[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
Move over CISO: The Chief Data Officer may be sharing part of your job
The CDO title has been around for almost six years as companies realized the business value of their data, and that they needed someone to rein it in.
Now, as companies move into the post-infrastructure era where data is moving outside the organization and into the cloud, one Gartner analyst suggests that the CDO could be responsible for more than just managing data, understanding where it resides and who uses it.
He could also focus on “strategies to improve the protection of that data as it lives in infrastructure that you don’t control anymore,” says Peter Firstbrook, a Gartner research vice president.
Today, there are only about 1,000 chief data and chief analytics officers in the world, according to Gartner.
By 2019, Gartner predicts that 90 percent of all global enterprises will have appointed a CDO.
But exactly what the CDO’s responsibilities are and how companies will manage the overlap of duties in the C-suite remain to be seen.
Most financial services organizations need a CDO to manage data risk and compliance.
Consumer packaged goods or healthcare organizations hired CDO to drive cost efficiency and cost reduction, while most media and marketing companies want CDOs to drive extra revenue.
Each responsibility requires different skills, and the ranking of most desired skills has shifted dramatically in the last few years, Cerilli says.
“The CDO role is an influencing role across the organization,” Cerilli says. “You can’t have responsibility for all information across all the company because there are different stakeholders in different business units.
The best of the best CDOs and CISOs realize that they need to work together to drive the change that’s necessary.”
the CDO role has evolved over the last few years from a technically-driven position to a more visionary role.
In a recent survey of CEOs by Russell Reynolds, technical depth dropped to sixth place among the most important skills required for a CDO, behind stakeholder management, storytelling and communication skills, being a visionary, the ability to execute and commercial acumen.
One chief data officer believes that the CDO movement is just industry hype, and that five years from now they will disappear from the C-suite.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=3a43b3844c&e=20056c7556
How Should CISOs Report Cyber Risks to Boards?
In KPMG’s “2015 Global Audit Committee Survey,” audit committee members ranked the quality of the information they received about cyber risks last among the 12 types of risks reported to them.
Forty-one percent of respondents rated cyber risk communications as “needs improvement.” Basically, boards gave CISOs a grade of F or, at best, a D.
KPMG listed the three most important questions for boards to ask as:
– What are the new cybersecurity threats and risks, and how do they affect our organization?
– Is our organization’s cybersecurity program ready to meet the challenges of today’s and tomorrow’s cyberthreat landscape?
– What key risk indicators should I be reviewing at the executive management and board levels to perform effective risk management in this area.
CISOs and their teams should look for tools that “present data to the boardroom and specifically the CISO in an actionable state, rather than what is often perceived as noise,” according to the report.
This means dashboards with near real-time representation of cyber risks and the ability to drill down by business sector to compare one sector with another or identify a source of high risk, and across time periods to see how the risks changed over time.
The goal for such a tool should be, as the report put it, “helping the CISO engage with the board in terms of risk and budget.”
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=757c58a72e&e=20056c7556
EFF launches security vulnerability disclosure program
In a blog post, EFF said the program gives researchers guidelines to follow when submitting bugs or vulnerabilities in software EFF develops — as well as the software the organization uses to run its sites and services.
EFF is looking for security vulnerabilities in HTTPS Everywhere, Privacy Badger for Chrome and Firefox, Phantom of the Capitol, Action Center, Let’s Encrypt Agent and the Boulder software.
In addition, the group has asked researchers to take a look at EFF web services and other “public facing software” the group uses on domains including eff.org, savecrypto.org and democracy.io, among others.
In order to qualify, researchers need to find flaws in the latest public release of EFF software.
The vulnerabilities EFF is looking for are cross-site request forgery (CSRF/XSRF), cross-site scripting (XSS), authentication bypass, remote code execution, SQL injection and privilege escalation flaws.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ebf3b2127d&e=20056c7556
Insurance companies will crack down on cyber security in 2016: Report
Predictions by combined company, Raytheon/Websense, said cyber insurance will move toward a ‘must have’ and ‘evidence based’ model with new minimum level requirements in place for policies.
This is expected to disrupt the cyber security industry and place new challenges on IT workers, while also driving improvements in companies’ ability to handle threats.
Moving forward, insurance companies will refuse to pay for breaches caused by ineffective security practices, while premiums and payouts will become more aligned with underlying security postures and better models of the cost of an actual breach, the report said.
“As cyber insurance becomes still more mainstream, savvy defenders should factor in policy costs with defensive posture buying decisions; considering the impact of verifiable security risk exposure, including the third-party continuous monitoring of corporate networks for risky user behavior.”
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f33fdccdf3&e=20056c7556
Top Ten Cyber Risks for Oil and Gas
DNV GL has released a study that reveals the top ten most pressing cyber security vulnerabilities for companies operating offshore Norway that is relevant globally.
Norwegian intelligence authorities are warning of an increase in digital threats aimed at Norwegian industry.
Events over the past few years show that the energy and petroleum sectors are among the most vulnerable.
The methods are becoming increasingly innovative and the attackers more sophisticated.
The top ten cyber security vulnerabilities:
– Lack of cyber security awareness and training among employees
– Remote work during operations and maintenance
– Using standard IT products with known vulnerabilities in the production environment
– A limited cyber security culture among vendors, suppliers and contractors
– Insufficient separation of data networks
– The use of mobile devices and storage units including smartphones
– Data networks between on- and offshore facilities
– Insufficient physical security of data rooms, cabinets, etc.
– Vulnerable software
– Outdated and ageing control systems in facilities.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=dce77f8c6f&e=20056c7556
Countdown to the General Data Protection Regulation…
With the festive season now firmly upon us, there are indications that European Union institutions could soon be delivering an early Christmas present to businesses: the conclusion of trilogue negotiations on the General Data Protection Regulation (‘GDPR’).
The GDPR, according to the latest document to come out of Brussels, aims to “reinforce data protection rights of individuals, facilitate the free flow of personal data in the digital single market and reduce administrative burden.” The EU Commission, Parliament and Council are currently locked in closed-door negotiations to agree to the final text of the GDPR, and while some uncertainty remains over the exact provisions that will be included, the latest available text from the European Presidency
Once the GDPR is finalised, there will be a two-year transition period until it comes into effect.
Organisations should use this time to fully consider the implications of GDPR on their operations, and to implement any changes necessary to ensure compliance with the increasingly long arm of European data protection law.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a6b70369cd&e=20056c7556
Hackers mastering dark art of cybercrime as businesses prepare for year of attacks
Here are Check Point’s top ten predictions for security threats and trends which it expects to see in 2016:
1) Sniper’ and ‘shotgun’ malware:
2) More mobile threats on the way:
3) More businesses will turn to advanced threat prevention:
3) More businesses will turn to advanced threat prevention:
4) Critical infrastructures will be highly targeted:
5) IoT and smart devices are still at risk:
6) Wearables won’t be safe, either:
7) Trains, planes, and automobiles:
8) Real security for virtual environments:
9) New environments will bring new threats:
10) Organisations will look to security consolidation:
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=304a75b1b7&e=20056c7556
RCMP Cybercrime Strategy to fight online crimes
The Canadian law enforcement agency, the Royal Canadian Mounted Police plans to set up a special cyber crime unit to tackle “online threats to Canada’s “political, economic, and social integrity.”
The Canadian law enforcement agency, the Royal Canadian Mounted Police plans to set up a special cyber crime unit to tackle “online threats to Canada’s “political, economic, and social integrity.”
The new unit will be based in Ottawa and it will be tasked to “investigate the most significant threats to Canada’s political, economic, and social integrity that would negatively affect Canada’s reputation and economy.”
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=19982e0efb&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=7a95a266b5)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)