Many organizations know they must have the basics: hire a CISO, perform a risk assessment, and find security vendors to fill up the holes. Unfortunately, these are often mere boxes to check. Impact Makers’ former CISO Cathie Brown offers a few simple considerations in each of those steps that will strengthen your cybersecurity posture, like what to look for in a robust risk assessment and a trustworthy security vendor.
Related Posts

I was sitting around a table last Sunday having lunch, settling my golf bets with some friends from the day’s round. While we don’t play for much, the betting is secondary to the true prize of bragging rights. Nevertheless, as is custom with our friend group, all bets must be settled right after the round.

Data is something everyone uses and needs to do their job. When people don’t trust their data, organizations have a big problem on their hands and it won’t go away overnight.
The only way to fix a lack of trust is to build trust. Getting employees to buy in to a new way of using data is a process of building trust. Just taking the spreadsheets away won’t work. People are more dedicated to their culture than any strategy.

What is your reaction when you hear about a hack? Maybe “hacker” elicits thoughts of a sinister group of computer experts in a fortified basement committing acts of espionage and cyberwarfare. Hacking is frequently associated with illegally gaining access to critical personal, organizational, or government information. Oh yes, and of course, dark hoodies. It’s obviously very cold in the basement.
While most organizations have made some investments in each of the three building blocks of cybersecurity, many overemphasize “technology.” The most overlooked component are the “people,” which will actually make or break the effectiveness of your cybersecurity.

Enhancing cybersecurity is critical, but there is a pervasive Band-Aid mindset causing organizations to commonly overlook the vital ingredient to any amount of successful security: culture change. Need a reminder why cybersecurity is at the top of so many lists? According

Organizational risk management is too often treated as a compliance issue with complex rules that result in a back office tracking of risks that don’t see the light of day. This presentation contrasts a traditional view of organizational risk management with an alternative view provided in a Harvard Business Review article by Robert S. Kaplan and Anette Mikes. This categorization of risk allows executives to understand the qualitative distinctions between the types of risks that organizations face.

Values are proven when demonstrated without a mandate to do so.
You won’t find a financial services institution that does not have a theme of customer, fairness or integrity woven into its core values. The current industry deregulation trend is a powerful opportunity for financial services firms to show and prove their values, and that they exist to benefit a variety of stakeholders, not just shareholders.

As data collection has increased, so has controversy. Most of this data has been willingly given by us users in the form of our computers, smart phones, and more recently, smart home devices, cars, and even refrigerators. International regulatory eyes have turned their gazes to some of these massive organizations collecting our data.

Information Security can sometimes feel like death by documentation, like a bunch of red tape just to keep regulators and auditors at bay. Throw in differences in lexicon, and seeing how all the many pieces fit together can be quite difficult.
Getting everyone, practitioner and leadership alike, on the same page when it comes to terminology in the information security space is key. If everyone can speak the same language, a well-understood and well-orchestrated information security governance structure won’t be far off.

Data Storytelling is an essential skill of of any data scientist that makes data come alive. It is a structured method for turning data insights into action through analysis, design, and narrative. It is an art that brings interpretation and clarity while engaging the audience towards action. The Framework defines the art of data storytelling, as well as provides guidelines for how to do it successfully.
If you’ve been a privacy professional at any point in the last few decades, your head is spinning with the myriad of privacy laws and regulations in the U.S. and abroad. Some examples are the European Data Protection Directive of 1995, the strengthening of that directive in 2012, the French Data Privacy Law of 1978, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) of 2001, and last but not least, the U.S. Gramm-Leach-Bliley Act (GLBA) of 1999.

Across all industries, the race is on for firms to differentiate with data — through data-driven products; enhanced customer acquisition and experience; reduced risk; or streamlined operations (cost-out). C-suite executives have the aspiration and vision to win with data-driven insights, yet most are dissatisfied with the cycles consumed in producing data-driven insights. The time it takes for a business to deliver a quantitative insight from when an internal stakeholder or external customer needs it — let’s call that a firm’s Data ID, short for Data Insight Delay.

Master data represents some of the most valuable information shared across an organization such as customer, vendor, product, and employee data. It tends to be static and non-transactional in nature, meaning it doesn’t change very often. Master data may also include reference data such as zip codes and U.S. states as part of address data for customers, vendors, or employees.

Impact Makers recently hosted Capital Kanban’s “The Art of Agile: The Art of War Interpreted with an Agile Lens” with a fantastic turnout. Speaker Megan Windle, a Certified Agile Coach and Certified Scrum Master (CSM), compared the ideas in Sun Tzu’s The Art of War with the principles of Agile, discussing Agile concepts and quotes from the book.

The term “technical debt” originated from Ward Cunningham, one of the authors of the Agile Manifesto. He once said that some problems with code are like financial debt. Technical debt is incurred by completing work in a swift way with some known and/or unknown gaps, which is like a financial debt. Like a financial debt, the technical debt results in interest payments, which come in the form of the extra effort that technology professionals must do in future work because of design choices or shortcuts. We can continue paying the interest, or we can pay down the principal by correcting or polishing the hasty work results into more refined results. Technical debt is usually unintentional, but similar to accrued interest, the impact often increases over time.