By prof. dr. Barry Derksen
Our first ISACA NL Chapter Journal, at a minimum I can say that ISACA NL can be proud of this achievement. But I would rather say that I’m honored to write this first intro for a journal with great articles, from our ISACA members and reviewed by the ISACA Review Board.
With the recent developments in IT such as Generative AI, new risks arrive in our landscape. At the same time IT risk and security often feel themselves as chasing the business owners on the importance to mitigate the risks, protect the organization and sometimes even as a police officer stating an employee went through the red light. Interesting developments like Zero Trust sound great in the ears of an information security officer looking for protection of the organization but for a business person it sounds like ‘I cannot move an inch before having approval from security’.
Why is it that people who want to protect are often seen as the ‘department of no’ instead of the team making sure I can do the business without being afraid to be hacked. It is my belief that our next step in Risk & Security is starting the Digital Security Transformation. It is the action of Risk & Security to start aligning our capabilities with the ‘business’. This will require to start seeing Trust, Risk & Security as a business or as a service.
In order to achieve this, it should be clear what the services are. Some are more easy to recognize such as a performed pentest and others are more difficult to show such as policy, standard and control management or assessing open source software.
The Digital Trust & Security transformation is working towards a services structure, risk based, protecting a dollar with dime (instead of the other way around), being able to be benchmarked on services instead of being a ‘cost center’. But it is also being the trusted advisor, selling cherries instead of lemons and becoming Seneca instead of Al Capone (picture below).
I do believe it is a difficult step searching for Zero Trust and protecting the business for all the possible threats. But using a Seneca approach within the organization will help realizing the next step towards Trust & Security as a service.
The developments such as Generative AI might make it even more complex and considering the several developments and challenges will lead to new risks (new IT, new risks). Mentioning this the authors in this ISACA NL Journal have set the bar with subjects covering Agile Secure, Artificial Intelligence, algorithms, dark patterns, cookies, Data Sovereignty, people behavior and quantum computer / ChatGPT.
The ISACA NL Review Board has been reviewing the great articles of the authors in this Journal and so my thanks go to both the authors and the Review Board and their constructive way of working. It felt to me as being aligned, being in the Seneca approach and for that, well done!
On behalf of the ISACA NL Board I wish you great reading pleasure!
Prof.dr. Barry Derksen