[From the desk of Paul Davis – his opinions and no-one else’s]
\nApart from the reporter’s opinions \ud83d\ude09
\nSo onto the news:<\/p>\n
Move over CISO: The Chief Data Officer may be sharing part of your job
\nThe CDO title has been around for almost six years as companies realized the business value of their data, and that they needed someone to rein it in.
\nNow, as companies move into the post-infrastructure era where data is moving outside the organization and into the cloud, one Gartner analyst suggests that the CDO could be responsible for more than just managing data, understanding where it resides and who uses it.
\nHe could also focus on \u201cstrategies to improve the protection of that data as it lives in infrastructure that you don\u2019t control anymore,\u201d says Peter Firstbrook, a Gartner research vice president.
\nToday, there are only about 1,000 chief data and chief analytics officers in the world, according to Gartner.
\nBy 2019, Gartner predicts that 90 percent of all global enterprises will have appointed a CDO.
\nBut exactly what the CDO\u2019s responsibilities are and how companies will manage the overlap of duties in the C-suite remain to be seen.
\nMost financial services organizations need a CDO to manage data risk and compliance.
\nConsumer packaged goods or healthcare organizations hired CDO to drive cost efficiency and cost reduction, while most media and marketing companies want CDOs to drive extra revenue.
\nEach responsibility requires different skills, and the ranking of most desired skills has shifted dramatically in the last few years, Cerilli says.
\n\u201cThe CDO role is an influencing role across the organization,\u201d Cerilli says. \u201cYou can\u2019t have responsibility for all information across all the company because there are different stakeholders in different business units.
\nThe best of the best CDOs and CISOs realize that they need to work together to drive the change that\u2019s necessary.\u201d
\nthe CDO role has evolved over the last few years from a technically-driven position to a more visionary role.
\nIn a recent survey of CEOs by Russell Reynolds, technical depth dropped to sixth place among the most important skills required for a CDO, behind stakeholder management, storytelling and communication skills, being a visionary, the ability to execute and commercial acumen.
\nOne chief data officer believes that the CDO movement is just industry hype, and that five years from now they will disappear from the C-suite.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=3a43b3844c&e=20056c7556<\/p>\n
How Should CISOs Report Cyber Risks to Boards?
\nIn KPMG\u2019s \u201c2015 Global Audit Committee Survey,\u201d audit committee members ranked the quality of the information they received about cyber risks last among the 12 types of risks reported to them.
\nForty-one percent of respondents rated cyber risk communications as \u201cneeds improvement.\u201d Basically, boards gave CISOs a grade of F or, at best, a D.
\nKPMG listed the three most important questions for boards to ask as:
\n– What are the new cybersecurity threats and risks, and how do they affect our organization?
\n– Is our organization\u2019s cybersecurity program ready to meet the challenges of today\u2019s and tomorrow\u2019s cyberthreat landscape?
\n– What key risk indicators should I be reviewing at the executive management and board levels to perform effective risk management in this area.
\nCISOs and their teams should look for tools that \u201cpresent data to the boardroom and specifically the CISO in an actionable state, rather than what is often perceived as noise,\u201d according to the report.
\nThis means dashboards with near real-time representation of cyber risks and the ability to drill down by business sector to compare one sector with another or identify a source of high risk, and across time periods to see how the risks changed over time.
\nThe goal for such a tool should be, as the report put it, \u201chelping the CISO engage with the board in terms of risk and budget.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=757c58a72e&e=20056c7556<\/p>\n
EFF launches security vulnerability disclosure program
\nIn a blog post, EFF said the program gives researchers guidelines to follow when submitting bugs or vulnerabilities in software EFF develops — as well as the software the organization uses to run its sites and services.
\nEFF is looking for security vulnerabilities in HTTPS Everywhere, Privacy Badger for Chrome and Firefox, Phantom of the Capitol, Action Center, Let’s Encrypt Agent and the Boulder software.
\nIn addition, the group has asked researchers to take a look at EFF web services and other “public facing software” the group uses on domains including eff.org, savecrypto.org and democracy.io, among others.
\nIn order to qualify, researchers need to find flaws in the latest public release of EFF software.
\nThe vulnerabilities EFF is looking for are cross-site request forgery (CSRF\/XSRF), cross-site scripting (XSS), authentication bypass, remote code execution, SQL injection and privilege escalation flaws.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ebf3b2127d&e=20056c7556<\/p>\n
\u200bInsurance companies will crack down on cyber security in 2016: Report
\nPredictions by combined company, Raytheon\/Websense, said cyber insurance will move toward a \u2018must have\u2019 and \u2018evidence based\u2019 model with new minimum level requirements in place for policies.
\nThis is expected to disrupt the cyber security industry and place new challenges on IT workers, while also driving improvements in companies\u2019 ability to handle threats.
\nMoving forward, insurance companies will refuse to pay for breaches caused by ineffective security practices, while premiums and payouts will become more aligned with underlying security postures and better models of the cost of an actual breach, the report said.
\n\u201cAs cyber insurance becomes still more mainstream, savvy defenders should factor in policy costs with defensive posture buying decisions; considering the impact of verifiable security risk exposure, including the third-party continuous monitoring of corporate networks for risky user behavior.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f33fdccdf3&e=20056c7556<\/p>\n
Top Ten Cyber Risks for Oil and Gas
\nDNV GL has released a study that reveals the top ten most pressing cyber security vulnerabilities for companies operating offshore Norway that is relevant globally.
\nNorwegian intelligence authorities are warning of an increase in digital threats aimed at Norwegian industry.
\nEvents over the past few years show that the energy and petroleum sectors are among the most vulnerable.
\nThe methods are becoming increasingly innovative and the attackers more sophisticated.
\nThe top ten cyber security vulnerabilities:
\n– Lack of cyber security awareness and training among employees
\n– Remote work during operations and maintenance
\n– Using standard IT products with known vulnerabilities in the production environment
\n– A limited cyber security culture among vendors, suppliers and contractors
\n– Insufficient separation of data networks
\n– The use of mobile devices and storage units including smartphones
\n– Data networks between on- and offshore facilities
\n– Insufficient physical security of data rooms, cabinets, etc.
\n– Vulnerable software
\n– Outdated and ageing control systems in facilities.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=dce77f8c6f&e=20056c7556<\/p>\n
Countdown to the General Data Protection Regulation\u2026
\nWith the festive season now firmly upon us, there are indications that European Union institutions could soon be delivering an early Christmas present to businesses: the conclusion of trilogue negotiations on the General Data Protection Regulation (\u2018GDPR\u2019).
\nThe GDPR, according to the latest document to come out of Brussels, aims to \u201creinforce data protection rights of individuals, facilitate the free flow of personal data in the digital single market and reduce administrative burden.\u201d The EU Commission, Parliament and Council are currently locked in closed-door negotiations to agree to the final text of the GDPR, and while some uncertainty remains over the exact provisions that will be included, the latest available text from the European Presidency
\nOnce the GDPR is finalised, there will be a two-year transition period until it comes into effect.
\nOrganisations should use this time to fully consider the implications of GDPR on their operations, and to implement any changes necessary to ensure compliance with the increasingly long arm of European data protection law.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a6b70369cd&e=20056c7556<\/p>\n
\u200bHackers mastering dark art of cybercrime as businesses prepare for year of attacks
\nHere are Check Point\u2019s top ten predictions for security threats and trends which it expects to see in 2016:
\n1) Sniper\u2019 and \u2018shotgun\u2019 malware:
\n2) More mobile threats on the way:
\n3) More businesses will turn to advanced threat prevention:
\n3) More businesses will turn to advanced threat prevention:
\n4) Critical infrastructures will be highly targeted:
\n5) IoT and smart devices are still at risk:
\n6) Wearables won\u2019t be safe, either:
\n7) Trains, planes, and automobiles:
\n8) Real security for virtual environments:
\n9) New environments will bring new threats:
\n10) Organisations will look to security consolidation:
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=304a75b1b7&e=20056c7556<\/p>\n
RCMP Cybercrime Strategy to fight online crimes
\nThe Canadian law enforcement agency, the Royal Canadian Mounted Police plans to set up a special cyber crime unit to tackle \u201conline threats to Canada\u2019s \u201cpolitical, economic, and social integrity.\u201d
\nThe Canadian law enforcement agency, the Royal Canadian Mounted Police plans to set up a special cyber crime unit to tackle \u201conline threats to Canada\u2019s \u201cpolitical, economic, and social integrity.\u201d
\nThe new unit will be based in Ottawa and it will be tasked to \u201cinvestigate the most significant threats to Canada\u2019s political, economic, and social integrity that would negatively affect Canada\u2019s reputation and economy.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=19982e0efb&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: ** Subscribe to this list (http:\/\/paulgdavis.us3.list-manage.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
** Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage1.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=7a95a266b5)<\/p>\n
** Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s] Apart from the reporter’s opinions \ud83d\ude09 So onto the news: Move over CISO: The Chief Data Officer may be sharing part of your job The CDO title has been around for almost six years as companies realized the…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1177","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1177","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1177"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1177\/revisions"}],"predecessor-version":[{"id":3664,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1177\/revisions\/3664"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1177"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1177"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1177"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}