Audit & Risk Committee Member | Founder of Baltic Economist, Internal Audit Services | ACCA, CIA, CRMA, QIAL
Kviečiu registruotis į Vidaus auditorių asociacijos organizuojamus kibernetinės saugos mokymus ir dalinuosi labiausiai įsiminusiais key points iš ISACA Europe konferencijos Dubline: · Compliance on steroids with 2-7% fines from turnover: o NIS2 from 2024 o DORA from 2025 o AI Act from 2025 and 2026 o Cyber Resilience Act from 2027 · AI: approx. 1/3 of the topics focused on AI. AI Act and GDPR: understand synergies and differences, leverage current status – do not start from scratch, lower compliance costs. · (No easy) path to compliance: check what’s applicable, work with cross-functional teams, raise awareness through the organization about non-compliance penalties and sanctions, train all senior management, gap analysis, supply chain assessment, budget and resource assessment, close gaps, re-assess and improve, certify with ISO 27001:2022. · CISO’s working with the Board: find at least one cyber security advocate within the Board. Explain the cost and added value. Explain why the cyber security budget should be equally allocated across people, processes and technology. Provide metrics for the Board to follow and inform on crisis management, BCP, IT governance, infosec, and outsourcing status. Explain value in addition to legal/regulatory. Notify the Board in writing about the key issues and non-compliance due to lack of budget. · Daily routines: assessments, patch management, privileged access monitoring, zero trust for emergency access. · Third-party: the majority of breaches involve a third-party vendor. Your security is only as strong as the weakest link in your vendor network. Perform due diligence, including identifying KPIs before purchasing, monitoring, managing the contract, prepare for security breaches via incident management and tests. Indemnity, compensation and liquidity clauses in the contracts. · Cyber attacks: they will happen at each organization eventually. Cyber attacks will become uninsurable. · Survey results: key benefits for data security and audit professionals: certification and maintenance, continuous professional training, flexible work hours. · Make data security personal – it’s about defending our data and our way of life. Resist FOMO, and whatever you recently learned, probably will be obsolete soon…
📢 Kviečiame ne tik vidaus auditorius, bet ir rizikos vertintojus bei kitų profesijų atstovus į Kibernetinio saugumo audito mokymus, vyksiančius 2024 m. lapkričio 18-22 dienomis. Šiuose mokymuose: ✔ Išnagrinėsite pagrindines kibernetinės saugos rizikas ir jų valdymą; ✔ Sužinosite, kaip audituoti ir vertinti saugos kontrolės priemones; ✔ Susipažinsite su LR ir ES teisiniu reguliavimu bei gerosiomis praktikomis. Mokymai yra puiki proga tiek auditoriams, tiek rizikos vertintojams, IT specialistams ar organizacijų vadovams sustiprinti savo kompetencijas. Sėkmingai išlaikius baigiamąjį testą, bus išduodamas pažymėjimas. Registracija: https://bit.ly/4gO1RUf
Chief Business Development Officer at Stfalcon | Empowering Businesses with Tailored Web and Mobile Solutions | Collaborating with Key Players in the Logistics&Transportation and Fintech Industries
2moThanks for sharing, Laura. How do you think AI will impact compliance costs in the long run? 😊