to all roles
it can be a positive in cybersecurity where attackers and attacks are always
evolving fast.
LastPass Hack Highlights Importance of Applicable Acceptable Use Policies
While LastPass has made it clear that several course corrective activities have
taken place post-incident to prevent similar hacks, the argument that this type
of exploitation was preventable persists. Specifically, one control that should
be scrutinized is the LastPass Acceptable Use Policy (AUP). These important
documents provide employees with a set of rules applied by the company that
explain the methods through which employees may access or use corporate
networks, devices or data. Many of these policies require that corporate data
may only be accessed and managed on corporate systems. This specific provision
allows the organization to control both physical and logical access to important
information, such as business operations and client data. As the business world
has morphed with a more distributed and remote configuration, corporate AUPs
require additional scrutiny as well. Specifically, companies should take a hard
look as to the applicability of the Bring Your Own Device (BYOD) mentality and
consider the security implications that could emerge through mismanagement.
3 Steps to Unlock the Power of Behavioral Data
In practice, a strong data culture is a “decision culture” according to McKinsey
research, which is a culture where an organization can accelerate the
application of advanced analytics, powering improved business performance and
decision-making. Furthermore, Forrester found that organizations that use data
to derive insights for decision-making are almost three times more likely to
achieve double-digit growth. So why is it such a challenge to create this type
of culture? ... Data creation is the process of creating high-quality,
contextual behavioral data to power AI and other advanced data applications.
Instead of working with the data exhaust which happens as a result of SaaS
applications and black box analytics tools, data creation allows a choice of
metrics that would best reflect the organization’s needs. The great thing about
this is that it saves data teams quite a lot of time as it continuously delivers
a highly trusted real-time stream of data that evolves with the business.
5 steps for building a digital transformation-ready enterprise architecture
In a hyper-competitive and increasingly cloud-based business environment, it's
clear that digital-first is the only way forward. Of course, the transformation
could have been smoother. For most businesses, it's happened in fits and
starts—a program written here, a piece of software implemented there. The end
result, in many cases, has been a patchwork: out-of-date applications, redundant
or overly complicated programs, and generally clogged internal processes. Think
of a big, tangled pile of extension cords—it's unclear what goes where, what can
be safely removed, what needs replacing, and so forth. These clogged processes
present a serious problem for businesses engaged in digital transformation. They
can slow down a company's inner workings and, over time, lead to lost
productivity and revenue. That's why it's imperative for companies to clear away
the cobwebs and redesign their internal processes for maximal productivity—to,
in other words, embark on an organization-wide program of enterprise
architecture.
Crucial role of data protection in the battle against ransomware
Central to any cybersecurity strategy being developed is the role of the IT
infrastructure teams and storage administrators in the secure storage and
protection of data.However, formulating and implementing a strategy alone will
not be enough, organisations must rigorously test their resiliency plans. It
is essential to identify the cracks in the defences as a proactive strategy,
even as learnings are applied reactively. A key reason behind the rise of
ransomware attacks is that the attack surface, the systems that are accessible
and could be compromised, is massive and constantly growing. The larger the
enterprise, the larger the attack surface, as the vulnerable endpoints and
pieces of software being used are many. Any breach that occurs, thus must be
quickly contained, and its impact as minimised as possible. Merely adding more
storage to a data centre is not the solution. Enterprises will need to
incorporate immutable storage and encryption technology and optimize the
recovery process.
US Cybersecurity Strategy Shifts Liability Issues to Vendors
The administration envisions that it will roll out more stringent software
development practices, work with vendors to implement them in the software
development process and then work with industry and Congress to establish a
liability shield for companies that adopt those practices. That process will
take well over a year, the senior administration official predicts. Veracode
founder and Chief Technology Officer Chris Wysopal says drawing from the NIST
Secure Software Development Framework for the safe harbor law is more
aspirational than realistic since the liability shield must consider a
company's maturity and security posture. Kalember says no current institutions
are well positioned to assess compliance with NIST or assign blame after a
security incident. "We need a few different levels of what building safe
software means," Wysopal tells ISMG. "The SSDF is a good starting point, but I
think it does need to be more practical and more basic."
The government cannot win at cyber warfare without the private sector
The Council on Foreign Relations (CFR) recommends “a program of deepening
public-private collaboration between the Defense Department (DOD) and the
defense industry” to stop these hacks. It suggests this because it recognizes
that the private sector is who owns and operates the networks and systems that
the problem countries target, while the public sector “lacks the same picture
of the threat environment.” The CFR is right. Private-sector actors regularly
face hackings and understand that their survival in the marketplace hinges
upon addressing them swiftly and efficiently. The government, by contrast,
doesn’t recognize many of these threats until they occur. The government has
the ability to contract with anyone, so why wouldn’t it choose to work more
closely with private companies. Consider the case of the Office of Personnel
Management, which faced that headline-making 2015 hacking from China.
Five Factors For Planning A Data Governance Strategy
Effective data governance begins with having a comprehensive record of the
data within the organization; however, according to one survey, for two-thirds
of organizations, at least half of their data is dark. This dark data
represents untapped insights that are not being levered by the organization.
Also concerning is the fact that this same absence of quality data and
availability can result in an estimated 29% of an employee’s time being spent
on non-value-added tasks. ... Data democratization can be shaped by AI-enabled
governance policies that control access to the cataloged data. This
self-service access to data affords a degree of autonomy for users to work
with the data—and the insights it can provide—independently, regardless of
their position within the organization. The impact of data democratization can
be felt across an entire organization. Users are able to access data securely
and work with data on their own without being occupied by tasks that produce
no benefit to the organization. As a result, the IT department can be
available to handle other important tasks.
The Move to Unsupervised Learning: Where We Are Today
In addition to the need for explainability, another significant challenge to
the widespread adoption of deep learning is the increasing reliance on the
need for labeled data, that is, adding labels to raw data such as text files
and images to identify them and provide context that machine learning models
can recognize and learn from. Supervised learning has made significant and
impressive advances in recent years, demonstrating the ability to learn from
massive amounts of labeled data. There is, however, a limit to how much AI can
advance using supervised learning alone. In many real-world scenarios, the
availability of large amounts of labeled data is a challenge — either due to a
lack of resources or the inherent nature of the problem itself. Ensuring class
balance in the labeled data presents another challenge in that it’s often the
case that some classes make up for a large proportion of the data, while other
classes might not be adequately represented. Furthermore, ensuring the
trustworthiness of labeled data can present another challenge.
The Biggest Enterprise Architecture Trends in 2023
Most Enterprise Architects endlessly tweak their systems to improve change
delivery. As with all things in life, the changes aren't perfect the first
time around, and adapting is essential. Each round of change, however small,
ultimately improves the system. Many trends overlap and adapting
way-of-working ties in with using the social aspects of the architecture
described above. Organizations can track the history of change initiatives to
see the applications, processes, and information impacted over time.
Understanding how the change works gives leaders vital information to make
decisions. By tracking people, teams, and departments, organizational and
communication pathways become clear. Over time, the tracking shows patterns of
where change occurs. When it’s clear where change is happening and failing,
the patterns can guide the reorganization of teams. It can also help teams
work as independently as possible, improve cross-team coordination, and aid
prioritization.
Quote for the day:
"Leaders think and talk about the
solutions. Followers think and talk about the problems." --
Brian Tracy
No comments:
Post a Comment