Sign in
  • News
  • Interviews
  • 2021: The Comeback Year
  • Articles
  • Insights
    • Guest Post
    • Use Cases
    • Events
  • Quick Bytes
  • RESOURCES
Sign in
Welcome!Log into your account
Forgot your password?
Privacy Policy
Password recovery
Recover your password
Search
Friday, July 1, 2022
  • Sign in / Join
Sign in
Welcome! Log into your account
Forgot your password? Get help
Privacy Policy
Password recovery
Recover your password
A password will be e-mailed to you.
ITSECURITYWIRE FAVCON ITSECURITYWIRE FAVCON ITSecurityWire
  • News
  • Interviews
  • 2021: The Comeback Year
  • Articles
  • Insights
    • Guest Post
    • Use Cases
    • Events
  • Quick Bytes
  • RESOURCES
Home Cloud Security Ensuring Privacy Compliances Needs To Be Meaningful, Not Just Cosmetic
  • Cloud Security
  • Critical Infrastructure Security
  • Cybersecurity
  • Data Privacy
  • Data Security
  • Enterprise Security
  • GDPR
  • Infrastructure Security
  • Interviews
  • IT Security & Cybersecurity Awareness

Ensuring Privacy Compliances Needs To Be Meaningful, Not Just Cosmetic

By
ITsec Bureau
-
April 10, 2020
71
Privacy Compliances, Gartner, smartphones, currency bank account, Simona Rollinson, CTO, ISACA, Enterprise Risk Management, GDPR and CCPA, Data privacy, compliance programs, security management CEO, CTO
Ensuring Privacy Compliances Needs To Be Meaningful, Not Just Cosmetic
Simona Rollinson, ISACA

“Gartner predicts that by 2025, 50% of people with a smartphone but without a bank account will be using mobile access to a currency account.”

Simona Rollinson, CTO, ISACA emphasizes that both people initiatives and the power of policy are needed to fight the ensuing risk.

Globally, the adoption of risk management has been a slow process. What steps do you think companies should take to ensure faster adoption, given the almost constant threat environment enterprises face?

I have been in the IT business for the last 25 years and worked in various industries, from government, non-profit and construction, to leading a software company. ISACA’s State of Enterprise Risk Management Survey findings show that, unfortunately, only 29% of respondents are highly confident that enterprise can predict the impact of vulnerabilities associated with emerging technologies. Some of the things have worked in the past and the past is a good prediction for the future. For about 10 years we were talking about the cloud coming, and now it is here and even witnessing a rapid adoption. That can serve as a prediction curve for other emerging technologies. The adoption of the cloud has become a prime source of risk for enterprises. A couple of years ago, people seldom talked about risk, only about cybersecurity and information security, and now the whole idea of clearly defining risk has become important.

Recommended read: Effective Content Management Drives Successful Digital Transformation Journey

Many times IT professionals do not understand the complexities of their own business. The vulnerabilities in the construction industries will be different from the manufacturing or finance industry. One size does not fit all, and it takes time to decode the type of risk. Setting expectations according to the industry and optimizing risk is the key to having meaningful and faster adoption of technologies and risk management.

Data privacy is now structured by compliances like GDPR and CCPA. What role does ISACA play in ensuring companies meet them?

In the last 12 months, privacy regulations have been developing uncharacteristically fast. Many organizations are confused and, in many cases, they are unable to adopt these policies and privacy programs. It is not just GDPR, but the  CCPA law from California is going to become more impactful to companies in the US. Users are more likely to switch to product companies or competition if they believe another provider will handle their personal data in a better way, as they are becoming more educated about their data rights. Companies may actually lose money if they don’t restructure their data privacy and compliance programs.

ISACA is at the front end of this. We are providing our members and the global professional community with an array of knowledge resources on these topics. We share interactive training during our conferences. We are developing a whole discipline around data privacy becausewe believe it is here to stay and it is transformational.

Recommended read: Four Ways Enterprises Should Gear Up For Perfect Cloud-Automation Value Boost

In your opinion as a technology expert, how would you compare policies to technology tools for better security management?

It is like a chicken and egg situation. Is it policy or is it tools or both of them? The policies need to precede the selection of technology tools, in my opinion. It is like the old framework of people, profit and technology. They have to come in this order. People are crucial, but policies are quite essential. As IT executives, we need to understand and define the main processes for cybersecurity, governance, identity and access management, awareness and education, vulnerability management, and incident response. I would suggest using tools that measure the maturity of an organization around policies is an important step so that we can continuously communicate with our stakeholders and board effectively.

Change management is a big part of transformation. How does ISACA support companies in that aspect of moving to better security practices?

Change management is one of those things that everyone is using in a different context from each other, but it is about the mobilization of a security champion and making sure a company raises awareness around security and risk management .

Change management starts with a well-educated and trained workforce. ISACA provides certifications and also has Cybersecurity Nexus, or CSX. CSX provides hands-on interaction courses and tools where people can learn how to combat different vulnerabilities and mitigate live cyber incidents. These are some of the educational materials we create on a regular basis, which have been instrumental in increasing the ability of cybersecurity professionals to be continuously prepared to fight vulnerabilities and cyber incidents.

As CTO in an organization like ISACA, what difference do you think you can make to the information systems’ security in companies?

I am responsible for protecting the enterprise of ISACA, to drive digital transformation and increase security at my own organization. However, I also provide inputs to the teams at ISACA based on my experience and my background to drive programs, training and learning opportunities that can be shared with a more massive membership base and help the organization to strengthen the security worldwide. I have internal as well as external focus by working with our subject matter experts in developing frameworks.

Recommended read: IoT Will Enable “Hotels of the Future”

We are working in the area of cybersecurity and new emerging technologies and looking at different drivers. For example, according to Gartner predictions, by 2025, 50% of people with a smartphone but without a bank account will be using mobile access to a currency account. Based on our expertise in protecting intellectual property, we are looking at blockchain and countering deep fake technology. With AI and ML, we are doubling down on standards and frameworks, and we believe regulations will be coming on those areas for which can be on the front lines.

“Change management is one of those things that everyone is using in a different context from each other, but it is about the mobilization of a security champion and making sure a company raises awareness around security and risk management.”

Simona Rollinson, CTO, at ISACA

  • Simona Rollinson

Simona Rollinson

Simona Rollinson is ISACA’s Chief Technology Officer (CTO), leading ISACA’s technology team, driving the organization’s continuing digital transformation, and exploring new opportunities for harnessing technology to elevate the educational and professional development experiences for ISACA’s members and enterprise customers. She plays a key role in transforming ISACA’s learning technology platform to support the professional community at all levels and stages, from individual development to enterprise solutions.

  • TAGS
  • compliance programs
  • CTO
  • currency bank account
  • data privacy
  • Enterprise Risk Management
  • Gartner
  • GDPR and CCPA
  • ISACA
  • Privacy Compliances
  • security management CEO
  • Simona Rollinson
  • smartphones
Previous articleCyber Security in the Industrial Control System in 2020 and Beyond
Next articleNewgen’s Loan Origination Software Helping Leading US Financial Institutions Quickly Process Paycheck Protection Program Loans
ITsec Bureau
http://itsecuritywire.com/

RELATED ARTICLESMORE FROM AUTHOR

David MacKinnon

Defending Against Advanced Threats in an Evolving Threat Landscape

Staying Ahead of Evolving Cyber Threats

Staying Ahead of Evolving Cyber Threats

Mapping the Current Cybersecurity Landscape-03

Mapping the Current Cybersecurity Landscape

Latest posts

MetricStream Accelerates

MetricStream Accelerates Growth in Asia Pacific with Hiring of Managing Director of APAC, Based in...

January 19, 2021
Data Localization

Data Localization Suite launched by Cloudflare

December 8, 2020
DevSecOps Capability Practice

Steampunk Taps Alan Crouch to Lead Its DevSecOps Capability Practice

July 16, 2020
Chris Haas Named New CEO of Meridian Cooperative

Meridian Cooperative Appoints Chris Haas as the New CEO

April 21, 2022
Remote Employee

CyberCrunch Launches Nationwide Remote Employee Electronics Recycling and Data Destruction Service

July 8, 2020


An invaluable resource for all your IT security initiatives and assets.

Knowledge sharing platform for all IT security needs and plans. Peer to peer conversations that leverage industry experts and leaders for ideas, opinions and business insights.

Media@ITSecurityWire.com
Sales@ITSecurityWire.com

Recent Posts

  • Google Has Blocked Domains of Hack-for-Hire Groups in the UAE, Russia, and India
  • Google Workspace Will Now Notify Admins of Critical Changes
  • ZuoRAT Can Replace Commonly Used SOHO Routers
  • Living Security Reveals New Brand Identity to Reflect Company’s Vision and Direction of Human Risk Management
  • Apiiro Expands Right from Code to Runtime To Assist Developers Fix Risks Quickly

Visit Our Other Publication

Quick Links

  • About Us
  • News
  • Featured Articles
  • Featured Interview
  • Guest Post
  • Privacy Policy
  • Do Not Sell My Information
An Imprint of OnDot ® Media © | All rights reserved | Privacy Policy