Digital Trust Pros Highlight Key Priorities for 2023 in Privacy, Cybersecurity, Audit and Risk

Aporia attains SOC 2 Certification

New Look Marks a New Era for ISACA

Looking ahead to a new year offers a valuable opportunity for digital trust professionals to not only reassess the practices within their own function or organization, but also to examine how they can continue to grow in their roles. From this vantage point, ISACA experts recently highlighted their 2023 insights and recommendations for the privacy, cybersecurity, audit and risk fields in a series of blog posts for the ISACA Now blog.

Privacy

In this complex data privacy landscape, Dr. Lisa McKee, Ph.D, Director of Governance, Risk, Compliance and Privacy, Hudl, and member of the ISACA Emerging Trends Working Group, recommends that professionals adopt zero trust privacy with data governance, as well as a ComPriSec approach—or the convergence of compliance, privacy and security—in the new year. In her recent blog post, she highlights the important role of the privacy engineer, but also emphasizes that in addition to having strong privacy professionals, consumers everywhere need to do their part and be mindful of the online presence they create.

“Privacy risk appetite is seldom discussed among boards and leaders. Privacy leaders should make sure their programs include a focus on privacy risk management programs, privacy risk appetite, privacy risk tolerance, privacy key performance indicators, privacy key risk indicators, privacy metrics and reporting. 2023 will heighten these needs as the compliance landscape continues to evolve,” says McKee.

Marketing Technology News: MarTech Interview with Liz Carter, CMO at Reputation

Cybersecurity

In her blog post, Samantha Hart, a global chief information security officer, emphasizes that a big part of looking ahead to the new year for cybersecurity professionals should involve preparations on both a professional and personal level that can help ensure they are set for success. This includes:

  • Having a personal incident response plan that factors in your home life
  • Going into the office to make connections with colleagues face-to-face
  • Knowing your business
  • Being flexible
  • Embracing tech and tools but keeping people at the forefront

“Yes, we do need to fully understand our attack surface and ensure we have all of the controls in place to detect and respond—however, all the tools in the world won’t take the place of skilled and valued team members who will monitor and respond to the alerts with a human eye that knows what is benign and what is an attack,” says Hart.

Audit

The shifting technology environment, especially given the rise in cloud implementations accelerated by the pandemic, has recalibrated the business landscape.

“The biggest grievance for many core information security professionals has been that the IT audit community has failed to keep pace with this rapidly changing environment and has yet to completely upskill and adapt,” says Varun Prasad, Senior Manager (Cloud), Third Party Attestation, BDO USA, in his recent blog post. “As we look to 2023, traditional audit approaches that were used to evaluate legacy IT environments will not make sense for the decoupled cloud native architecture of today’s world.”

Prasad explores some of these areas that auditors should focus on in the coming year to stay on top of their game, including understanding cloud native DevOps and cloud security posture management, being able to evaluate privacy compliance, and gaining knowledge into vulnerability management and the scope of each type of vulnerability scan. Additionally, he emphasizes the importance for auditors to have strong soft skills in addition to technical ones—in particular, developing emotional intelligence to deal with pressures and avoid burnout.

Risk

Kerris Lee, ISACA Global Director of Enterprise Risk Management, provides tips that risk management professionals turn their attention to addressing some commonly forgotten action items that actually have a big impact—like enhancing the risk identification and governance process, by eliminating risk duplicates and ensuring that risk management has a role in reviewing organizational policies, establishing review cycles of incident response plans and business continuity planning, as well as procurement and contract processes. Additionally, he notes in his post that working to strike the right tone at the top with senior leadership around the role of enterprise risk management can go a long way in helping the rest of the organization understand and value the function.

“While there are many areas for risk management professionals to focus on in our day-to-day operations, these are, in my experience, the ones that are often overlooked and that can hurt the organization over time,” says Lee. “Assuming you are doing the big things well already, it is oftentimes the little things that can make a big difference.”

Marketing Technology News: First-Party Data in the Post-Cookie World

Picture of Business Wire

Business Wire

For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.

You Might Also Like