October 09, 2022
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Asking your team to be innovative is like asking an athlete to play better. While it may feel motivational and instructive to say it, it’s most often taken as disapproving and vague to the person receiving it. So if you want people to innovate, define specifically what you’re looking for them to do. Think specificity. My definition of IT innovation: The successful creation, implementation, enhancement, or improvement of a technical process, business process, software product, hardware product, or cultural factor that reduces costs, enhances productivity, increases organizational competitiveness, or provides other business value. ... Building an innovative culture is not only people-oriented but process-oriented. You must develop a formalized process that identifies, collects, evaluates and implements innovative ideas. Without this process, great ideas and potential innovations die on the vine. There also has to be an appreciation and understanding that innovative ideas can come from many directions, including your employees, internal business partners, customers, vendors, competitors, or through accidental discovery.
Having clear and consistent API design standards is the foundation for a good developer and consumer experience. They let developers and consumers understand your APIs in a fast and effective manner, reduces the learning curve, and enables them to build to a set of guidelines. API standardization can also improve team collaboration, provide the guiding principles to reduce inaccuracies, delays, and contribute to a reduction in overall development costs. Standards are so important to the success of an API strategy that many technology companies – like Microsoft, Google, and IBM as well as industry organization like SWIFT, TMForum and IATA use and support the OpenAPI Specification (OAS) as their foundational standard for defining RESTful APIs. ... The term “shift left” refers to a practice in software development in which teams begin testing earlier than ever before and help them to focus on quality, work on problem prevention instead of detection.?
By understanding data from different parts of the business, CIOs are in a unique position to see first-hand what efforts are producing the highest return. They can also identify gaps in knowledge and efficiency. Data analytics provide information used to set goals and expectations that allow the company to adapt in real-time as priorities change. As data stewards, CIOs will determine the origin of the most relevant data points and must be able to present these to other C-suite executives to help them make the best-informed choices. ... As the face of the IT department, CIOs can set the tone for a company’s culture, both inside and outside the building’s walls. They can articulate why new digital technologies are implemented and foster a forward-thinking environment. Additionally, they can connect the day-to-day actions of IT with their greater strategic vision. ... CIOs can help drive enterprise agility by always putting the customer at the center of decisions. The CIO can collaborate closely with business leaders to understand the business priorities and then develop a plan for how technology can drive the most value for the customer.
领英推荐
Leaders need to raise their game and do their part to make work more engaging and crack down on bad managers who make life miserable for their teams. They need to more clearly articulate how people can contribute and what is expected of them. Companies need to rethink the “why” behind return-to-office policies, for example, so they don’t just feel like ham-handed directives based on a lack of trust in employee productivity. This issue of quiet quitting is fraught, and I want to be clear that there is a balance of shared responsibility here. Bad bosses give their employees plenty of reasons to throw up their hands and disengage. Companies need to make work more engaging beyond just coming up with lofty purpose statements. But let’s also give a shout-out to the value of a strong work ethic. A lot of companies are making progress and doing their part to try to figure out the new world of work. And so are the #quietworking employees. Green’s story captures a quality I’ve always admired in many people: they own their job, whatever it is.
The narrow time span between CSI's two major health data breaches will potentially raise red flags with regulators, says Greene, a former senior adviser at HHS OCR. HHS OCR will often look at what actions the entity took in response to the first data breach and whether the multiple breaches were due to a similar systematic failure, such as a failure to conduct an enterprisewide risk analysis," he says. While there are definite negatives involving major breaches being reported within a short time frame, there can also be a sliver of optimism related to the subsequent incident. ... "While multiple breaches may reflect widespread information security issues, I have also seen it?occur for more positive reasons, such as an entity improving already-good audit practices and, as a result, detecting more cases of users abusing their access privileges." ... "We believe the access to a single employee mailbox occurred not to access patient information, but rather as part of an effort to commit financial fraud on other entities by redirecting CSI customer health care provider payments to an account posing as CSI using a fictitious email address," CSI says.
While over half of ransomware incidents examined started with attackers exploiting internet-facing vulnerabilities, compromised credentials – usernames and passwords – were the entry point for 39% of incidents. There are several ways that usernames and passwords can be stolen, including phishing attacks or infecting users with information-stealing malware. It's also common for attackers to simply breach weak or common passwords with brute-force attacks. Other methods that cyber criminals have used as the initial entry point for ransomware attacks include malware infections, phishing, drive-by downloads, and exploiting network misconfigurations. No matter which method is used to initiate ransomware campaigns, the report warns that "ransomware remains a major threat and one that feeds on gaps in security control frameworks". Despite the challenges that can be associated with preparing for ransomware and other malicious cyber threats – especially in large enterprise environments – Secureworks researchers suggest that applying security patches is one of the key things organisations can do to help protect their networks.