Similar Posts
How to Upgrade Your Security Program from ISO 27001:2013 to ISO 27001:2022
ByKayne
Since the initial release of ISO 27001, the threat actor economy has diversified substantially, with both criminal groups and nation states developing and selling offensive cyber products and cyber surveillance solutions. In response, cybersecurity experts have documented and developed best practices and actionable guidance for organizations to effectively manage their cybersecurity risks. ISO 27001:2022 provides a risk-based reference set of information security, cybersecurity, and privacy controls that have been adopted by modern organizations as part of deploying cloud technologies and addressing data protection requirements driven by GDPR.
The Jobs of Tomorrow: Insights on AI and the Future of Work
ByKayne
Kayne McGladrey, IEEE Senior Member, noted that the use of generative AI models in business hinges on their ability to provide accurate information. He cited as examples studies of AI models’ abilities to extract information from documents used for financial sector regulation that are frequently relied on to make investment decisions. “Right now, the best AI models get 80 percent of the questions right,” McGladrey said. “They hallucinate the other 20 percent of the time. That’s not a good sign if you think you are making investment decisions based on artificial intelligence telling you this is a great strategy four out of five times.”
Maximizing the Impact of Data Analytics
ByKayne
“Being able to rapidly detect and evict threats is necessary in the modern enterprise to avoid regulatory and legal penalties while protecting confidential data or trade secrets,” says Kayne McGladrey, CISSP (@kaynemcgladrey), cybersecurity strategist at Ascent Solutions.
What Are the Implications of Meltdown and Spectre for IoT?
ByKayne
“Patching is a reactive strategy, and there are a couple of challenges that have led us to the current situation. One of those challenges is that the market has rewarded companies that develop and produce products rapidly, and the market has shown a willingness to accept post-release patching as an acceptable trade-off. As a result, developers and architects are rewarded by their employers for producing code and architecture very quickly with less thought given to cybersecurity.
“The other significant challenge is that the cybersecurity community is generally homogenous. We have a diversity problem when just 11% of women work in cybersecurity. This lack of diversity in backgrounds and life experiences has influenced the analytic methodologies that are used to evaluate potential security issues with products. This lack of diversity of thought has led to the unfortunate set of expectations that breaches are inevitable, and this situation will continue until the cybersecurity industry does a better job of including diverse voices and opinions in the global conversation about security.”
Podcast: The Truth Behind Automating Compliance Controls
ByKayne
In this episode of the EM360 Podcast, Analyst Richard Stiennon speaks to Kayne McGladrey, Field CISO at Hyperproof to explore: Automating compliance controls vs SOAR automation, Helping CISOs, and if one master set of controls cover multiple frameworks
SEC Cyber Risk Disclosures: What Companies Need to Know
ByKayne
In this video interview with Information Security Media Group at the Cybersecurity Implications of AI Summit, McGladrey also discussed:
Why companies should use tools and software to collect and automatically gather evidence of compliance;
The consequences of false cyber risk disclosures;
The impact that SEC requirements have on private companies and supply chains.