Comment

Eight Reasons It's Time For A Data Map

A data map is an inventory and visualization of your company’s data and information assets. The rising number and severity of data breaches is generating strong demand for maps, and there are other reasons to create, improve and sustain one.

1. Data Maps Make Chief Information Security Officers (CISOs) More Effective. 

2. Data Maps Drive Business. 

3. Your Board Wants a Data Map. 

4. Data Maps are Essential for Compliance. 

5. Data Maps Let Us Actually Treat Data as an Asset. 

6. Data Maps Create Data-Centric Organizations. 

7. Data Maps Make Good Housekeeping. 

8. Data Maps are Doable. 

[For more, click View Post]

Comment

Comment

Ready for the Age of Cyber Transparency?

Cyber transparency is a condition where the quality of your organization’s security is obvious to everyone. Just as you might walk down the street and consider the suitability of a diner based on the sanitary letter grade displayed in the window, businesses want to understand the cyber hygiene of their vendors.  Two firms are becoming known as the Moody’s and S&P of cyber ratings, and their influence is changing the way businesses compete.

Organizations cannot become secure without a comprehensive understanding of their data and information assets, and they need to take precautions when entrusting them to third parties.

Learn more about the two firms that are leading the cyber rating revolution and the implications in an article I wrote for CFO magazine: Cyber Ratings Services Can Help Thwart Hackers.

[For more, click View Post]

Comment

Comment

Seven Questions You Must Add to Your M&A Due Diligence List

Merger and acquisition (M&A) advisors, and the clients they serve, pore over a seemingly endless amount of material to determine the suitability of a transaction. Ironically, one of the most important assets, data, gets little or no attention in the process. Developing a comprehensive understanding of a target’s data and information assets results in a transaction with substantially lower risk, especially cyber risk, and creates vast opportunities for value creation.

Here are seven questions you should address in your next transaction to determine the extent to which the target operates in a data centric manner.

[For more, click View Post]

Comment

Comment

Why Data Needs a Seat at the Corporate Table

Data is an asset that needs much better representation at the C-level. The head of HR makes sure People get full representation, and Data is no less important.

Responsibility for data is integral to, and spread across, the jobs held by Chief Officers for Accounting, Audit, Compliance, Data, Digital, Financial, Governance, Information, Information Security, Knowledge, Legal, Marketing, Privacy, Risk, Strategy and Technology, not to mention those who may report to these people. Any one of these jobs is complicated and demanding, and their interests in Data can conflict with one another's. When organizations establish a comprehensive understanding of their Data assets, they can do a much better job protecting and creating value from them.

Virtually every company today seeks to become more data-driven in their decision making process. That desired outcome is best achieved by appointing someone, reporting to the CEO, who represents Data across the organization. Most CEOs think of Data as simply an IT issue, and that perspective is incredibly shortsighted. Learn more about one of the biggest organizational transformation opportunities today in an article I wrote for CFO magazine: Why Data Needs a Seat at the Corporate Table.

Comment

Comment

Fair Compensation For Data Breaches

Just about every day now, we read or hear about data breaches, and some of us are actually victims of them. Some organizations are even preparing a breach response plan in advance, just assuming that one day, perhaps soon, it will have to be implemented. Developing the right response for your business requires an understanding of the consequences of data breaches on the behavior of your customers, regulators, investors and vendors, among other constituents. While this topic is worthy of further research, a pattern is beginning to emerge.

[For more, click View Post]

Comment

Comment

How Microsoft Office 365 is Becoming More Transparent

Microsoft has long been the undisputed leader in home and office productivity software. In June 2011, it launched Office 365, its cloud-based software that enables you to use Word, Excel, PowerPoint, Outlook and other applications from multiple devices.  O365, as it’s typically abbreviated, is at the heart of Microsoft’s mobile-first, cloud-first mission. Yet, as Microsoft would be among the first to concede, something important has been missing from O365, and the company has been hard at work, through partnerships and acquisitions, to close the gap.

[For more, click View Post]

Comment

Comment

Companies Should Fight Hackers, Not Regulators

It’s a wonder why you don’t find just about every Chief Information Officer (CIO) sitting under their desk considering the large and growing number of security breaches that are costing their organizations dearly.  If it’s not bad enough that they must fend off hackers and other external threats, CIOs also feel besieged by regulatory entities that are flexing their muscles to protect the interests of consumers, investors, and other constituents.  Audit Committees and Chief Financial Officers (CFOs) are getting involved in the discussion too.  Board members and executives need to better understand how the FTC, SEC, the accounting profession, and various standards bodies are trying to get organizations to raise their game when it comes to cybersecurity practices.

[For more, click View Post]

Comment

Comment

Disclosing the SEC's Cybersecurity Disclosure Guidance

When the U.S. Securities and Exchange Commission (SEC) talks, people listen; and when the topic turns to cybersecurity, people are obliged to act. Estimates of the economic costs of commercial cyber-espionage to the United States top $100 billion annually. Security breaches affecting companies such as Sony, Target, Anthem, as well as various US government agencies, seem to make headlines each week. Yet, with all the attention paid to cybersecurity, organizations react to and publicly disclose incidents in remarkably inconsistent ways. The SEC’s Division of Corporation Finance (DoCF) continuously assesses public companies’ disclosure processes, and it provides guidance designed to increase corporate transparency and information around cybersecurity. The SEC’s growing attention to cybersecurity disclosure should motivate the external audit community (e.g. PwC, EY, Deloitte, KPMG, etc.), and the entities they audit, to raise their game by ensuring that technology controls get the attention they deserve.

[For more, click View Post]

Comment

Comment

Why CFOs Must Own Cybersecurity

After 20 years, the internal control framework that is a cornerstone of Sarbanes-Oxley was recently updated by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) to put an emphasis on controls around technology. Think of COSO as something akin to the high priests of accounting. Technology is embedded in everything people and businesses do, so the update motivates Boards, Chief Financial Officers, Chief Information Officers, General Counsels and Enterprise Risk Managers, as well as external auditors, to reassess the associated risks and opportunities, and to raise the bar on technology controls.

[For more, click View Post]

 

Comment