Page 8 - Can AI take education to a new level
P. 8
INTERVIEW
Home
News incident reporting requirements laid down by the Securities and expertise are beneficial because they execute at a totally different
Exchange Commission (SEC) in the US, to the European Union’s level. It’s exactly the same for cyber.”
How the chip sector (EU) Cyber Resilience Act (CRA). A second theme she picks out, which again relates to compli-
is gearing up for Rosso says she was surprised by elements of both sets of regu- ance, is the growing complexity of third-party risk management,
the AI revolution
lations, notably very tight incident reporting timeframes mandated supply chain security and security-by-design, all of which inter-
by the SEC, which have been the subject of much debate across relate in some way as a risk magnifier for organisations. This is
How ISC2 aims
to overcome the Atlantic. Similar concerns have being thought about and tackled
cyber barriers been raised around the CRA, to in both the UK – which has done
which UK-based organisations will “we are movIng from a model world-leading work on this topic
Editor’s comment have to submit if they wish to work – and the EU, but, says Rosso,
in the EU, regardless of Brexit. where the consumer or the user “nobody has an answer”.
Buyer’s guide “We need a more global set of “The overall theme that reso-
to the future of standards and harmonisation,” says bears the burden of securIty to nates everywhere is we are
business software
Rosso. “Different regulators do look those who best have the abIlIty moving from a model where the
to each other, and they try to follow consumer or the user bears the
Harnessing large
language models one another’s leads, but as a profes- to handle It – the developers and burden of security to those who
for education sional association with over 500,000 best have the ability to handle it
members, we have to help provide companIes sellIng the software” bearing the burden, which means
the voice of the professional.” Clar rosso, IsC2 the developers and the compa-
One of the things Rosso believes nies that are selling the software,”
all organisations would find valuable she says.
is if their C-suites and boards had a better understanding of cyber Rosso believes the next couple of years will be pivotal for such
risk and how to evaluate that to begin with. She cites recent ISC2 cyber policymaking, driven by the high-profile nature of threats
research – conducted in the US only but likely of global relevance and the near inevitability of experiencing some form of cyber
– which found that 88% of directors in the US were essentially attack, whether successful or not.
illiterate when it came to cyber security. “I would pull that up a level and say it’s actually simple aware-
“This could make a real difference,” she says. “I know from ness that cyber is a national security and an economic security
my time in financial services that board members with financial issue, and that’s why it can’t be ignored anymore,” she says. n
computerweekly.com 21-27 November 2023 8
