ISACA Now Blog


 ‭(Hidden)‬ Admin Links

Knowledge Center > ISACA Now

Ransomware: What Monetary Value Would You Assign to Your Data?

Brandon McCrillis, Sr., Information Security Consultant, Rendition Infosec, @13M4C
Posted: 5/24/2016 3:02:00 PM | Category: Security | Permalink | Email this post

Incidents involving ransomware are becoming more prevalent and can devastate an underprepared organization. What is most alarming is that ransomware variants are increasingly easier to obtain and deploy by not only criminal syndicates, but anyone with the means and desire to purchase.

In the community we have seen rapid development of ransomware with many of the more robust variants becoming more and more difficult to circumvent. Thankfully, many practitioners and researchers have come together to assist ransomware victims in recovering their data. While it is good to see open-sourced solutions available to mitigate ransomware and help victims recover their data, criminals that develop ransomware can easily sidestep identified recovery techniques and deploy a more advanced version.


CSX Career Starter Program a Boon to Students

Dr. Jeimy J. Cano M., Professor, Universidad de los Andes
Posted: 5/19/2016 3:10:00 PM | Category: Security | Permalink | Email this post

Today’s cybersecurity students face a number of challenges as they learn their field of choice. Two areas my students find particularly challenging include understanding the difference between information security and cybersecurity, and gaining context of a digitally altered world. They are also learning to analyze and understand the technological convergence and challenges around security, safety and control.

My cybersecurity students now have significantly more information to help them address those challenges. One of them is ISACA’s new Cybersecurity Fundamentals Career Starter program. Through the program, college and university instructors and students can receive free access to the Cybersecurity Fundamentals Study Guide, which I, and other professors, can use to shape our academic courses or as a reference to help build our students’ foundational cybersecurity knowledge.


Book of the Month: Controls and Assurance in the Cloud: Using COBIT® 5

Dr. Theodoros Stergiou, security solutions product manager & cloud security officer, Intracom Telecom
Posted: 5/18/2016 3:02:00 PM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

Cloud computing has probably been the most argued technological subject of the past 5-6 years. Throughout this period, cloud has evolved to become the top priority subject in organizations’ agendas, both in terms of governance (strategic decisions) and also as the unknown factor affecting the business.
The book, Controls and Assurance in the Cloud: Using COBIT 5, is a guide that addresses both issues.

More specifically, the book starts with a section outlining all of the business factors that make the transition to cloud an attractive business strategy. It then goes a step further by laying out cloud service and delivery (or deployment) models alongside the associated benefits and risks to an organization, whilst detailing cloud computing challenges that organizations need to address.


IT Assurance in the Cloud–A Journey Between Trust and Obligation

Matthias Kraft, CISA, CISM, CGEIT, CRISC
Posted: 5/17/2016 3:09:00 PM | Category: Audit-Assurance | Permalink | Email this post

There is no question that there are significant opportunities available in the cloud business. Many organizations are looking at cloud computing to increase the effectiveness of IT initiatives, reduce in-house operations cost, increase operational flexibility and generate a competitive advantage. However, like most technology changes, cloud computing presents its share of risks and challenges.

As the risks are better understood, businesses rely less on trust and put information security obligations on their cloud providers. Where security had been one of the main obstacles for cloud adoption in the past, vendors now understand the security and privacy concerns of their global customers and have adopted a business model built on enhanced security features such as encryption, and identity and access management, to name two examples. The result:  cloud services are heading to the next level of maturity.


Networking in an Increasingly Stable Environment

Danny Goldberg, CISA, CGEIT, CRISC, founder, GoldSRD
Posted: 5/13/2016 7:55:00 AM | Category: Audit-Assurance | Permalink | Email this post

The economy continues to improve, at least from an audit and IT audit perspective. Between 2011 and now, the job market strengthened significantly. Five years ago, within 48 hours of posting a job through search sites, I would have 5-15 viable candidates. Usually I never had to post on job search sites; someone in my professional network would ping me with interest. Now, I will post on searches and barely get a handful of candidates after a month. The economy has improved; maybe not to early 2000 numbers, but the market is doing very well.

The good job market can lull people into a networking slumber. When the recession hit 7+ years ago, I heard many candidates say, “I never thought I would be in this situation; I wish I had kept up with my network.” Every job market is cyclical, and you do not know when you might need to tap into your network, regardless of your field.

<< First   < Previous     Page: 1 of 118     Next >   Last >>

 About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.


To volunteer to write a blog or suggest a topic send an email here.