• News
  • Interviews
  • Articles
  • Podcasts
  • Insights
    • Future Ready
    • Guest Post
    • Use Cases
    • Events
  • Quick Bytes
  • RESOURCES
Sign in
Welcome!Log into your account
Forgot your password?
Privacy Policy
Password recovery
Recover your password
Search
Tuesday, May 30, 2023
Sign in
Welcome! Log into your account
Forgot your password? Get help
Privacy Policy
Password recovery
Recover your password
A password will be e-mailed to you.
ITSECURITYWIRE FAVCON ITSECURITYWIRE FAVCON ITSecurityWire
  • News
  • Interviews
  • Articles
  • Podcasts
  • Insights
    • Future Ready
    • Guest Post
    • Use Cases
    • Events
  • Quick Bytes
  • RESOURCES
Home Cloud Security Ensuring Privacy Compliances Needs To Be Meaningful, Not Just Cosmetic
  • Cloud Security
  • Critical Infrastructure Security
  • Cybersecurity
  • Data Privacy
  • Data Security
  • Enterprise Security
  • GDPR
  • Infrastructure Security
  • Interviews
  • IT Security & Cybersecurity Awareness

Ensuring Privacy Compliances Needs To Be Meaningful, Not Just Cosmetic

By
ITsec Bureau
-
April 10, 2020
99
Privacy Compliances, Gartner, smartphones, currency bank account, Simona Rollinson, CTO, ISACA, Enterprise Risk Management, GDPR and CCPA, Data privacy, compliance programs, security management CEO, CTO
Ensuring Privacy Compliances Needs To Be Meaningful, Not Just Cosmetic
Simona Rollinson, ISACA

“Gartner predicts that by 2025, 50% of people with a smartphone but without a bank account will be using mobile access to a currency account.”

Simona Rollinson, CTO, ISACA emphasizes that both people initiatives and the power of policy are needed to fight the ensuing risk.

Globally, the adoption of risk management has been a slow process. What steps do you think companies should take to ensure faster adoption, given the almost constant threat environment enterprises face?

I have been in the IT business for the last 25 years and worked in various industries, from government, non-profit and construction, to leading a software company. ISACA’s State of Enterprise Risk Management Survey findings show that, unfortunately, only 29% of respondents are highly confident that enterprise can predict the impact of vulnerabilities associated with emerging technologies. Some of the things have worked in the past and the past is a good prediction for the future. For about 10 years we were talking about the cloud coming, and now it is here and even witnessing a rapid adoption. That can serve as a prediction curve for other emerging technologies. The adoption of the cloud has become a prime source of risk for enterprises. A couple of years ago, people seldom talked about risk, only about cybersecurity and information security, and now the whole idea of clearly defining risk has become important.

Recommended read: Effective Content Management Drives Successful Digital Transformation Journey

Many times IT professionals do not understand the complexities of their own business. The vulnerabilities in the construction industries will be different from the manufacturing or finance industry. One size does not fit all, and it takes time to decode the type of risk. Setting expectations according to the industry and optimizing risk is the key to having meaningful and faster adoption of technologies and risk management.

Data privacy is now structured by compliances like GDPR and CCPA. What role does ISACA play in ensuring companies meet them?

In the last 12 months, privacy regulations have been developing uncharacteristically fast. Many organizations are confused and, in many cases, they are unable to adopt these policies and privacy programs. It is not just GDPR, but the  CCPA law from California is going to become more impactful to companies in the US. Users are more likely to switch to product companies or competition if they believe another provider will handle their personal data in a better way, as they are becoming more educated about their data rights. Companies may actually lose money if they don’t restructure their data privacy and compliance programs.

ISACA is at the front end of this. We are providing our members and the global professional community with an array of knowledge resources on these topics. We share interactive training during our conferences. We are developing a whole discipline around data privacy becausewe believe it is here to stay and it is transformational.

Recommended read: Four Ways Enterprises Should Gear Up For Perfect Cloud-Automation Value Boost

In your opinion as a technology expert, how would you compare policies to technology tools for better security management?

It is like a chicken and egg situation. Is it policy or is it tools or both of them? The policies need to precede the selection of technology tools, in my opinion. It is like the old framework of people, profit and technology. They have to come in this order. People are crucial, but policies are quite essential. As IT executives, we need to understand and define the main processes for cybersecurity, governance, identity and access management, awareness and education, vulnerability management, and incident response. I would suggest using tools that measure the maturity of an organization around policies is an important step so that we can continuously communicate with our stakeholders and board effectively.

Change management is a big part of transformation. How does ISACA support companies in that aspect of moving to better security practices?

Change management is one of those things that everyone is using in a different context from each other, but it is about the mobilization of a security champion and making sure a company raises awareness around security and risk management .

Change management starts with a well-educated and trained workforce. ISACA provides certifications and also has Cybersecurity Nexus, or CSX. CSX provides hands-on interaction courses and tools where people can learn how to combat different vulnerabilities and mitigate live cyber incidents. These are some of the educational materials we create on a regular basis, which have been instrumental in increasing the ability of cybersecurity professionals to be continuously prepared to fight vulnerabilities and cyber incidents.

As CTO in an organization like ISACA, what difference do you think you can make to the information systems’ security in companies?

I am responsible for protecting the enterprise of ISACA, to drive digital transformation and increase security at my own organization. However, I also provide inputs to the teams at ISACA based on my experience and my background to drive programs, training and learning opportunities that can be shared with a more massive membership base and help the organization to strengthen the security worldwide. I have internal as well as external focus by working with our subject matter experts in developing frameworks.

Recommended read: IoT Will Enable “Hotels of the Future”

We are working in the area of cybersecurity and new emerging technologies and looking at different drivers. For example, according to Gartner predictions, by 2025, 50% of people with a smartphone but without a bank account will be using mobile access to a currency account. Based on our expertise in protecting intellectual property, we are looking at blockchain and countering deep fake technology. With AI and ML, we are doubling down on standards and frameworks, and we believe regulations will be coming on those areas for which can be on the front lines.

“Change management is one of those things that everyone is using in a different context from each other, but it is about the mobilization of a security champion and making sure a company raises awareness around security and risk management.”

Simona Rollinson, CTO, at ISACA

  • Simona Rollinson

Simona Rollinson

Simona Rollinson is ISACA’s Chief Technology Officer (CTO), leading ISACA’s technology team, driving the organization’s continuing digital transformation, and exploring new opportunities for harnessing technology to elevate the educational and professional development experiences for ISACA’s members and enterprise customers. She plays a key role in transforming ISACA’s learning technology platform to support the professional community at all levels and stages, from individual development to enterprise solutions.

  • TAGS
  • compliance programs
  • CTO
  • currency bank account
  • data privacy
  • Enterprise Risk Management
Previous articleCyber Security in the Industrial Control System in 2020 and Beyond
Next articleNewgen’s Loan Origination Software Helping Leading US Financial Institutions Quickly Process Paycheck Protection Program Loans
ITsec Bureau
https://itsecuritywire.com/
The ITSecurityWire Bureau has well-trained writers and journalists, well versed in the B2B Information technology industry, and constantly in touch with industry leaders for the latest trends, opinions, and other inputs in cybersecurity to bring you the best and latest in the domain.

RELATED ARTICLESMORE FROM AUTHOR

Modern Cyber Threat Landscape and Ways to Stay Secure

Modern Cyber Threat Landscape and Ways to Stay Secure

Guy Golan

Businesses, Do You Feel Informed or Overwhelmed?

David MacKinnon

Defending Against Advanced Threats in an Evolving Threat Landscape

Latest posts

WhiteSource Releases Priority Score To Accelerate Application Security at Scale

WhiteSource Releases Priority Score To Accelerate Application Security At Scale

April 14, 2021
cybercrime

Funding boost will help protect more companies from cybercrime

November 23, 2022
CyberWire Introduces CISA Cybersecurity Alerts A first-ever public service audio feed-01

CyberWire Introduces CISA Cybersecurity Alerts: A first-ever public service audio feed

May 5, 2022
Zomentum Adds CIS Security Assessment to Sales Acceleration Platform-01 (1)

Zomentum Adds CIS Security Assessment to Sales Acceleration Platform

December 3, 2021
Adobe

Adobe Patches 38 Flaws in Enterprise Software Products

December 14, 2022


An invaluable resource for all your IT security initiatives and assets.

Knowledge sharing platform for all IT security needs and plans. Peer to peer conversations that leverage industry experts and leaders for ideas, opinions and business insights.

Media@ITSecurityWire.com
Sales@ITSecurityWire.com

Recent Posts

  • Social Engineering, the Art of Psychological Hacking
  • Centripetal Opens its European Cyber Intelligence Centre of Excellence to Address Cybersecurity Opportunities
  • Palo Alto Networks Found New Mirai Variant Targeting IoT Devices
  • ICO reveals 90 organisations hit by Capita cyber attack
  • 56% of businesses experienced LinkedIn scams this year

Visit Our Other Publication

Quick Links

  • About Us
  • News
  • Featured Articles
  • Featured Interview
  • Guest Post
  • Learning Center
  • Privacy Policy
  • Do Not Sell My Information
  • About Us
  • News
  • Featured Articles
  • Featured Interview
  • Guest Post
  • Learning Center
  • Privacy Policy
  • Do Not Sell My Information
An Imprint of OnDot ® Media © | All rights reserved | Privacy Policy