Schaumburg, IL–(business wire)–Entering a new year provides a rare opportunity for digital trust professionals to not only re-evaluate their functions and practices within their organizations, but also consider how they can continue to grow in their role. In this light, ISACA experts recently highlighted their 2023 insights and recommendations in the areas of privacy, cybersecurity, audit, and risk in a series of blog posts on the ISACA Now blog.
privacy
In this complex data privacy landscape, Dr. Lisa McKee, Director of Governance, Risk, Compliance, and Privacy at Hudl and member of the ISACA Emerging Trends Working Group, said experts are adopting Zero Trust privacy in data governance. recommended. Coming into the new year, the ComPriSec approach, or the fusion of compliance, privacy, and security. In a recent blog post, she emphasizes the important role of privacy engineers, but in addition to having strong privacy experts, consumers everywhere need to do their part, and the It also emphasizes that you should pay attention to his presence online.
“Privacy risk appetite is rarely discussed among boards and leaders. Privacy leaders should ensure that their programs include a privacy risk management program, privacy risk appetite, privacy risk tolerance, privacy key performance indicators, privacy key We need to make sure we’re focused on risk metrics, privacy metrics and reporting, and in 2023, the need for these will increase as the compliance landscape continues to evolve,” said McKee. .
cyber security
In her blog post, Global Chief Information Security Officer Samantha Hart highlights the need for cybersecurity professionals to prepare on both a professional and personal level as they enter the new year. increase. Also this:
-
Develop a personal accident response plan that takes into account family life
-
Visit the office and connect face-to-face with colleagues
-
know the business
-
be flexible
-
Keeping people at the forefront while adopting technology and tools
“Yes, we need to fully understand the attack surface and make sure we have all the controls to detect and respond to it. We respond to alerts with human eyes to determine what is benign and what is offensive,” says Hart.
audit
The changing technology landscape has realigned the business landscape, especially given the increase in cloud implementations accelerated by the pandemic.
“The biggest frustration for many leading information security professionals is the inability of the IT audit community to keep up with this rapidly changing environment and not fully upskill and adapt,” a recent blog from BDO USA. Post: “Looking ahead to 2023, traditional audit approaches used to assess legacy IT environments are irrelevant in today’s world’s decoupled, cloud-native architectures.”
Prasad highlights some areas auditors should focus on to gain an edge in the year ahead, including understanding cloud-native DevOps and managing cloud security postures, assessing privacy compliance, and gaining knowledge of vulnerability management and scope. Find out what for each type of vulnerability scan. In addition, he emphasizes the importance of auditors having strong soft skills in addition to technical skills.
Danger
Kerris Lee, ISACA Global Director of Enterprise Risk Management, notes that risk management professionals are actually doing more to de-duplicate risks, including enhancing risk identification and governance processes by de-duplicating risks. It provides tips to direct your attention to addressing high-impact, commonly-forgotten behavioral items. Risk management has a role in reviewing organizational policies, establishing incident response and business continuity plan reviews her cycles, and procurement and contracting processes. Additionally, in his post, he notes that seniors trying to set the right tone for the enterprise risk management role with his leadership at the top will go a long way in helping other members of the organization to understand and appreciate the function. Said it helps.
“There are many areas that risk management professionals should focus on in their day-to-day work, but in my experience these are often overlooked and can be detrimental to an organization over time,” says Lee. says Mr. “Small things often make a big difference, assuming you’re already doing big things well.”
For more insights from these four experts and others around the world, please visit www.isaca.org/blog. Digital Trust World 2023 will bring digital trust professionals together to discuss these and other priorities.
About ISACA
ISACA® (www.isaca.org) is a global community empowering individuals and organizations in their quest for digital trust. For over 50 years, ISACA has provided individuals and businesses with the knowledge, qualifications, education, training and community to advance their careers, transform their organizations and build a more trustworthy and ethical digital world. ISACA is a global professional association and learning organization that leverages the expertise of over 165,000 members working in areas of digital trust such as information security, governance, assurance, risk, privacy and quality. It is present in 188 countries with 225 chapters worldwide. ISACA supports her IT education and career paths for underresourced and underrepresented people through a foundation called One In Tech.
twitter: www.twitter.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAGlobal
Instagram: www.instagram.com/isacanews
