• News
  • Interviews
    • Featured Interviews
    • Hot Seat
  • Podcasts
  • Innovation Corner
  • Articles
  • Insights
    • Quick Bytes
    • Guest Author
    • Editor’s View
    • Use Cases
    • Events
  • Resources
Search
Friday, May 27, 2022
Sign in
Welcome! Log into your account
Forgot your password? Get help
Privacy Policy
Password recovery
Recover your password
A password will be e-mailed to you.
EnterpriseTalk EnterpriseTalk EnterpriseTalk
  • News
  • Interviews
    • Featured Interviews
    • Hot Seat
  • Podcasts
  • Innovation Corner
  • Articles
  • Insights
    • Quick Bytes
    • Guest Author
    • Editor’s View
    • Use Cases
    • Events
  • Resources
Home Featured Interview Ensuring Privacy Compliances Needs To Be Meaningful, Not Just Cosmetic
  • Featured Interview

Ensuring Privacy Compliances Needs To Be Meaningful, Not Just Cosmetic

By
ET Bureau
-
December 17, 2019
Privacy Compliances, Gartner, smartphones, currency bank account, Simona Rollinson, CTO, ISACA, Enterprise Risk Management, GDPR and CCPA, Data privacy, compliance programs, security management
Ensuring Privacy Compliances Needs To Be Meaningful, Not Just Cosmetic
Simona Rollinson, CTO, ISACA

Notice: Undefined index: widget_id in /var/www/wptbox/wp-content/plugins/td-composer/legacy/common/wp_booster/td_wp_booster_functions.php on line 2798

“Gartner predicts that by 2025, 50% of people with a smartphone but without a bank account will be using mobile access to a currency account.”

Simona Rollinson, CTO, ISACA emphasizes that both people initiatives and the power of policy are needed to fight the ensuing risk.

Globally, the adoption of risk management has been a slow process. What steps do you think companies should take to ensure faster adoption, given the almost constant threat environment enterprises face?

I have been in the IT business for the last 25 years and worked in various industries, from government, non-profit and construction, to leading a software company. ISACA’s State of Enterprise Risk Management Survey findings show that, unfortunately, only 29% of respondents are highly confident that enterprise can predict the impact of vulnerabilities associated with emerging technologies. Some of the things have worked in the past and the past is a good prediction for the future. For about 10 years we were talking about the cloud coming, and now it is here and even witnessing a rapid adoption. That can serve as a prediction curve for other emerging technologies. The adoption of the cloud has become a prime source of risk for enterprises. A couple of years ago, people seldom talked about risk, only about cybersecurity and information security, and now the whole idea of clearly defining risk has become important.

Recommended read: Effective Content Management Drives Successful Digital Transformation Journey

Many times IT professionals do not understand the complexities of their own business. The vulnerabilities in the construction industries will be different from the manufacturing or finance industry. One size does not fit all, and it takes time to decode the type of risk. Setting expectations according to the industry and optimizing risk is the key to having meaningful and faster adoption of technologies and risk management.

Data privacy is now structured by compliances like GDPR and CCPA. What role does ISACA play in ensuring companies meet them?

In the last 12 months, privacy regulations have been developing uncharacteristically fast. Many organizations are confused and, in many cases, they are unable to adopt these policies and privacy programs. It is not just GDPR, but the  CCPA law from California is going to become more impactful to companies in the US. Users are more likely to switch to product companies or competition if they believe another provider will handle their personal data in a better way, as they are becoming more educated about their data rights. Companies may actually lose money if they don’t restructure their data privacy and compliance programs.

ISACA is at the front end of this. We are providing our members and the global professional community with an array of knowledge resources on these topics. We share interactive training during our conferences. We are developing a whole discipline around data privacy becausewe believe it is here to stay and it is transformational.

Recommended read: Four Ways Enterprises Should Gear Up For Perfect Cloud-Automation Value Boost

In your opinion as a technology expert, how would you compare policies to technology tools for better security management?

It is like a chicken and egg situation. Is it policy or is it tools or both of them? The policies need to precede the selection of technology tools, in my opinion. It is like the old framework of people, profit and technology. They have to come in this order. People are crucial, but policies are quite essential. As IT executives, we need to understand and define the main processes for cybersecurity, governance, identity and access management, awareness and education, vulnerability management, and incident response. I would suggest using tools that measure the maturity of an organization around policies is an important step so that we can continuously communicate with our stakeholders and board effectively.

Change management is a big part of transformation. How does ISACA support companies in that aspect of moving to better security practices?

Change management is one of those things that everyone is using in a different context from each other, but it is about the mobilization of a security champion and making sure a company raises awareness around security and risk management .

Change management starts with a well-educated and trained workforce. ISACA provides certifications and also has Cybersecurity Nexus, or CSX. CSX provides hands-on interaction courses and tools where people can learn how to combat different vulnerabilities and mitigate live cyber incidents. These are some of the educational materials we create on a regular basis, which have been instrumental in increasing the ability of cybersecurity professionals to be continuously prepared to fight vulnerabilities and cyber incidents.

As CTO in an organization like ISACA, what difference do you think you can make to the information systems’ security in companies?

I am responsible for protecting the enterprise of ISACA, to drive digital transformation and increase security at my own organization. However, I also provide inputs to the teams at ISACA based on my experience and my background to drive programs, training and learning opportunities that can be shared with a more massive membership base and help the organization to strengthen the security worldwide. I have internal as well as external focus by working with our subject matter experts in developing frameworks.

Recommended read: IoT Will Enable “Hotels of the Future”

We are working in the area of cybersecurity and new emerging technologies and looking at different drivers. For example, according to Gartner predictions, by 2025, 50% of people with a smartphone but without a bank account will be using mobile access to a currency account. Based on our expertise in protecting intellectual property, we are looking at blockchain and countering deep fake technology. With AI and ML, we are doubling down on standards and frameworks, and we believe regulations will be coming on those areas for which can be on the front lines.

“Change management is one of those things that everyone is using in a different context from each other, but it is about the mobilization of a security champion and making sure a company raises awareness around security and risk management.”

Simona Rollinson, CTO, at ISACA

  • Simona Rollinson

Simona Rollinson

Simona Rollinson is ISACA’s Chief Technology Officer (CTO), leading ISACA’s technology team, driving the organization’s continuing digital transformation, and exploring new opportunities for harnessing technology to elevate the educational and professional development experiences for ISACA’s members and enterprise customers. She plays a key role in transforming ISACA’s learning technology platform to support the professional community at all levels and stages, from individual development to enterprise solutions.

  • TAGS
  • compliance programs
  • CTO
  • currency bank account
  • Data Privacy
  • Enterprise Risk Management
  • Gartner
  • GDPR and CCPA
  • ISACA
  • Privacy Compliances
  • security management
  • Simona Rollinson
  • Smartphones
Linkedin
Twitter
Facebook
    Previous articleGeoffrey Cann joins Finboot as Advisor
    Next article4 Cyber Security Predictions to Watch Out for in 2020
    ET Bureau
    http://enterprisetalk.com

    RELATED ARTICLESMORE FROM AUTHOR

    Harnessing Hyperautomation to Unlock Hiring Crisis-01

    Harnessing Hyperautomation to Unlock Hiring Crisis

    Ian McShane

    Why Hiring More Staff Won’t Solve the Cybersecurity Skills Shortage

    Mayank Khandelwal

    Future-Ready CFOs Driving Business Growth with Emerging Technology and Data Analytics

    FEATURED ARTICLES

    Three Ways for Optimizing the Employee Experience in Hybrid Work-01

    Three Ways for Optimizing the Employee Experience in Hybrid Work

    February 14, 2022
    Security Challenges, Digital Transformation

    Three Ps Defining Alarming Security Challenges in the Age of Digital Transformation

    October 16, 2019
    How Can CIOs Pave the Way for a Digital Future

    How Can CIOs Pave the Way for a Digital Future

    August 11, 2021


    A Peer Knowledge Resource – By the CXO, For the CXO.

    Expert inputs on challenges, triumphs and innovative solutions from corporate Movers and Shakers in global Leadership space to add value to business decision making.

    Media@EnterpriseTalk.com
    Sales@EnterpriseTalk.com

    Top Picks

    • Open Mainframe Project launches Zowe’s Long Term Support V2 Release
    • eCapital Appoints Mark Wilson as Chief Technology Officer
    • DCS Hires Tim Phelps Chief Financial Officer
    • DuPont Onboards Kristina M. Johnson to Board of Directors
    • Four Ways Leaders Can Prioritize Diversity and Inclusion in 2022 and Beyond

    Visit Our Other Publication

    Quick Links

    • About Us
    • News
    • Featured Articles
    • Featured Interview
    • Hot Seat Interview
    • Quick Bytes
    • Featured Events
    • Resources
    • Privacy Policy
    • Do Not Sell My Information

    SUBSCRIBE TO OUR NEWSLETTER

    An Imprint of OnDot ® Media © | All rights reserved | Privacy Policy