Consultancy and Advisory Awards 2017

4 CORPORATE VISION / 2017 Consultancy & Advisory Awards , The Information Security Forum (ISF) is a global membership organisation comprisingmany of the world’s major organisations, public sector bodies and governments featured on the Fortune 500 and Forbes 2000 listings. Information Security Forum (ISF) Founded in 1989, since inception the ISF has been dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management through developing best practice methodologies, processes and solutions that meet the business needs of members. Recently, the organisation introduced a new offering, ISF Consultancy Services, which provide members and non- members with the opportunity to purchase short-term, professional support activities to supplement the implementation of ISF products. Where organisations lack the time, resources or in- house expertise to demonstrate the significance of information security to the business, or to deliver a business essential project, ISF Consultancy Services provide independent and objective guidance and support. These award-winning Consultancy Services, developed in response to ISF member demand, deliver a variety of business solutions which are tailored to meet immediate business requirements such as preparing organisations for upcoming legislation, developing risk assessment methodologies; updating policies and procedures; critical information asset management, and providing interim CISO’s guidelines. Ultimately, a major revolution is coming within the security industry. Conventional notions of privacy and appropriate information sharing have changed dramatically. There is a shift which is particularly apparent in the way people use the Internet in their private lives, which frequently includes the exchange of highly personal information and images. However, for employers, that behaviour is not only a security concern, it is a journey into treacherous legal territory. Additionally, it is a journey which knows no jurisdictional boundaries. New privacy regulations will potentially restrict the ability to combat a major threat. Stipulations that the profiling of individuals must be transparent will result in a conundrum for an organisation: either stop using tools that monitor user behaviour, thus enabling malicious insiders to hide and continue to compromise information; or continue to use the tools, expose the organisation and suffer consequences. Updated regulations are implemented only after lengthy processes to obtain consensus and approval, yet advances in technology will continue apace. The use of increasingly mature AI in automated systems will produce outcomes that go beyond the expectations and understanding of business leaders, developers and system managers. Without a sufficiently skilled workforce to oversee the technology, AI systems will start to make independent decisions that contradict defined business rules, disrupt operations and create new security vulnerabilities. Fundamentally, organisations will need to take steps to manage emerging risks in a complex regulatory and technological environment (the ISF’s Threat Horizon 2019 report equips business leaders with knowledge of these threats). Even though many factors will be beyond the direct control of the organisation, business and security leaders can prepare to address these threats through: considered risk assessments; open and honest negotiations with communications providers; taking legal counsel to understand the effects of new regulations; and building a workforce that is ready for the adoption of advanced technology. In the coming year, there will be a changing of the guard with regards to cybersecurity. The number and scale of data breaches will grow along with the volume of compromised records, becoming far more expensive for organisations of all sizes. Costs will come from traditional areas, such as network clean-up and customer notification, as well as newer areas such as litigation involving a growing number of parties. Angry customers will pressure governments to introduce tighter data protection legislation, bringing new and unforeseen costs. The resulting growth of international regulations, such as the European Union’s recently adopted General Data Protection Regulation (GDPR) will create new compliance headaches for organisations while doing little to deter attackers. In addition, individuals around the world will wearily expect their personal data to be compromised. In some cases, sophisticated defenses will be circumvented by persistent criminal organisations that swiftly exploit stolen data. The significant cost of the resulting cyber-crimes will rise steeply. Moving forward, the industry needs more imaginative forms of cyber education that will help to crystalize public expectations and inform behaviour for the next generation of cyber citizens. Organisations, such as the ISF are here to ensure that organisations of all sizes are able to deal with the ever-changing cyber security landscape. ISF Consultancy Services provide organisations with a variety of business solutions which are tailored to meet their immediate business requirements. ISF consultants provide customised, professional support and training to strengthen any organisation’s cyber resilience and information risk management arrangements, while equipping them to respond to rapidly evolving threats. CO170003