ISACA Now Blog


 ‭(Hidden)‬ Admin Links

Knowledge & Insights > ISACA Now

PowerShell: A Powerful Tool for Auditors

Adam Kohnke, CISA, CCNA: Sec, ITILv3 |Internal IT Auditor, Great Lakes Higher Education Corporation
Posted: 1/16/2018 3:10:00 PM | Category: Audit-Assurance | Permalink | Email this post

Adam KohnkeSome auditors may not know it, but a useful audit tool has been sitting right at your fingertips all along. The tool is PowerShell, a command-line utility you can use to answer many useful audit questions during your engagements. The benefits to the auditor are at least twofold: it allows you to save time by directly gathering authoritative information from the environment, and it helps you develop a useful industry skill with universal appeal.

First, you must be provided access to the tool on your desktop. Second, you must point PowerShell to directly query Active Directory for the information you want. This is accomplished using the set-location AD: command after launching PowerShell. Once issued, your cursor should change to reflect that you are executing queries against an Active Directory domain controller, so it looks like this: PS AD :\>.  All the below commands can be paired with Out-GridView or Out-File to provide report-based output.


In the Age of Cybersecurity, Are Data Centers Ignoring Physical Security?

Anna Johannson, Writer
Posted: 1/12/2018 3:06:00 PM | Category: Security | Permalink | Email this post

Anna JohannsonMaintaining a data center is a huge responsibility. While you certainly have systems in place for dealing with cyberthreats, are you giving enough attention to physical security? This is still a very important aspect of the security equation.

Five Tips for Keeping Data Centers Secure
The objective of physical data center security is pretty straightforward: keep out unauthorized people while closely monitoring those who do have access. That being said, the actual process of securing a data center isn’t nearly as simple. You have to be meticulous and comprehensive in your approach. The following tips should prove helpful:


Experts Share Their Insights on GDPR

Posted: 1/10/2018 3:03:00 PM | Category: Privacy | Permalink | Email this post

The implications of GDPR have become a popular topic of conversation in the information security and privacy communities. Now that we have arrived in 2018, expect those discussions to become all the more prevalent in advance of the May enforcement deadline.

In a panel discussion at ISACA’s CSX Europe conference, experts from ISACA, IAPP and ENISA joined together to provide their insights on GDPR and how to prepare. Watch the video, and in less than five minutes, come away better prepared to engage colleagues and fellow practitioners in this ongoing dialogue.

ISACA has produced additional GDPR resources to help prepare its global professional community for this high-impact regulation, with more on the way in the coming weeks, including an upcoming e-book with extensive guidance on implementing GDPR.


Simple, Structured Approach Needed to Leverage Threat Patterns

Demetrio Milea, CISA, CISM, CISSP, GCIH, OSCP, OSCE and Davide Veneziano, CISA, CISM, CISSP, OPST, GREM, GCFA
Posted: 1/9/2018 3:25:00 PM | Category: Security | Permalink | Email this post

Demetrio Milea and Davide VenezianoIT risks come from various sources that are not always easy to identify in advance, making prevention and mitigation really challenging. With the explosive growth in cloud, social, mobile and bring your own device (BYOD) computing, the attack surface is greater than ever, and new attack scenarios become possible due to the complexity of the network topology and the variety of enterprise applications and technologies that have to coexist.

Deploying threat patterns, defined as a set of characteristics featuring a suspicious behavior that can be revealed in security monitoring solutions (whether detective such as a SIEM platform or preventive such as a web gateway platform), is a great starting point for security operations teams to identify suspicious activities or potential attacks against networks, systems or applications.


Risk Professionals Pave the Way for Transformational Smart Contracts

Jack Freund, Ph.D., CISA, CISM, CRISC, Sr. Manager, Cyber Risk Framework for TIAA
Posted: 1/8/2018 3:12:00 PM | Category: Risk Management | Permalink | Email this post

Jack FreundIn 1999, Harvard Law professor Lawrence Lessig wrote in Code and Other Laws of Cyberspace that code is law. His writing nearly two decades ago was inspired by the US Digital Millennium Copyright Act (DMCA), but in reviewing his work today as we sit on the cusp of a blockchain revolution, it’s easy to see it as nothing short of prescient.

Smart contracts are simply computer code that is designed to automatically negotiate, verify, and/or enforce contractual terms; so quite literally, the code is the contractual “law” that dictates behaviors. The intersection of smart contracts and other burgeoning technologies can be quite profound. For example, if you were looking to lease an apartment, you could identify the terms around which you would accept a lease. A software agent could search a housing marketplace for monthly rent, deposits, apartment features and other criteria. The apartment complex could similarly advertise its conditions and apartment features.

<< First   < Previous     Page: 1 of 177     Next >   Last >>

 About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.


To volunteer to write a blog or suggest a topic send an email here.