ISACA Journal Blog

 ‭(Hidden)‬ Admin Links

ISACA > Journal > Practically Speaking Blog

Minimizing the Risk of Cloud Adoption

Phil Zongo Posted: 7/18/2016 3:02:00 PM | Category: | Permalink | Email this post

Cloud adoption continues to accelerate due to its ability to enhance business agility, improve financial flexibility and differentiate businesses from their competitors. Yet like any disruptive technology, cloud use also introduces risk that is significant enough to warrant board attention. My recent Journal article discusses 3 critical controls business leaders should deploy to maximize cloud benefits while minimizing business risk:

Aligning cloud programs with strategy—Cloud initiatives aligned with enterprise goals have the potential to accelerate business innovation and uplift customer experiences. To achieve this potential, leaders should start by identifying business challenges and then build cloud solutions to address those needs. Equally important, the board should also approve the migration of high-value applications to public cloud, ensuring that the business is not exposed to risk outside its appetite.

 
Read More >>
    

SDN Concerns and Benefits

Nikesh Dubey, CISA, CISM, CRISC, CCISO, CISSP Posted: 7/11/2016 3:04:00 PM | Category: | Permalink | Email this post

Software-defined networking (SDN) is the next big focus in network intelligence. When the network is virtualized into the software-driven layer, the operations become more automated with less administrative overhead, allowing administrators to deeply penetrate the network fabric, giving better control through the programming ability in addition to reducing cost. However, as enterprises look to adopt  SDN, the top issue is the concern for security. As with any software and interconnected system, whenever we shift the responsibility of day-to-day activities and operations to a programmable software, we also invariably introduce an element of risk. Whenever resources are available over a network, there is always a chance of them being compromised. 

 
Read More >>
    

Personal Information on Your Mobile Devices

Larry G. Wlosinski, CISA, CISM, CRISC, CAP, CBCP, CCSP, CDP, CISSP, ITIL v3 Posted: 7/5/2016 7:44:00 AM | Category: | Permalink | Email this post

In this age of instant access to information on any topic in almost any location, it is important to be aware of the dangers that mobile computing devices (e.g., laptops, tablets, smart phones, electronic notepads) can present. I have several mobile devices and have been evaluating their capabilities, features and security weaknesses. During my investigation, I became aware that the US National Vulnerability Database does not list all vulnerabilities. I also became aware that there are many articles and blogs written about new products as they reviewed and tested, as they are upgraded, and as people share solutions to the problems encountered. I also became aware that security problems are found by accident, by vendor or government contests, and sometimes by those with malicious intent. Security issues are usually found after the device has hit the market. 

 
Read More >>
    

Social Learning and Security Awareness

Kerry A. Anderson, CISA, CISM, CGEIT, CRISC, CCSK, CFE, CISSP, CSSLP, ISSAP, ISSMP
Posted: 6/20/2016 3:06:00 PM | Category: | Permalink | Email this post

A workplace is a social place, and much of the learning that occurs there is social learning. Social learning occurs through observation of other individuals’ actions and behaviors. It is not a mere imitation of the behaviors of others in an environment, but a reasoning process in which the individual examines others’ behaviors and makes conscious decisions about whether to adopt or reject this learning. Social learning occurs continually, although we might not be aware that it is taking place.

One motivation for social learning in the workplace is the individual’s desire to fit into the environment. Social learning is relevant to promoting secure behaviors in the workplace. It is not limited to the physical world, but extends to the virtual world by using social media tools. It can be incorporated into existing security awareness efforts to strengthen them. Social learning is beneficial across all generations, but especially to millennials because of their early adoption of social media as a core communication and connectivity mechanism.

 
Read More >>
    

Preparing for a Black Swan

Mustafa S. Poonawala, CISA, ITIL Posted: 6/6/2016 8:23:00 AM | Category: | Permalink | Email this post
Black swans are rare, unpredicted and unknown events that have a significant impact. It has been decades since the concept of the black swan was introduced, but even today there are many organizations that are unaware of it or do not understand the magnitude of its impact on their business. Some organizations believe that they will not be affected by it.
 
The chances of a black swan sighting are higher than ever and are increasing due to the rise in many of its causes, e.g., political turmoil, natural disasters, cyberattacks. The current need is for organizations to realize the gravity of the impact of a black swan and get itself ready so that it can minimize the damage. Therefore, organizations should concentrate on a better understanding of the value of their data and resources and, accordingly, back a sound resilience program financially and logistically.
 
Designing an effective resilience program requires careful monitoring and evaluation of various factors. The strategy used to design it should be evaluated constantly to ensure that it is able to handle the newest threats. The following points should be kept in mind when designing an effective resilience program:
  • A business continuity management program should be tailored as per the value of the data of each department within the organization.
  • An organization should be aware of how well its employees can function under pressure and exhibit their skills in an emergency.
  • It is essential for employees to have expert certifications in various fields rather than just completing foundation courses. This would help the organization have the proper expertise in designing the resilience program.
  • Complimenting updated human resources with the latest technology (e.g., implementing artificial intelligence) strengthens the line of defense.
  • Innovation and critical and aggressive thinking help reduce the impact of an incident.

One thing to keep in mind is that the term black swan is applied to an unknown threat. Therefore, there is no fail-proof strategy against it. A good resilience program may not stop a threat altogether, but it definitely can reduce the impact of the risk.

 
Read More >>
    
<< First   < Previous     Page: 1 of 63     Next >   Last >>