March 20, 2023
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
In general, “A BISO is assigned to provide security leadership for one particular business unit, group, or team within the greater organization,” explains Andrew Hay, COO at Lares Consulting. “Using a BISO divides responsibility in large companies, and we often see the BISOs reporting up to the central CISO for the organization.” “A BISO is responsible for establishing or implementing security policies and strategies within a line of business,” adds Timothy Morris, chief security advisor at Tanium. “Before the BISO role became popular, other director-level roles performed similar functions in larger organizations as an information security leader.” The precise role of the BISO varies from company to company depending on the needs of that company. “In some cases, the BISO will hold a senior position reporting directly to the CISO, CTO, or CIO,” explains Kurt Manske, managing principal for strategy, privacy, and risk at Coalfire. “At this level, the BISO acts as a liaison with business unit leaders and executives to promote a strong information security posture across the organization.”
Cybersecurity became a bigger issue this year for Josh Hamit, senior VP and CIO at Altra Federal Credit Union, due in part to Russia’s invasion of Ukraine, which touched off warnings about possible Russia-backed hackers stepping up cyberattacks on US targets. As a result, Hamit has brought extra attention to partnering with Altra’s CISO to perfect security fundamentals, cyber hygiene and best practices, and layered defenses. More likely cyber scenarios have IT leaders increasingly concerned as well. For instance, three out of four global businesses expect an email-borne attack will have serious consequences for their organization in the coming year, according to CSO Online’s State of Email Security report. Hybrid work has led to more email (82% of companies report a higher volume of email in 2022) and that has incentivized threat actors to steal data through a proliferation of social engineering attacks, shifting their focus from targeting the enterprise network itself to capitalizing on the vulnerable behaviors of individual employees.
A vulnerability the Indian government at first said did not exist it now says is fixed. The Indian Ministry of Railways in December denied that the data of 30 million people allegedly on sale on the dark net came from a hacker breaching Rail Yatri, the official app of Indian Railways. On Wednesday, Minister of State for Electronics and Information Technology Rajeev Chandrasekhar said the Indian Railway Catering and Tourism Corp. fixed the issue and took necessary precautions to prevent its recurrence. Neither Rail Yatri nor the minister disclosed the penalty paid for the incident. ... A February data breach of the U.S. Marshals Service systems, which led to hackers maliciously encrypting systems and exfiltrating sensitive data law enforcement data, got worse. A threat actor is reportedly selling 350 gigabytes of data allegedly stolen from the servers for $150,000 on a Russian-speaking hacking forum. The data on sale allegedly includes "documents from file servers and work computers from 2021 to February 2023, without flooding like exe files and libraries," reported Bleeping Computer.?
领英推荐
Researchers observed that the speed at which BianLian posts the masked details has also increased over time. If one is to accept the date of compromise listed by BianLian as accurate, the group averages just ten days from an initial compromise to ratcheting up the pressure on a victim by posting masked details. In some instances, BianLian appears to have posted masked details within 48 hours of a compromise, Redacted said in its report. “With this shift in tactics, a more reliable leak site, and an increase in the speed of leaking victim data, it appears that the previous underlying issues of BianLian’s inability to run the business side of a ransomware campaign appear to have been addressed,” Redacted said, adding that these improvements are likely the result of gaining more experience through their successful compromise of victim organizations. The BianLian group appears to bring close to 30 new command-and-control (C2) servers online each month. In the first half of March, the group has already brought 11 new C2 servers online. The average lifespan of a server is approximately two weeks, Redacted said.
Erlihson says other key stakeholders necessary for an AI-based app development strategy include the chief data officer (CDO), who can help manage and govern the organization’s data assets, ensure data quality, and make sure that data is used in compliance with regulations. The chief financial officer (CFO) can ensure that the organization’s investments in AI-based tools are aligned with the financial objectives and overall budget of the company. “It's also important to include business leaders to identify business problems that can be solved by AI, providing use cases, and setting priorities for AI-based app development based on business needs,” he says. Legal and compliance must also be involved to ensure AI-based tools are compliant with data privacy laws and regulations, security, and ethical use of AI. “Finally, operations and IT teams are needed to provide feedback on the feasibility and scalability of AI-based tool development and deployment and to assure that the necessary IT infrastructure required to support AI-based app deployment is in place,” Erlihson says.
Everything is about the needs, preferences and behaviors of users and the frustrations they sometimes face, with a continuous feedback loop used for perpetual reporting. The model emphasizes the need for diverse voices, experimentation with new ways of working, rapid prototyping and iteration, as well as a commitment to constantly improving the quality of service. As an example of experimentation, Airbnb unlocked growth by using professional photography to replace poor-quality images advertising property rentals in New York and saw an instant uptick. Done right, it has the benefit of challenging developer assumptions and management status quo. It helps to mitigate against the narrative of ‘we’ve always done it this way’ or the temptation to ‘bloatware’ which adds pointless features and functions. Despite the name, Design Thinking doesn’t just impact software user experience design; product managers and others are also involved to create a holistic understanding of what is happening.?
Next Trend Realty LLC./wwwHar.com/Chester-Swanson/agent_cbswan
1 年Love this.