Current Issue: Volume 14  11 July 2018

@ISACA is a biweekly publication available from this page and delivered via email to ISACA members and subscribers. This electronic newsletter features timely industry and ISACA news, as well as features and updates relevant to our readers.

Tips From Industry Experts

Lisa Young
By Lisa Young, CISA, CISM

A primary objective of risk management is to identify, assess, monitor and report on risk that would have the greatest impact on an organizations’ ability to meet its mission and strategic objectives. To successfully and efficiently manage risk, it is necessary to integrate risk activities as part of day-to-day operations rather than as add-ons or a separate set of tasks. Read More >>

Continuing GDPR Compliance for Your Enterprise

According to ISACA’s recent General Data Protection Regulation (GDPR) Readiness Survey, prioritizing GDPR compliance was one of the top 3 challenges business leaders face today. Even though the 25 May deadline has passed, many organizations are still working toward becoming GDPR compliant, and many that are compliant today are struggling with sustained compliance. Read More >>


Late last month, the state of California (US) legislature approved groundbreaking consumer privacy legislation that mirrors the General Data Protection Regulation (GDPR) in the European Union in several ways. AB 375, officially known as the California Consumer Privacy Act of 2018, allows consumers to see what information is being collected about them and the groups to which the information is being sold. Read More >>


Insider threats are quickly becoming the greatest cybersecurity threat organizations face, especially considering the millions of records stolen each day. Unfortunately, the contractors, vendors, privileged users and business users we often trust also often create the most risk. Read More >>

Using Active Defense to Keep Your Enterprise Email Secure

Business email compromise (BEC) scams cost organizations billions of US dollars and affected and targeted organizations usually only have a defensive position implemented, which does little to deter future attackers. While it is illegal in the United States to hack back at BEC actors, organizations can do more to remain secure by implementing an active defense plan. Read More >>


Data are an important commodity and key considerations in enterprise risk management and monitoring. Changes that happen over time can affect data risk and should be evaluated and monitored continuously to ensure the risk level is within the enterprise’s risk management plan guidelines. Read More >>


More than 140,000 individuals have earned ISACA’s Certified Information Systems Auditor (CISA) certification since its inception in 1978. ISACA marked the 40th anniversary of CISA this year. See the news release and infographic highlighting CISA’s impact on the audit, control and security community, and its sustained relevance among hiring managers and industry recruiters in our increasingly technology-dependent world. Read More >>