“While saying ‘yes’ to a project can seem like the easiest way to spark
innovation, the ability to say ‘no’ is vital to ensure companies focus on
projects primed to deliver long-term value,” says Prasad Ramakrishnan, CIO at
software company Freshworks. “Evaluating these decisions requires a deep
understanding of company and stakeholder priorities.” ... IT leaders facing a
surfeit of worthwhile technical projects, however, can find themselves in a
difficult — and nerve-racking — position, says Barry Shurkey, CIO at NTT Data
Services. What if the chosen initiatives don’t work out? What if you make the
wrong choice and foregoing other options ends up having a negative or
detrimental impact on the business? “Sometimes, this forces CIOs to delve
in and quantify the potential success and the impact of failure for each
initiative,” Shurkey says. “To enable us to be connected with the pulse of the
business and to strike the right balance and prioritize the right projects,
it’s also important for IT leaders to build strong relationships with their
counterparts in the C-suite and with the next level of leaders in the business
functions.”
Software Makers May Face Greater Liability in Wake of MOVEit Lawsuit
The cases come at a pivotal time as the discussion and potential legislation
around software vendor liability heats, and the Biden administration ponders its
response. The National Cybersecurity Strategy, released by the Biden
Administration in March, has acknowledged that under the currently recognized
liability paradigm, software vendors are rarely held to account for exploited
flaws in their solutions. "Whether under contract, product liability, or
common-law negligence theories, software makers to date have been nearly
universally successful avoiding meaningful liability," notes Mark Millender,
senior advisor, global executive engagement at Tanium, a provider of converged
endpoint management The National Cybersecurity Strategy proposes a joint effort
between the administration, Congress, and the private sector to develop
legislation to establish such liability, a process that will take time but is
ultimately necessary, he says. "It is critical to address the lack of
accountability to drive the market to produce safer products and services
while preserving innovation," Millender says.
Creating a Successful Data Quality Strategy
One of the most powerful ways data quality management teams can build a unified
systems mission with upper management is to present data as a product in
operations – a thing that can be measured and measured again. “Things that you
don’t continue to measure can easily spin out of control: like money, like
weight,” Kapoor quipped. However, team members need a clear sense of where to
target indicative measurement and locate problem areas in the chain of
operations. The team needs to have a realistic vision as it makes timetables for
improving data projections. In setting up ongoing data quality metrics that help
reveal where data failures recur, Kapoor presented the innovative view that in
the end, data is defined by a company’s consumers. “When the data is wrong,” she
mused, “who bleeds – the producer or the consumer? The consumer! So they need to
become part of the game.” Just as management needs to steer the ship in a way to
implement evolving data needs, data quality teams must communicate with
consumers in order to look for persistent ways that data fails them.
How Organisations Can Manage Underperforming Employees
People are happiest in roles where they get ample opportunities to apply
themselves and play to their strengths. Underperformance could therefore also be
owing to a mismatch in role expectations and deliverables vis-a-vis the
strengths of a person. An average performer in one role might do a stellar job
in a different role. It is therefore worth the while of the business and HR
leaders to look at the competencies and personality traits of the individual and
figure whether the employee has been given the right professional opportunities.
At times, a small tweak in the current job role or a completely new
responsibility might be the right solution to bring about the change from
average to good performance, as the employee is able to shift mind share from
their development areas and focus on leveraging their strengths. ... If you
still fail to see the desired results, create a personalised performance
improvement plan and set clear goals for them to achieve in a designated time
period. Make sure that the goals are specific enough and are relevant to the
organisational objective.
The Physical Impact of Cyberattacks on Cities
Cities have a multitude of responsibilities, like keeping the lights on, keeping
water flowing, keeping EMS staffed and operating, and these functions rely on
technology and digital connection to keep themselves running. In essence, every
department is its own tech company that is not only susceptible to cyberattacks
but can be crippled if an attack is managed properly. Government officials must
always have these threats top of mind when planning for attacks, as one
seemingly isolated cyber incident can have the power to physically shut down
needed resources. Once an attack hits a city, it is difficult for officials to
regain the trust of the public. This cannot be seen as simply a byproduct of an
attack — reputational impact is often a central goal of bad actors. Ransomware
attacks can look like targeted campaigns to discredit a city, which in turn
impacts the city's ability to generate revenue with a potential loss in
residents and tourists, which are all critical for sustaining a city's
viability.
The CISO Role Transformation: The Shift from Security to Trust Assurance
There is a critical link between trust and revenue, asserting that companies
that lead with trust and communicate it effectively go to market with an
advantage. This new approach to cybersecurity allows companies to close deals
faster, increase customer retention, and reduce the time to renewal. When
cybersecurity is aligned with trust, it becomes an integral part of the revenue
journey, contributing positively to customer acquisition costs, lifetime value,
and overall business performance. ... The conversation shifted to the
relationship between the SEC's final ruling on cybersecurity risk management and
the concept of trust assurance. Marquez pointed out that while the ruling
introduces regulatory requirements for companies to attest to their safety
posture, it can be seen as a hammer approach rather than a carrot approach to
trust assurance. He emphasized that businesses should proactively embrace trust
practices to demonstrate value, rather than only reacting to regulatory
pressure.
The IoT security enigma: Safely navigating an interconnected realm
The question of IoT security is a crisis waiting to happen. Inadequate
passwords, obsolete software, and absence of proper encryption are an open
invitation for hackers to breach sensitive information or seize control of these
devices. The fallout can be severe, ranging from identity theft to financial
damage and even physical harm. Data privacy is another significant concern. IoT
devices amass and generate vast quantities of data, including potentially
sensitive information such as location, health data, or financial transactions.
Safeguarding this data is paramount to preserving individual privacy and
security. Identity theft is another concern. By compromising IoT devices,
hackers can gather personal information like login credentials or credit card
details, causing chaos for victims. ... The convenience and benefits of the
interconnected world are inseparable from cyber threats that call for immediate
redress. The principal challenges surrounding IoT security range from a lack of
inbuilt security measures to weakly encrypted communication protocols.
4 Popular Master Data Management Implementation Styles
The Registry approach is the dominant one among organizations that deal with
many disparate data sources, particularly smaller and mid-sized ones. It works
by placing data from all of those sources into one central repository where the
data can be cleaned, consolidated, and aligned. Matching algorithms are used to
identify and remove duplicates. An advantage of this approach is that the
original data isn’t altered—changes are made directly within source systems as
opposed to a separate MDM repository. Anyone verifying the truth of data,
therefore, can use global identifiers to track it back to the original unaltered
source. ... The Coexistence style of MDM implementation enables the MDM hub and
the original data sources to all coexist fully in real time. Because there is no
delay in updating records from one system to another, the golden record remains
accurate at all times—as do the related applications that feed the data—leading
to efficiency, timeliness, and complete accuracy.
Balancing risk and compliance: implications of the SEC’s new cybersecurity regulations
Guaranteeing that sensitive information is protected while ensuring companies
demonstrate compliance requires the striking of a delicate balance.
Consideration of how and when the attorney-client privilege - both the one
that belongs to corporate communications and one that can be exclusive to the
board - comes into play when conducting internal policy and reporting reviews,
preparing draft reports that identify gaps and suggestions for closing them,
determining what external vendors to use and communications with them, and
related aspects of cyber readiness. ... The new SEC rules signal a shift in
corporate cybersecurity management. These rules, although challenging, offer
an opportunity for companies to exhibit their commitment to managing these
risks. With the right tools, services, and advice, businesses can not only
comply with these new rules but also bolster their overall cybersecurity
posture, thereby protecting their operations, reputation, and bottom line.
How AI brings greater accuracy, speed, and scale to microsegmentation
Bringing greater accuracy, speed and scale to microsegmentation is an ideal
use case for AI, ML and the evolving area of new generative AI apps based on
private Large Language Models (LLMs). Microsegmention is often scheduled in
the latter stages of a zero trust framework’s roadmap because the large-scale
implementation can often take longer than expected. AI and ML can help
increase the odds of success earlier in a zero-trust initiative by automating
the most manual aspects of implementation. Using ML algorithms to learn how an
implementation can be optimized further strengthens results by enforcing the
least privileged access for every resource and securing every
identity. Forrester found that the majority of microsegmentation projects
fail because on-premise private networks are among the most challenging
domains to secure. Most organizations’ private networks are also flat and defy
granular policy definitions to the level that microsegmentation needs to
secure their infrastructure fully.
Quote for the day:
"Good leadership consists of showing
average people how to do the work of superior people." --
John D. Rockefeller
No comments:
Post a Comment