IT and cybersecurity people should resolve to gear up for accelerated change and complexity in 2014, especially in cybersecurity, data privacy and big data, says global nonprofit IT association ISACA.
Bhavesh Bhagat, CISM, CGEIT, CEO of EnCrisp, cofounder of Confident Governance and member of ISACA’s new Emerging Business and Technology Committee, said: “The pace of change expected in 2014 will put incredible pressure on technology professionals in the workplace with a focus on keeping IT risk in check while at the same time delivering value to the business. But this is also a chance for the IT department to be a strategic partner with the business on navigating these issues and opportunities.”
Tech resolutions
ISACA suggests the following five resolutions to help IT professionals get ready for 2014:
· Prepare for Privacy 2.0—Attitudes toward data privacy are unlikely to reach a consensus in 2014. Instead, be prepared to accommodate both those with little expectation of privacy and those who view their personal data as currency and want to control how that currency is spent.
· Slim down big data—Explosive data volumes were the #1 issue (chosen by more than one in four respondents) posed by big data in ISACA’s 2013 IT Risk/Reward Barometer. Unmanageable data creates redundancies and is difficult to secure. In 2014, eliminate the excess and consolidate what remains, to promote sharing and protect using better controls.
· Plan to compete for cybersecurity and data analytics experts—The need for smart analytics people and cybersecurity defenders with the right certifications is only going to grow in 2014—the year of the data professional. If you plan to hire, make sure your compensation package and job descriptions are competitive.
· Rethink how your enterprise is using your information security experts—With some elements of IT security operational responsibility (including malware detection, event analysis and control operation) increasingly being outsourced to cloud providers, smart leaders are enabling their internal security experts to become hunters instead of just defenders. This allows them to proactively seek out the most hard-to-detect threats, build internal intelligence capabilities (e.g., “threat intelligence”), construct better metrics and invest in operational risk analysis.
· Ramp up for the Internet of even more Things—With 50 billion devices expected to be connected to the Internet by 2020,* start working now on a policy governing connected devices—many invisible to the end user—if your enterprise doesn’t have one now.
ISACA provides guidance—much of it free of charge—to help business and IT:
· COBIT 5 framework for the governance and management of information and technology
· Cybersecurity resources
· Privacy and big data resources
· Certifications such as Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC).
