Mainstream cyber security and compliance
June 19, 2018 BY iTGRC
Mainstream cyber security and compliance practices is lacking in the markets (中文)
In ERA today, market is heavily populated with various kind of security package that heavily involves technology for solutioning. Many events and conferences have been sponsored by vendors preaching their proprietary products and solutions. As time goes by this has gained less traction.
We acknowledge the fact that technology helps to reduce manual effort, literally automate process and control as much as we wish to. We also learned that artificial intelligence, block-chain and sensor have manifested themselves through various technology platforms that claim the highest credit, and it's true that technology has evolved faster than 2 decades ago, lighter in weight, heavier in cost perhaps. Nevertheless, across the technology and platform, we do notice a handful are automating the security controls which were done or handled manually in the past, and they came from the old security practices. Technology has just automated them or enhanced it with new experience.
On the hindsight, there are security and compliance professionals who have lost touch with the fundamental skill-sets that are required to holistically manage the entire cyber security and regulatory compliance landscape, from people to process or control and through technology. With technical skill sets in technology, it only fills you only half a cup of water, and perhaps scores you well at the entry level. To go for a higher goal, an achiever needs to build a larger picture that spans across sphere that covers markets, industries, organization, strategy, people, process and technology to earn the credit and worthiness through experience in various areas of the above. In the beginning of the year 2018, there was a report highlighting cyber security has raised above the impact from financial crisis, oil and gas price fluctuation, job markets and ranked itself among the top three.
Security and Compliance is a business today, and it underscores the digital transformation. It's integral to the digital economy development that every regime is looking to invest into their future
iTGRC security & compliance advisory is creating a space to introduce Security Mentor-ship and Live Advisory services that allow organization and individual to follow the mainstream and tag-on to this industry trends and market sentiments.
在今天的时代,市场上大量存在各种各样的网络安全套件,其中大量涉及科技解决方案。许多活动和会议由供应商赞助,宣传他们的专有产品和解决方案。随着时间的推移,这已经减少了牵引力。
我们承认,技术有助于减少人工操作,从字面上自动化流程和控制,尽可能符合我们的需求。我们还了解到,人工智能,块链和传感器已经通过各种技术平台表现出来,这些技术平台声称拥有最高的信誉,技术的发展速度超过了二十年前更快,重量变轻,成本与价格提高。尽管如此,在整个科技平台上,我们确实注意到一小部分是自动化安全控制,这些控制过去是靠手工式完成或处理的,而且它们来自旧的安全作法。技术只是把它们自动化或者以新的体验加强它们。
事后看来,安全长官和合规专业人员已经失去了从整体上管理整个网络安全和法规遵从景观(从人员到流程或控制以及通过技术)所需的基本技能。凭借科技上的技术与技能,它只会让你填满半杯水,并且在入门级别上也许会得分。为了实现更高的目标和理想,成功者需要建立一个覆盖市场,行业,组织,战略,人员,流程和科技的全局范围的大视图,以通过上述各个领域的经验获得信誉和价值。在2018年初,有一份报告强调网络安全已经超过了金融危机,石油和天然气价格波动,就业市场的影响,并跻身前三名。
安全与合规是当今的一项举足轻重的业务,它强调了数码化转型。每个政权都希望投资未来,这是数码经济发展不可或缺的一部分。
iTGRC安全与合规咨询部门正在创建一个空间,引入安全指导导师和实时在线直播咨询服务,使公司组织和个人都能够跟随主流并贴近这一行业趋势和市场情绪。
by iTGRC
Frank Chin 陈盖