The Zorba Research Blog is being published by the ThinkTWENTY Forum to be found at
http://www.thinktwenty20.com/index.php/blog-issues-forum
Comments on the forum entries are encouraged.
Monday, May 20, 2019
Ten Questions Directors Should Ask About Cybersecurity Culture
A Board of Directors
has a responsibility for overall cultural direction in an organization. To
exercise this responsibility the organization must first have a cybersecurity culture
that will minimize the risks. Cybersecurity culture
is “the knowledge, beliefs, perceptions, attitudes, assumptions, norms and
values of people regarding cybersecurity and how they manifest themselves in
people’s behavior with information technologies.” (European Union Agency for
Network and Information Security (ENISA), Cyber
Security Culture in Organizations, Greece, 2017)
The directors need to ask
the following questions:
1.
What are
the business functions in the enterprise with the highest exposure to
technology breaches?
2.
Is there a
cybersecurity policy in place?
3.
Has the
policy been infused into the cybersecurity culture of the organization?
4.
Has the
policy been reflected in the operational processes of the organization, particularly
in those areas of greatest risk
5.
Have
people with the appropriate skills been empowered to implement those policies
and procedures?
6.
What steps
are being taken to reinforce the cybersecurity culture?
7.
Are appropriate
educational and training programs in place?
8.
Is there a
process in place for regular and periodic review of the health of the cybersecurity
culture?
9.
Have the
main policies and procedures supporting the cybersecurity culture been documented
to provide a cohesive understanding of that culture?
10.
Are there steps
in place for regular reporting and discussion with the Board of Directors involving
the most responsible personnel?
Monday, May 13, 2019
The Challenges of AI
Every hype cycle has a period in which implementation is beginning and the issues become clearer. AI is in that stage. The widespread hype over the past couple of years has been tremendous. But as the latest wave of new technologies enters into production, these issues are coming into focus.
AI is based on large volumes of data and various algorithms. The data can be used to "train" the algorithms. To do so, the data need to be not only voluminous, but clear of errors and bias. So it goes back to the quality of the data. As for the algorithms, they often start out as generalities, biased by social and economic norms that may not apply in a particular application. So the training is needed for that. Also, training is needed to enable the AI to adopt to changing circumstances. And the data must reflect those fairly.
These issues will not stop the advances of AI, nor will they slow it up very much. They just represent a normal part of the cycle - the learning cycle. They will make AI stronger in the end.
AI is based on large volumes of data and various algorithms. The data can be used to "train" the algorithms. To do so, the data need to be not only voluminous, but clear of errors and bias. So it goes back to the quality of the data. As for the algorithms, they often start out as generalities, biased by social and economic norms that may not apply in a particular application. So the training is needed for that. Also, training is needed to enable the AI to adopt to changing circumstances. And the data must reflect those fairly.
These issues will not stop the advances of AI, nor will they slow it up very much. They just represent a normal part of the cycle - the learning cycle. They will make AI stronger in the end.
Thursday, May 02, 2019
Adopting Blockchain Applications
Although blockchain has not been widely adopted in business as yet, there are signs that this will change. One of the key aspects of blockchain is that it can be used to promote (or substitute for lack of) trust among users. For example, if there is a situation in the company where a database is needed, and there is a lack of trust among the users, then blockchain might be the answer.
Before adopting, the situation would need to be defined carefully, the processes involved mapped out, and a comparison made of what those processes would look like in a blockchain environment. Then it is possible to evaluate the monetary and non-monetary benefits of the blockchain approach to that situation. A blockchain expert could help with this.
Beyond that, the usual routines for new applications apply, including user involvement, testing, phase-in, etc.
Before adopting, the situation would need to be defined carefully, the processes involved mapped out, and a comparison made of what those processes would look like in a blockchain environment. Then it is possible to evaluate the monetary and non-monetary benefits of the blockchain approach to that situation. A blockchain expert could help with this.
Beyond that, the usual routines for new applications apply, including user involvement, testing, phase-in, etc.
Use of AI in Auditing
How are the big audit
firms using AI? Gundi Jeffrey interviewed partners of Deloitte and MNP to
address this question. The results are revealing and you can read them in the
current issue of ThinkTWENTY20.
Subscribe to:
Posts (Atom)