February 29, 2024
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Incorporating cybersecurity practices into a GRC framework means connected teams and integrated technical controls for the University of Phoenix, where GRC and cybersecurity sit within the same team, according to Larry Schwarberg, the VP of information security. At the university, the cybersecurity risk management framework is primarily created out of a consolidated view of NIST 800-171 and ISO 27001 standards, with this being used to guide other elements of its overall posture. “The results of the risk management framework feed other areas of compliance from external and internal auditors,” Schwarberg says. The cybersecurity team works closely with legal and ethics, compliance and data privacy, internal audit and enterprise risk functions to assess overall compliance with in-scope regulatory requirements. “Since our cybersecurity and GRC roles are combined, they complement each other and the roles focus on evaluating and implementing security controls based on risk appetite for the organization,” Schwarberg says. The role of leadership is to provide awareness, communication, and oversight to teams to ensure controls have been implemented and are effective.?
The primary challenge is the need for more workers equipped with digital skill sets. Despite the high demand for these skills, the current workforce needs to gain the requisite abilities, especially considering the constant evolution of technology. The lack of niche skill sets essential for working with advanced technologies like AI, blockchain, cloud, and data science further contributes to this gap. The turning point, however, is now within reach as businesses and professionals recognise the crucial need for upskilling and reskilling. At DXC India, we have embraced a strategy that prioritises internal talent development, favouring the 'build' approach over the 'buy' strategy. By upskilling our existing workforce with relevant, in-demand skills, we address our talent needs and foster individual career growth. This method is particularly effective as experienced employees can swiftly acquire new skills and undergo cross-training. This agility is an asset in navigating the rapidly evolving business landscape, benefiting employees and customers. Identifying the specific talent required and subsequently building that talent pool forms the crux of this strategy.
“There was always something that felt off about the tone, behavior and ‘human values’ embedded into AI — something that felt deeply ingenuine and out of touch with our real-life experiences,” Alice Cai, co-founder of Harvard’s Augmentation Lab and researcher at the MIT Center for Collective Intelligence, told VentureBeat. She added: “We came into this project with a sense that antagonistic interactions with technology could really help people — through challenging [them], training resilience, providing catharsis.” But it also comes from an innate human characteristic that avoids discomfort, animosity, disagreement and hostility. Yet antagonism is critical; it is even what Cai calls a “force of nature.” So, the question is not “why antagonism?,” but rather “why do we as a culture fear antagonism and instead desire cosmetic social harmony?,” she posited. Essayist and statistician Nassim Nicholas Taleb, for one, presents the notion of the “antifragile,” which argues that we need challenge and context to survive and thrive as humans. “We aren’t simply resistant; we actually grow from adversity,” Arawjo told VentureBeat.
领英推荐
Aside from reworking the way they interact with customers and their data, businesses should also tackle the question of personal data and privacy with a different mindset – that of holistic identity management. Instead of companies holding all the data, holistic identity management offers the opportunity to “flip the script” and put the power back in the hands of consumers. Customers can pick and choose what to share with businesses, which helps build greater trust. ... Greater privacy and greater personalization may seem to be at odds, but they can go hand in hand. Rethinking their approach to data collection and leveraging new methods of authentication and identity management can help businesses create this flywheel of trust with customers. This will be all the more important with the rise of AI. “It’s never been cheaper or easier to store data, and AI is incredibly good at going through vast amounts of data and identifying patterns of aspects that actual humans wouldn’t even be able to see,” Gore explains. “If you take that combination of data that never dies and the AI that can see everything, that’s when you can see that it’s quite easy to misuse AI for bad purposes. ...”
With synchronous architectures, context propagation is a given, supported by multiple libraries across multiple languages and even standardized by the OpenTelemetry project. There are also several service mesh solutions, including Istio and Linkerd, that handle this type of routing perfectly. But with asynchronous architectures, context propagation is not as well defined, and service mesh solutions simply do not apply — at least, not now: They operate at the request or connection level, but not at a message level. ... One of the key primitives within the Signadot Operator is the routing key, an opaque value assigned by the Signadot Service to each sandbox and route group that’s used to route requests within the system. Asynchronous applications also need to propagate routing keys within the message headers and use them to determine the workload version responsible for processing a message. ... This is where Signadot’s request isolation capability really shows its utility: This isn’t easily simulated with a unit test or stub, and duplicating an entire Kafka queue and Redis cache for each testing environment can create unacceptable overhead.
With the seven Rs as your compass, it’s time to chart your course through the inevitable challenges that arise on any AWS migration journey. By anticipating these roadblocks and proactively addressing them, you can ensure a smoother and more successful transition to the cloud. ... Navigating the vast and ever-evolving AWS ecosystem can be daunting, especially for organizations with limited cloud experience. This complexity, coupled with a potential skill gap in your team, can lead to inefficient resource utilization, suboptimal architecture choices, and delayed timelines. ... Migrating sensitive data and applications to the cloud requires meticulous attention to security protocols and compliance regulations. Failure to secure your assets can lead to data breaches, reputational damage, and hefty fines. ... While leveraging the full range of AWS services can offer significant benefits, over-reliance on proprietary solutions can create an unhealthy dependence on a single vendor. This can limit your future flexibility and potentially increase costs. ... While AWS offers flexible pricing models and optimization tools, managing cloud costs effectively requires ongoing monitoring and proactive adjustments.