ISACA Journal Blog

 ‭(Hidden)‬ Admin Links

ISACA > Journal > Practically Speaking Blog

While You Are Away From Home

Amgad Gamal, CISA, COBIT Foundation  CEH, CHFI, CISSP, ECSA, ISO 27000 LA, ISO 20000 Lead Practitioner, MCDBA, MCITP, MCP, MCSE, MCT, PRINCE2 Foundation/Practitioner
Posted: 8/22/2016 3:44:00 PM | Category: | Permalink | Email this post

Amgad Gamal, CISA, COBIT Foundation  CEH, CHFI, CISSP, ECSA, ISO 27000 LA, ISO 20000 Lead Practitioner, MCDBA, MCITP, MCP, MCSE, MCT, PRINCE2 Foundation/Practitioner, has more than 18 years of experience in service management and information security in more than 8 international companies and organizations. Gamal is currently the regional IT manager for Middle East and Eurasia region in one of the biggest international non-profit non-governmental organizations worldwide.

You may require Internet access while traveling, commuting, attending an external meeting or while on vacation. However, this type of connection can pose a security risk.


Is Maintaining Privacy an Uphill Battle?

C. Warren Axelrod, Ph.D., CISM, CISSP Posted: 8/1/2016 8:07:00 AM | Category: | Permalink | Email this post

Since the advent of the World Wide Web a quarter of a century ago, advocates have lamented the loss of privacy year after year without there appearing to have much impact. In fact, the privacy problem seems to be getting much worse by the minute as more information about ourselves and our activities becomes available to practically anyone with access to the web.

However, the situation may not be as bad as many contend, since personal information falls into several categories, not all of which need to be held to the same high standards.

The most sensitive data from an individual’s perspective are so-called nonpublic personal information (NPPI) or personally identifiable information (PII) and personal or protected health information (PHI). Compromise of these categories of data, which include date of birth, US Social Security and drivers’ license numbers, bank account numbers, and the like, can lead to identity theft, which may then result in intolerable fraudulent activities.


Managing the Enterprise Mobile App Security Environment

Mohammed J. Khan, CISA, CRISC, CIPM Posted: 7/25/2016 3:06:00 PM | Category: | Permalink | Email this post

Look around you and, in fact, at your own behavior, it is true that we are living in the age of mobility and it is getting more mobile every day. At first, it was an enterprise-driven mobile movement in the ‘90s, and soon after the Internet boom, consumer mobility platforms took over. We now see a parallel cross-integration between the consumer- and enterprise-driven mobile solutions in the workforce. This trend tells us that the chance of employees utilizing their own devices but conducting work-related activities will, in due time, result in a major financial loss, legal or governmental issues, or reputational risk because of the loss of a mobile device or data due to insecure mobile technology.


Minimizing the Risk of Cloud Adoption

Phil Zongo Posted: 7/18/2016 3:02:00 PM | Category: | Permalink | Email this post

Cloud adoption continues to accelerate due to its ability to enhance business agility, improve financial flexibility and differentiate businesses from their competitors. Yet like any disruptive technology, cloud use also introduces risk that is significant enough to warrant board attention. My recent Journal article discusses 3 critical controls business leaders should deploy to maximize cloud benefits while minimizing business risk:

Aligning cloud programs with strategy—Cloud initiatives aligned with enterprise goals have the potential to accelerate business innovation and uplift customer experiences. To achieve this potential, leaders should start by identifying business challenges and then build cloud solutions to address those needs. Equally important, the board should also approve the migration of high-value applications to public cloud, ensuring that the business is not exposed to risk outside its appetite.


SDN Concerns and Benefits

Nikesh Dubey, CISA, CISM, CRISC, CCISO, CISSP Posted: 7/11/2016 3:04:00 PM | Category: | Permalink | Email this post

Software-defined networking (SDN) is the next big focus in network intelligence. When the network is virtualized into the software-driven layer, the operations become more automated with less administrative overhead, allowing administrators to deeply penetrate the network fabric, giving better control through the programming ability in addition to reducing cost. However, as enterprises look to adopt  SDN, the top issue is the concern for security. As with any software and interconnected system, whenever we shift the responsibility of day-to-day activities and operations to a programmable software, we also invariably introduce an element of risk. Whenever resources are available over a network, there is always a chance of them being compromised. 

<< First   < Previous     Page: 1 of 64     Next >   Last >>