Contributors and hinderance to being a Leader

The do’s and don’ts according to TedTalk - Forbes

• Be present, reach for the stars, and believe in yourself – do not sit in the sidelines or edge looking in, and don’t underestimate your skills 
• Be more engaged in conversation – a smile goes a long way but equally important is the tone of your voice to convey the message…which should NOT include: gossiping, judging, negativity, complaining, excuses, lying, dogmatism
• Understand your audience, and the WHY, not just the what  – people buy more into why you believe such things, not what you believe in i.e. the later is just proof

Inspiring others will naturally make them follow and for themselves - because they want to...as long as there is integrity, honesty and compassion in the words that mimics the actions - takeaway from #trueleader article

GRC Roundtable

A brief collaboration of nearby (brand name) industry leaders at various (earlier stages) of the GRC journey for their organization...hosted by PwC
Very participative discussion with highlights / notes below:

• Leading product mentioned were Archer (of course), RSAM, ServiceNow, MetricStream, Protiviti, ACL
• Key question raised was requesting and formulation of requirements from all GRC participants i.e. Stakeholders, end-users 
• Determining what processes require inclusion is vital to the strategy and success of a GRC solution...as well as obtain professional services at pivotal points
• No single executive sponsor witnessed to drive solution from strategy to deployment - which results from high cost of investment for a comprehensive/cross-departmental deployment. 
• Essential fact is that, demonstrating success within your own/individual deployment or department will break the barriers with others / cross-divisional lines
• Considerations with existing platforms such as company ERP, ERM, Security Practice can greatly influence requirements, architecture, support, etc.
• Off-line feature can be essential when working remote or due to other limitations.  However, off-set mobile capabilities are still in its infancy 
• GRC delivers metrics, reflection of trends and operational status; however, decision making, ROI and particularly risk reduction is a future state.
• Multiple (GRC) toolset is the norm so set your expectations and plan accordingly for integration i.e. a single solution is highly unlikely
• To achieve "sexy" or comprehensive dashboards for C-Suite levels to Managers to End-Users require other visualization tools.
• Not accessing change management for deployment and daily usage will hamper implementation and longevity 
• Data privacy (access, storage) is a concern for global organizations although most are turning to cloud based solutions (that offer better product/service support and customer accessibility)
• Product mobility and accessibility is a need, yet 2+ years away from general use/release e.g. leverage GRC for operational efficiency via mobile devices is just a wish for now regardless of marketing slides

Can't wait to compare notes throughout this journey

Glass-ceiling index for women in the workforce

...study by The Economist.com
Weighted values can be adjusted but overall, based on role of women in the workforce vs men, wage-gap, education:

• Top/best countries are Iceland, Norway and Finland
• The bottom/worst are Japan, Turkey and South Korea 

Also, studies show that where new fathers take parental leave, mothers tend to return to the labour market, female employment is higher and the earnings gap between men and women is lower. Each country’s score is a weighted average of its performance on ten indicators - from the Economist.com

Snippets of security breaches around the world

in 30 seconds since Japan site seeing…

• 1.4 Gig of personal identifier numbers and other sensitive data of 10 millions of Turkey citizens were upload to the web…pointing to the Turkish government as the source for the unencrypted data.  Any references to it being related to a prior 2010 breach, Americans or comments related to the presidential candidate / Trump, etc. but authenticity being still being investigated.
• The Philippines election website was hacked just before the general election
• A former employee of the FDIC (Federal Deposit Insurance Corporation) inadvertently downloaded information that caused a cyber breach of 44,000 customer records.  This is coming of the heals of a 22 million personal records exposed last summer due to an hack on the Office of Personnel Management database.
• Indianapolis’ Decatur Township robbery lead administrators to quickly disable a teacher’s key fab when his home was burglarized in the early morning hours of April 11th (which would have allowed access to the school and other sensitive school areas such as server rooms and student records). The stolen computer and iPad was not issued by the school and no information regarding it’s data content has been reported.
• Water treatment plant said to have been infiltrated by a Syria related hacktivist group using SQL injection and phishing techniques resulting in control of regulated values and ducts for the flow of water and chemicals that could directly affect 2.5 million customers
• A Delhi Metro security breach which included a stabbing is leading to further dispute about who should be in charge of security, Delhi police vs. Central Industrial Security Force.  Apparently, repeat incidents over the years has once again raise the topic/urgency.
• National Childbirth Trust (NCT) website was breach leading to compromise of email addresses, usernames and passwords (but claimed no financial or personal data exposed).  The Charity organizations bring together networks of local parents with other parents for relationship developments, emotional support, etc.  Based in London, it has branches in Scotland and other bordering counties.
• Trump hotels looking into credit card data hack due to suspected fraudulent activities related to New York, Toronto, Honolulu hotel locations.