ISACA Journal Blog

 ‭(Hidden)‬ Admin Links

ISACA > Journal > Practically Speaking Blog

Managing the Enterprise Mobile App Security Environment

Mohammed J. Khan, CISA, CRISC, CIPM Posted: 7/25/2016 3:06:00 PM | Category: | Permalink | Email this post

Look around you and, in fact, at your own behavior, it is true that we are living in the age of mobility and it is getting more mobile every day. At first, it was an enterprise-driven mobile movement in the ‘90s, and soon after the Internet boom, consumer mobility platforms took over. We now see a parallel cross-integration between the consumer- and enterprise-driven mobile solutions in the workforce. This trend tells us that the chance of employees utilizing their own devices but conducting work-related activities will, in due time, result in a major financial loss, legal or governmental issues, or reputational risk because of the loss of a mobile device or data due to insecure mobile technology.


Minimizing the Risk of Cloud Adoption

Phil Zongo Posted: 7/18/2016 3:02:00 PM | Category: | Permalink | Email this post

Cloud adoption continues to accelerate due to its ability to enhance business agility, improve financial flexibility and differentiate businesses from their competitors. Yet like any disruptive technology, cloud use also introduces risk that is significant enough to warrant board attention. My recent Journal article discusses 3 critical controls business leaders should deploy to maximize cloud benefits while minimizing business risk:

Aligning cloud programs with strategy—Cloud initiatives aligned with enterprise goals have the potential to accelerate business innovation and uplift customer experiences. To achieve this potential, leaders should start by identifying business challenges and then build cloud solutions to address those needs. Equally important, the board should also approve the migration of high-value applications to public cloud, ensuring that the business is not exposed to risk outside its appetite.


SDN Concerns and Benefits

Nikesh Dubey, CISA, CISM, CRISC, CCISO, CISSP Posted: 7/11/2016 3:04:00 PM | Category: | Permalink | Email this post

Software-defined networking (SDN) is the next big focus in network intelligence. When the network is virtualized into the software-driven layer, the operations become more automated with less administrative overhead, allowing administrators to deeply penetrate the network fabric, giving better control through the programming ability in addition to reducing cost. However, as enterprises look to adopt  SDN, the top issue is the concern for security. As with any software and interconnected system, whenever we shift the responsibility of day-to-day activities and operations to a programmable software, we also invariably introduce an element of risk. Whenever resources are available over a network, there is always a chance of them being compromised. 


Personal Information on Your Mobile Devices

Larry G. Wlosinski, CISA, CISM, CRISC, CAP, CBCP, CCSP, CDP, CISSP, ITIL v3 Posted: 7/5/2016 7:44:00 AM | Category: | Permalink | Email this post

In this age of instant access to information on any topic in almost any location, it is important to be aware of the dangers that mobile computing devices (e.g., laptops, tablets, smart phones, electronic notepads) can present. I have several mobile devices and have been evaluating their capabilities, features and security weaknesses. During my investigation, I became aware that the US National Vulnerability Database does not list all vulnerabilities. I also became aware that there are many articles and blogs written about new products as they reviewed and tested, as they are upgraded, and as people share solutions to the problems encountered. I also became aware that security problems are found by accident, by vendor or government contests, and sometimes by those with malicious intent. Security issues are usually found after the device has hit the market. 


Social Learning and Security Awareness

Posted: 6/20/2016 3:06:00 PM | Category: | Permalink | Email this post

A workplace is a social place, and much of the learning that occurs there is social learning. Social learning occurs through observation of other individuals’ actions and behaviors. It is not a mere imitation of the behaviors of others in an environment, but a reasoning process in which the individual examines others’ behaviors and makes conscious decisions about whether to adopt or reject this learning. Social learning occurs continually, although we might not be aware that it is taking place.

One motivation for social learning in the workplace is the individual’s desire to fit into the environment. Social learning is relevant to promoting secure behaviors in the workplace. It is not limited to the physical world, but extends to the virtual world by using social media tools. It can be incorporated into existing security awareness efforts to strengthen them. Social learning is beneficial across all generations, but especially to millennials because of their early adoption of social media as a core communication and connectivity mechanism.

<< First   < Previous     Page: 1 of 63     Next >   Last >>