Schaumburg, Ill. (Dec. 29, 2022) — Looking ahead to a new year offers a valuable opportunity for digital trust professionals to not only reassess the practices within their own function or organization, but also to examine how they can continue to grow in their roles. From this vantage point, ISACA experts recently highlighted their 2023 insights and recommendations for the privacy, cybersecurity, audit and risk fields in a series of blog posts for the ISACA Now blog.
In this complex data privacy landscape, Dr. Lisa McKee, Ph.D, Director of Governance, Risk, Compliance and Privacy, Hudl, and member of the ISACA Emerging Trends Working Group, recommends that professionals adopt zero trust privacy with data governance, as well as a ComPriSec approach—or the convergence of compliance, privacy and security—in the new year. In her recent blog post, she highlights the important role of the privacy engineer, but also emphasizes that in addition to having strong privacy professionals, consumers everywhere need to do their part and be mindful of the online presence they create.
“Privacy risk appetite is seldom discussed among boards and leaders. Privacy leaders should make sure their programs include a focus on privacy risk management programs, privacy risk appetite, privacy risk tolerance, privacy key performance indicators, privacy key risk indicators, privacy metrics and reporting. 2023 will heighten these needs as the compliance landscape continues to evolve,” says McKee.
In her blog post, Samantha Hart, a global chief information security officer, emphasizes that a big part of looking ahead to the new year for cybersecurity professionals should involve preparations on both a professional and personal level that can help ensure they are set for success. This includes:
Having a personal incident response plan that factors in your home life
Going into the office to make connections with colleagues face-to-face
Knowing your business
Embracing tech and tools but keeping people at the forefront
“Yes, we do need to fully understand our attack surface and ensure we have all of the controls in place to detect and respond—however, all the tools in the world won't take the place of skilled and valued team members who will monitor and respond to the alerts with a human eye that knows what is benign and what is an attack,” says Hart.
The shifting technology environment, especially given the rise in cloud implementations accelerated by the pandemic, has recalibrated the business landscape.
“The biggest grievance for many core information security professionals has been that the IT audit community has failed to keep pace with this rapidly changing environment and has yet to completely upskill and adapt,” says Varun Prasad, Senior Manager (Cloud), Third Party Attestation, BDO USA, in his recent blog post. “As we look to 2023, traditional audit approaches that were used to evaluate legacy IT environments will not make sense for the decoupled cloud native architecture of today’s world.”
Prasad explores some of these areas that auditors should focus on in the coming year to stay on top of their game, including understanding cloud native DevOps and cloud security posture management, being able to evaluate privacy compliance, and gaining knowledge into vulnerability management and the scope of each type of vulnerability scan. Additionally, he emphasizes the importance for auditors to have strong soft skills in addition to technical ones—in particular, developing emotional intelligence to deal with pressures and avoid burnout.
Kerris Lee, ISACA Global Director of Enterprise Risk Management, provides tips that risk management professionals turn their attention to addressing some commonly forgotten action items that actually have a big impact—like enhancing the risk identification and governance process, by eliminating risk duplicates and ensuring that risk management has a role in reviewing organizational policies, establishing review cycles of incident response plans and business continuity planning, as well as procurement and contract processes. Additionally, he notes in his post that working to strike the right tone at the top with senior leadership around the role of enterprise risk management can go a long way in helping the rest of the organization understand and value the function.
“While there are many areas for risk management professionals to focus on in our day-to-day operations, these are, in my experience, the ones that are often overlooked and that can hurt the organization over time,” says Lee. “Assuming you are doing the big things well already, it is oftentimes the little things that can make a big difference.”
To read more of these insights from these four and other global experts, visit www.isaca.org/blog. Digital trust professionals will convene to discuss some of these and other priorities at Digital Trust World in 2023.
ISACA® (www.isaca.org) is a global community advancing individuals and organizations in their pursuit of digital trust. For more than 50 years, ISACA has equipped individuals and enterprises with the knowledge, credentials, education, training and community to progress their careers, transform their organizations, and build a more trusted and ethical digital world. ISACA is a global professional association and learning organization that leverages the expertise of its more than 165,000 members who work in digital trust fields such as information security, governance, assurance, risk, privacy and quality. It has a presence in 188 countries, including 225 chapters worldwide. Through its foundation One In Tech, ISACA supports IT education and career pathways for underresourced and underrepresented populations.