New cybersecurity laws arise to combat the dangerous consequences of cybersecurity incidents that affect organizations around the world. The New York State Department of Financial Services Regulation (23 NYCRR 500) is effective as of March 1st this year. Though full compliance is not required for 18 months, New York state, a primary hub for global finance, enacted this prescriptive law affecting banks and insurers (with greater than 10 employees) conducting business within its borders. The law is expected to serve as a model for other states and is likely to have ripple effects around the world.
Our View: Our Compliance Policy outlines how organizations can take the steps they need to achieve their goals, while ensuring that all mandatory laws and regulations are followed. Implementing this policy will allow information systems to be well maintained and managed accordingly.
Information-technology systems and solutions built and used inside organizations without explicit organizational approval can pose enormous risks for companies and is often referred to as “shadow IT.” The CTO of Cisco Collaboration, Jonathan Rosenberg, says it doesn’t have to be that way as he describes an approach that will inspire users to prefer IT over outside vendors and reduce their use of shadow IT without draconian rules or turf battles.
Our View: The spread of extra-organizational units presents challenges for IT leaders. When there is an extreme reliance on task forces, committees, special projects, and/or shadow organizations, unclear roles arise and IT staff are uncertain of accountabilities. Functions overlap and work “falls between the cracks.” Address these issues by aligning the IT organization structure to the business strategy. For more information, see our research on IT Organizational Design.
Global insurance companies CNA Hardy and THB are working with the Israel-based Waterfall Security Solutions to offer a new form of industrial cyber insurance. The CEO and co-founder of Waterfall, Lior Frenkel, said “it’s a huge vote of confidence. These huge companies are doing something new, something really big from their side, based on our technology.”
Our View: Cyber insurance and a disaster recovery plan are important for all organizations to consider before disaster strikes. Traditional disaster recovery plan templates are onerous and result in a lengthy, dense plan that might satisfy auditors but is not effective in a crisis. Use our research to Create a Right-Sized Disaster Recovery Plan.
Whether it’s because of their breathtaking setting, magical ambiance, impeccable service, or delicious food, the most awe-inspiring restaurants change the way we look at the dining experience. Ithaa in the Maldives is a stunning 12-seat restaurant located under the sea and The Jane in Antwerp, Belgium, serves impressive food in an equally impressive former chapel of a military hospital.