You are here :   Welcome » RSS - Isaca.org
 
Preview  Print...  Print this page...
!Introduction
Technical
Tools
Knowledge base
Visits

 1614471 visitors

 5 visitors online

Contact

site Link
griessenconsulting-Tag-Qrcode.png

info@griessenconsulting.ch

ch.linkedin.com/in/thierrygriessenCISA

Neuchâtel, Suisse


CONTACT
griessenconsulting-Tag-Vcard-OK.png

Genere YOUR Code

RSS - Isaca.org

ISACA Now: Posts

http://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/AllPosts.aspx


RSS feed for the Posts list.


Women in Cybersecurity Often Worth More Than They Realize  View ?

Body:

Charlotte OsborneBefore beginning my career in cybersecurity recruitment, I worked in the female-dominant industry of travel public relations. I was largely oblivious to the challenges of being a female in the workplace because I was surrounded by other strong businesswomen on a day-to-day basis. As a result, it came as quite the shock when entering the male-centric world of cybersecurity. I was surprised by just how little women trusted themselves when it came to applying for high-level managerial positions, and how few females there were in this space.

It’s become a running theme when attending cyber networking events that for every 20 men I see, there will be one woman. While so many clients I work with accentuate the fact they require more females in their workplace, they tend to only see it from a gender diversity “tick a box” standpoint and are often frustrated or confused as to why they need more women in their team.

In Forbes’ article on the shortage of women in cybersecurity, Priscilla Moriuchi, Director of Strategic Threat Development at Recorded Future, said, “We need people with disparate backgrounds because the people we are pursuing, (threat actors, hackers, 'bad guys') also have a wide variety of backgrounds and experiences. The wider variety of people and experience we have defending our networks, the better our chances of success.”

While I believe this is true, I’d also like more attention paid to the value being added by women in the security space. Some of the work done by women in cyber recently was driven into the spotlight by Forbes’ US list of the 50 Top Women in Technology.

This list includes Manal Al-Sharif, who resides in Sydney, and is well-known for being the first Saudi woman to specialize in information security. She is also the Founder of Women 2 Hack Academy, Australia's first social enterprise dedicated to discovering women leaders and nurturing them to pursue a career in cybersecurity. She’s breaking down barriers and really proving what females are capable of achieving in this space.

New research from Cybersecurity Ventures found that women now represent 20 percent of the global cybersecurity workforce. While this is up from 11 percent in 2013, there’s still so much work that needs to be done.

Often, when I meet with female candidates, they’re completely unaware of their value in the market and just how much their skillset is worth. They undersell themselves both in terms of seniority and salary. There needs to be better recruitment strategies around attracting and influencing more females to get into, or progress, within cybersecurity.

It’s encouraging that we’re seeing more and more female cybersecurity graduates coming through now – the level of job applications I’m receiving from junior-level females is proof of this. That said, it’s imperative that we continue to aid young women in seeing cybersecurity as a progressive and attractive career path, and also to allow females at mid-senior levels to value their own worth.

In order to do this, recruitment and HR professionals need to be consultative with female candidates about the value of their skillset in the current market. Without giving them this kind of education, along with the confidence to ask for more, their abilities – which are like gold dust in today’s market – will be taken advantage of by employers who will often try to get them at the cheapest price possible.

Similarly, when I meet with exceptional female candidates and they say they lack the skills or experience to apply for a more senior role or managerial position, I do everything in my power to provide them with the confidence to go for it. In a male-centric industry, it can be intimidating to imagine managing peers, which will almost always include managing men.

This is justifiable as there will, unfortunately, always be those who will have a problem with female authority. Even as a young female recruiter, I come across clients in cybersecurity who are initially hesitant to work with me, and sometimes even make it obvious they’d rather work with my male counterparts instead. That is until I deliver them with a good service and prove their initial judgments to be false. If this is the kind of predisposition that even recruiters have to deal with in the security space, then I can understand why female candidates I work with are hesitant to apply for those senior positions. It’s imperative that we challenge the status quo and encourage girl power in this thriving industry.

Editor’s note: For more resources on this topic, visit ISACA’s SheLeadsTech website.

Category: Security
Published: 2/15/2019 3:31 PM

... / ... Read more...

(14/02/2019 @ 19:46)

North America CACS Keynoter Guy Kawasaki Sizes Up Innovation, Entrepreneurship  View ?

Body:

Guy KawasakiEditor’s note: Guy Kawasaki, a Silicon Valley-based author, speaker, entrepreneur and evangelist, will be the opening keynoter at ISACA’s 2019 North America CACS conference, to take place 13-15 May in Anaheim, California, USA. Kawasaki recently visited with ISACA Now to discuss some of the themes he will explore at North America CACS, including innovation and entrepreneurship. The following is an edited transcript. For more of Kawasaki’s insights, listen to his recent interview on the ISACA Podcast.

ISACA Now: At North America CACS, ISACA will be celebrating its 50th anniversary. Of all the technology-driven changes during that time, which do you consider to be the one that will have the longest-lasting impact?
It’s an all-encompassing change, but the internet by far will have the longest-lasting impact. And not all of the impact may be positive.

ISACA Now: How can practitioners be evangelists in their own right in support of innovation at their enterprises?
It would take a book to answer this question (which I have written). But the gist is that your innovation has to be “good news” that improves the life of your customers. It’s easy to evangelize good stuff. It’s hard to evangelize crap. Then you have to believe it’s good news and develop the skill set to do great demos to show, as opposed to tell, people why it’s good news.

ISACA Now: Which aspects of successful entrepreneurship tend to be most misunderstood?
That it’s fast, fun and easy. Entrepreneurship is slow, painful, and hard – and that’s if you succeed. Also, people vastly underestimate the role of luck and overestimate the impact of their skills.

ISACA Now: Your career has included time with Goliaths such as Apple and Google – what lessons from enterprises of that size are most applicable to smaller and medium-size businesses?
The lessons that Goliaths can teach are:

  1. Anything is possible. Two guys/gals in a garage can create the next big thing.
  2. Engineering counts more than marketing. We’re not talking about selling sugared water here.
  3. Trees don’t grow to the sky. Every company hits a wall or two. What matters is what you do after you hit the wall.

ISACA Now: What should organizations focus on to make sure they are bringing in leaders with the right skills for today’s fast-evolving business landscape?
Organizations should add a third parameter to what makes a good candidate. The first two are always work experience and educational background. I would make the case that a love of what the company does is just as important. Honestly, I’d rather have a candidate with imperfect experience and background who loves the product than a perfect candidate who “doesn't get it.”

Category: ISACA
Published: 2/14/2019 3:01 PM

... / ... Read more...

(13/02/2019 @ 20:30)

5G and AI: A Potentially Potent Combination  View ?

Body:

Kris SeeburnLast week’s US State of the Union address by President Donald J. Trump promised legislation to invest in “the cutting edge industries of the future.” Without much detail initially available, the White House filled in the blanks by suggesting “President Trump’s commitment to American leadership in Artificial Intelligence, 5G wireless, quantum science and advanced manufacturing will ensure that these technologies serve to benefit the American people and that the American innovation ecosystem remains the envy of the world for generations to come.”

This comes at a time when countries such as China have really taken a leap forward on these technologies, with Chinese telecommunications company Huawei making especially notable strides. On a global level, we need to understand that 5G stands at the crossroads of speed that will change the processing capabilities for AI and will narrow the gap between processing in the cloud versus on devices. It also is going to be a major contributor to driving centralized processing.

5G makes the debate around AI edge computing irrelevant. Imagine the speed in gigabits that 5G can deliver in terms of bandwidth, millisecond latencies and reliable connections. The network architecture easily supports AI processing and will change the AI landscape.

To provide some context, it is important to recognize how 5G and AI are embedded together. 5G is described as the next-generation mobile communication tech of the near future and will enhance the speed and integration of various other technologies. This will be driven by speed, quality of service, reliability and so much more that it can do to transform the current way we use the internet and its related services.

On the other end, we need to understand that AI is poised to allow machines and systems to function with intelligence levels similar to that of humans. With 5G helping in the background online simulations for analysis, reasoning, data fitting, clustering and optimizations, AI will become more reliable and accessible at the speed of light. Imagine that once you have trained your systems to perform certain tasks, performing analysis will become automatic and faster while costing far less.

Put simply, 5G speeds up the services that you may have on the cloud, an effect similar to being local to the service. AI gets to analyze the same data faster and can learn faster to be able to develop according to users’ needs.

5G also promises significant breakthroughs in traditional mobile communications systems. 5G is going to enhance the capabilities of our traditional networks. Even the speed we get over wire or fiber goes much further over a 5G network and evolves to support the applications of IoT in various fields, including business, manufacturing, healthcare and transportation. 5G will serve as the basic technology for future IoT technologies that connect and operate entire organizations, the aim being to support differentiated applications with a uniform technical framework.

However, with rapid development, AI is rising to these challenges as it becomes a promising potential support to the problems associated with the 5G era, and will lead to revolutionary concepts and capabilities in communications. This will also “up” the game in the applications world as business requirements become more prevalent. As mentioned, the narrowing gap between cloud and on-device processing will be foregone. The reinforcing of the massive IoT network dream will become more feasible.

In reality, 5G will take some time to have significant impact on AI processing. In the meantime, as AI applications are being integrated into devices, rather than waiting for 5G to be deployed, there seems to be a safe strategy to rely on device-based processing of AI. However, one thing is for sure: the push is to have 5G and AI integration happen on the same chips on your mobile smartphones, making those phones more intelligent as well.

The question now is are we ready to see this happen? Well, it already is beginning to unfold in some countries around the world, with China leading the pack. The smartphone arena seems to be especially competitive, which can force earlier adoption and change of networks. Be ready, from the security to assurance lanes, as we will need to re-adapt ourselves to those very standards sooner than later.

Category: Cloud Computing
Published: 2/12/2019 9:56 AM

... / ... Read more...

(11/02/2019 @ 16:26)

Shifting Technology Landscape Positions Auditors for Greater Impact  View ?

Body:

Brennan P. BaybeckEnterprises are exploring opportunities driven by digital transformation, identifying technology-driven paths to deliver more value, more quickly, while also benefiting from new process efficiencies. IT auditors must do the same to ensure they remain valued partners by the organizations for which they work.

As enterprises increasingly harness technologies such as artificial intelligence and data analytics – and deploy methodologies such as Agile and DevOps – the IT audit teams of the future would be well-served to mirror this approach if they wish to thrive amid the business technology landscape of the future.

Traditional auditing methods need to be revisited to more directly align with how businesses are operating, so audit teams are living what they are auditing instead of operating in parallel universes from their business partners. If auditors are going to audit areas like DevOps or Agile, it stands to reason that they should have direct familiarity with those methodologies. Not only would that background allow auditors to deliver deeper, more meaningful audits by better understanding the practitioner view, but auditors also would realize many of the same business benefits that motivated their colleagues to adopt the methodologies in the first place. For example, one of the main benefits the business is realizing is faster development of key capabilities. Auditors could realize that same benefit of quicker development and release in areas that have long been challenges in the audit field, such as faster development of audit programs and reporting, and more comprehensive, automated audit testing procedures.

While IT auditors have a proud, longstanding tradition of making strong contributions to their organizations, auditors are seldom known for being on the leading edge of pursuing new technical capabilities or finding innovative approaches to performing their work. That will need to change, at least to some extent, if IT auditors are going to remain indispensable in a future in which automation, artificial intelligence and other emerging tech trends will dictate changing roles for auditors and, in some cases, potentially put auditors’ roles in jeopardy.

New ISACA research on the future of IT audit highlights several compelling data points that provide perspective on how auditors and their organizations need to prepare for the changing nature of the IT audit profession. Among the notable data points:

  • Two-thirds of survey respondents (67 percent) observe difficulty recruiting auditors with the required technical skills
  • Nearly half (47 percent) expect that IT auditors will be significantly more involved in major tech projects in the next 3-5 years
  • An overwhelming majority (92 percent) express optimism when considering how technology will impact them professionally over the next five years

Organizations might not always be able to find the auditors with the technical skills they’re seeking immediately, which makes it even more important that they prioritize investing in education and skills-building capabilities as part of an ongoing strategy. That strategy needs to not only account for the conceptual, but also focus on the specific technologies and methodologies their audit teams need to understand. Given the rise of cybersecurity as a business imperative across all industries, auditors would be especially wise to pursue additional auditing cyber knowledge for how to better assess data protection and controls around key business processes. There is much work to do on the training front; the ISACA research shows that more respondents consider funding for training and professional development to be inadequate than those who say it is adequate. If organizations fail to remedy that in this evolving technology environment, their audit teams are likely to fall behind.

Traditionally, audit training has focused mostly on learning about emerging technology topics just prior to planning and performing an audit. While still important, this will not address the needs of the future. Similar to the IT business partners that auditors assess, the audit field should also focus on developing skills such as coding and testing, and areas such as AI and data analytics. These are skills and capabilities that audit teams will require in order to effectively perform their charter in the future. If the current auditor is not capable of adapting with these new skills, then the audit team will be required to find the person with those skills. This could be accomplished by seeking these capabilities from other talent pools, such as developers, co-sourcing or even complete outsourcing, which our research also has identified as trends.

Generally, respondents to the survey are right to be enthused about the future of IT audit. The coming years hold great promise for IT auditors, as an ever-expanding array of technology projects will benefit from auditors’ conscientiousness and unique ability to identify the process improvements and capability gaps that can make or break a project’s success. The more progressive audit teams, and the ones that will be best positioned to thrive in the future, are those that will proactively adopt the technologies and methodologies that their business partners are deploying, and those that commit to executing on a vision for continual training and education. Just as the digital transformation era is poised to enable organizations to better serve their customers and business partners, the same can hold true for the audit function.

Category: Audit-Assurance
Published: 2/11/2019 7:52 AM

... / ... Read more...

(10/01/2019 @ 18:27)

New Cybersecurity Pilot Program to Expand Career Pathways for Women in Chicago  View ?

Body:

Women in the Chicago area who are interested in exploring a career path in cybersecurity, particularly those who are underrepresented in the field, will now have the opportunity to join a pilot program launched last week by ISACA, along with AnitaB.org and the City Tech Collaborative.

At an event announcing the pilot program last week at The Connectory in Chicago, ISACA’s Tara Wisniewski, senior vice president, global affairs, and Alisha Wenc, manager, corporate programs, shared details about the pilot that will test the impact of free cybersecurity training on the workforce outcomes for women entering tech, alongside AnitaB.org, City Tech and Chicago Mayor Rahm Emanuel.

Emanuel praised the launch of this program, speaking about the ongoing need for a strong cybersecurity workforce and for underrepresented groups to be reflected in this talent. “This program will provide endless opportunities—there are no limits,” he said. “It doesn’t require four years. It doesn’t require six years. It doesn’t require a Ph.D. In six weeks, we can get people part of a digital economy who, for a whole host of reasons, would have been cut out.”

With weekend classes, industry partnerships, and mentorship opportunities, the pilot program is designed to be accessible, holistic, and supportive for participants. It will leverage ISACA’s CSX Training Platform and last eight weeks. Students will also be exposed to job skills, mentorship opportunities, and role models to help accelerate their careers.

During the Q&A, Wenc emphasized that the goal is to extend support for trainees beyond the training period of the program, noting that they welcome hearing from organizations that are interested in offering internship or employment opportunities.

The Cybersecurity training pilot was spurred by a $60,000 grant from City Tech’s Connect Chicago Innovation Program, which is a fund supporting bringing collaborative new ideas to life that ultimately increase tech access, skills and engagement in Chicago.

“The structural and cultural issues causing the gender imbalance in the tech industry are incompatible with the very values the industry espouses—innovation, creativity and diversity of thought,” said Wisniewski in her remarks. “Together, the organizations here today are committed to fixing that imbalance and restoring those values.”

To learn more, read the full press release here:  www.isaca.org/About-ISACA/Press-room/News-Releases/2019/Pages/city-tech-launches-new-cybersecurity-training-pilot-for-women-in-chicago-alongside-key-partners.aspx.

Those who are interested in applying for the pilot or in getting involved can visit https://community.anitab.org/event/anitab-org-chicago-isaca-cyber-security-training-program/.

Category: ISACA
Published: 2/8/2019 3:50 PM

... / ... Read more...

(08/02/2019 @ 22:31)

How to Approach Blockchain Deployment While Mitigating Risk  View ?

Body:

Varun EbenezerBlockchain has emerged as one of the most promising technological developments of the past decade. Originating from the digital currency Bitcoin, blockchain employs use of a distributed ledger to provide consensus through its decentralized participants, eliminating the need for a central authority. This advancement has the potential to transform several key industries, much like the rise of the internet did in the 1990s.

Blockchain technology has a multitude of benefits, such as enabling peer-to-peer transactions, transparency, cost reduction, speed, fraud mitigation, and security by design. However, as is the case with any emerging technology, there are several risks with blockchain that should be considered by organizations that plan to use it. There are currently no universally accepted standards in place for blockchain, nor is there clear guidance available from a regulatory perspective. Due to these conditions, caution must be used when deploying blockchain technology at an enterprise level.

ISACA has developed a Blockchain Preparation Audit Program to provide organizations with a framework to manage blockchain. The program covers six key areas: pre-implementation, governance, development, security, transactions and consensus.

These areas touch upon the primary risks that are associated with use of blockchain, and aim to achieve the following objectives:

  • Assess an organization’s blockchain solution to determine whether it is adequately designed and operationally effective
  • Identify blockchain risks which could result in reputational and/or material impact
  • Provide organizations with a holistic perspective on blockchain technology, with consideration for both technical and non-technical factors

When properly deployed, blockchain can provide substantial benefits. However, blockchain is not practical for every organization, and management must ensure that its use supports business objectives accordingly. The following are examples of adverse impacts that can occur when a blockchain solution does not align with business objectives:

  • Impractical use cases that are in misalignment with organizational strategy
  • Inadequate deployment that results in wasted time and resources
  • A blockchain solution that does not function properly
  • Potential for noncompliance with industry regulators
  • Vulnerabilities that could impact source code, endpoints, and sensitive data

In addition to the risks discussed above, the blockchain audit/assurance preparation program also will allow organizations to consider other relevant questions. Some of these questions include:

  • Was there a business case assessment created for the use of blockchain? Was it approved by key stakeholders?
  • What were some practical use cases that the organization was looking to use blockchain for?
  • What type of blockchain (permissioned vs. permission-less) is the organization using?
  • Are blockchain wallet private keys being managed by a clearly identified custody approach?
  • How is the organization acquiring the required development expertise to support the blockchain solution?
  • How were vendors selected to support the organization’s blockchain solution? What due diligence processes were followed?
  • Does management adequately understand blockchain technology, and are they providing effective oversight?
  • What is the approach being used to manage applicable regulatory risks?

Editor’s note: The Blockchain Preparation Audit Program is complimentary for ISACA members.

Category: Audit-Assurance
Published: 2/8/2019 10:02 AM

... / ... Read more...

(07/02/2019 @ 17:02)

Last import : 16/02/2019 @ 14:15