Beste bezoeker, u bezoekt onze website met Internet Explorer. Deze browser wordt niet meer actief ondersteund door Microsoft en kan voor veiligheids- en weergave problemen zorgen. Voor uw veiligheid raden wij u aan om een courante browser te gebruiken, zoals Google Chrome of Microsoft Edge.

The start of the Digital Security Transformation

By prof. dr. Barry Derksen

Our first ISACA NL Chapter Journal, at a minimum I can say that ISACA NL can be proud of this achievement. But I would rather say that I’m honored to write this first intro for a journal with great articles, from our ISACA members and reviewed by the ISACA Review Board.

With the recent developments in IT such as Generative AI, new risks arrive in our landscape. At the same time IT risk and security often feel themselves as chasing the business owners on the importance to mitigate the risks, protect the organization and sometimes even as a police officer stating an employee went through the red light. Interesting developments like Zero Trust sound great in the ears of an information security officer looking for protection of the organization but for a business person it sounds like ‘I cannot move an inch before having approval from security’.

Why is it that people who want to protect are often seen as the ‘department of no’ instead of the team making sure I can do the business without being afraid to be hacked. It is my belief that our next step in Risk & Security is starting the Digital Security Transformation. It is the action of Risk & Security to start aligning our capabilities with the ‘business’. This will require to start seeing Trust, Risk & Security as a business or as a service.

In order to achieve this, it should be clear what the services are. Some are more easy to recognize such as a performed pentest and others are more difficult to show such as policy, standard and control management or assessing open source software.

The Digital Trust & Security transformation is working towards a services structure, risk based, protecting a dollar with dime (instead of the other way around), being able to be benchmarked on services instead of being a ‘cost center’. But it is also being the trusted advisor, selling cherries instead of lemons and becoming Seneca instead of Al Capone (picture below).

Source: Discover the IT Cherry (Butterhoff, 2016)

I do believe it is a difficult step searching for Zero Trust and protecting the business for all the possible threats. But using a Seneca approach within the organization will help realizing the next step towards Trust & Security as a service.

The developments such as Generative AI might make it even more complex and considering the several developments and challenges will lead to new risks (new IT, new risks). Mentioning this the authors in this ISACA NL Journal have set the bar with subjects covering Agile Secure, Artificial Intelligence, algorithms, dark patterns, cookies, Data Sovereignty, people behavior and quantum computer / ChatGPT.

The ISACA NL Review Board has been reviewing the great articles of the authors in this Journal and so my thanks go to both the authors and the Review Board and their constructive way of working. It felt to me as being aligned, being in the Seneca approach and for that, well done!

On behalf of the ISACA NL Board I wish you great reading pleasure!

Best regards

Prof.dr. Barry Derksen

Barry Derksen

Barry Derksen

Member ISACA NL Board
Chairman ISACA NL Review Board

Gerelateerde berichten

  • ISACA NL Journal ·

Succesfactoren voor DevSecOps in agile software development

Authors: Mirna Bognar, Nico Kaag, Susan Schaeffer - Zeggen dat DevSecOps zijn passie is gaat Nico Kaag te ver. Maar hij zou wel graag zien dat security een vast onderdeel wordt bij (agile) softwareontwikkeling. In de praktijk ziet Nico namelijk nog vaak dat softwareontwikkelaars uitstekend software kunnen ontwikkelen, maar onvoldoende aandacht hebben voor security.
  • ISACA NL Journal ·

Where to stash your (Data)loot?

Author: Paul Oor - Dealing with the Challenges of Data Sovereignty involves many decisions on the relevance and importance of available options while accepting uncertainty in a complex, dynamic world. The importance of Data for any organization is increasing and undisputed. The IT-industry has become mature on the classical themes ensuring continuous operations of Data Center facilities like those addressed by the Uptime Institute.

Plaats een reactie

Deze site gebruikt Akismet om spam te verminderen. Bekijk hoe je reactie-gegevens worden verwerkt.

We gebruiken functionele en analytische cookies om ervoor te zorgen dat de website optimaal presteert. Als u doorgaat met het gebruik van deze site, gaan we ervan uit dat u hiermee akkoord gaat. Meer informatie vindt u in onze Privacyverklaring.