//
you're reading...
Information Security, IT & TECHNOLOGY

Talking Team-Building, Business Continuity and Risk Management with Vicki Gavin


Vicki GavinEditor’s note: Vicki Gavin, CRISC, MBCI, is compliance director, and head of business continuity, cyber security and data privacy for The Economist. Gavin, based in London, recently visited with ISACA Now to discuss how her areas of expertise are being affected by the fast-changing technology and regulatory landscape. The following is an edited transcript.

ISACA Now: At InfoSec Europe last month, you were part of a panel that discussed building an agile team for the future. What were the major takeaways for you?
For me, the most significant takeaway was the need to do things differently. Current hiring processes are designed to exclude candidates. We need to get smarter about including candidates from a variety of backgrounds by systematically removing bias from role profiles, job descriptions and advertisements, screening and interviewing.

ISACA Now: How critical is it for organizations to have tech-savvy boards in terms of fostering strong governance?
I do not think the board needs to be tech-savvy. Tech awareness is sufficient. Security professionals need to become more business aware to communicate effectively with the board.

ISACA Now: What are some shortcuts that organizations tend to take in their governance that often come back to haunt them?
I think one of the biggest IT governance mistakes made by technology professionals is the assumption that risk is to be eliminated. Risk is to be managed; the key is to determine what level of risk your organization is willing to accept.

ISACA Now: What are the biggest keys to successful business continuity planning?
The value in planning is the process, not the plan. As Mike Tyson said, “Everybody has a plan until they get punched in the face.” The same is true for BCPs. The process, on the other hand, done properly, ensures a common risk appetite and approach to recovery when the time comes.

ISACA Now: Which emerging technologies present the greatest challenges from a compliance standpoint?
All of them. All change is disruptive. The challenge is to balance the risks and benefits of compliance.

ISACA Now: As we move closer to GDPR taking effect next year, are you sensing a greater sense of calm or of anxiety from your peers?
From my peers, anxiety. From my business, calm. We started on our GDPR journey about a year ago and will be ready by November 2017, giving us plenty of time to bed in new processes.

[ISACA Now Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 115,116 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,068 other followers

Twitter Updates

Archives

July 2017
M T W T F S S
« Jun    
 12
3456789
10111213141516
17181920212223
24252627282930
31  
%d bloggers like this: