ISACA Now Blog


 ‭(Hidden)‬ Admin Links

Knowledge & Insights > ISACA Now

The Impact of GDPR on Cybersecurity Managers

Anna Vladimirova-Kryukova, certified Data Protection Officer, CSX Fundamentals certificate, COBALT, Latvia
Posted: 11/19/2018 3:04:00 PM | Category: Security | Permalink | Email this post

Anna Vladimirova KryukovaAround six months have passed since the General Data Protection Regulation (GDPR) took effect. Among many unclear implication of GDPR, the vaguest might be how to ensure compliance with the security requirements, including data protection by design and by default. It has been a tough task for cybersecurity professionals to understand how to interpret the GDPR requirements and probably will be a continuous struggle over the next several years.

However, the interpretation of these GDPR provisions should not be the only aspect to command our attention. The increased penalties (up to 20 million Euros or 4 percent of the total annual turnover) made many companies think not only about how to ensure compliance, but also about what happens if the required measures are not implemented. Thus, the question for many companies is who will be liable for compliance failures regarding GDPR security rules: the company or cybersecurity manager?


Is HIPAA Compliance Enough to Keep Your Organization Safe?

Anna Johannson, Writer
Posted: 11/15/2018 3:01:00 PM | Category: Government-Regulatory | Permalink | Email this post

Anna JohannsonThe Health Insurance Portability and Accountability Act (HIPAA) has evolved considerably to keep up with the demands of our modern society. Now that protected health information (PHI) is kept via electronic records, healthcare organizations need to comply with the HIPAA Security Rule if they want to keep their patients’ data private (and avoid a hefty fine).

What’s Required for HIPAA Compliance?
HIPAA compliance requirements can be complicated, but at a minimum, you’ll need to do the following:


Before You Commit to a Vendor, Consider Your Exit Strategy

Baan Alsinawi, President, TalaTek
Posted: 11/14/2018 3:01:00 PM | Category: Cloud Computing | Permalink | Email this post

Baan AlsinawiVendor lock-in. What is it? Vendor lock-in occurs when you adopt a product or service for your business, and then find yourself locked in, unable to easily transition to a competitor's product or service. Vendor lock-in is becoming more prevalent as we migrate from legacy IT models to the plethora of sophisticated cloud services offering rapid scalability and elasticity, while fueling creativity and minimizing costs.

However, as we rush to take advantage of what the cloud has to offer, we should plan strategically for vendor lock-in. What happens if you find another cloud provider that you prefer? How will you migrate your services? What are the costs, how disruptive will it be, and will you have the professional talent to transition successfully?


COBIT 2019 Makes Framework Easier to Understand, Customize

Mark Thomas, CGEIT, CRISC, President, Escoute LLC
Posted: 11/13/2018 7:56:00 AM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

Mark ThomasPractitioners charged with effective governance of information and technology have a tremendous new resource to draw upon with a significant refresh to the COBIT framework. Today, the first two books of COBIT 2019 have been released, with additional publications to follow later this year.

I could go on for hours about the elements of COBIT 2019 that I believe will be well-received by our passionate global community of COBIT users (and considering I am one of those passionate COBIT users, if I catch you in person at an ISACA event, I might just do so). For the purposes of this blog post, I will put forward a list of five aspects of COBIT 2019 that I consider especially appealing.


Building Cyber Resilience Through a Risk-Based Approach

E. Doug Grindstaff II, SVP of Cybersecurity Solutions at CMMI Institute
Posted: 11/8/2018 3:06:00 PM | Category: Risk Management | Permalink | Email this post

E. Doug Grindstaff For many organizations to have an effective cyber culture, they must also have a mature cyber culture. A recent cybersecurity culture study conducted by ISACA and CMMI Institute found that only 5 percent of organizations believe no gap exists between their current and desired cybersecurity culture. A full third see a significant gap. That’s why I found it so valuable to sit down with cybersecurity leaders across the public, private and non-profit sectors to have a discussion in the UK last week about cyber maturity, what it means to people and how we can help organizations value being more prepared.

<< First   < Previous     Page: 1 of 211     Next >   Last >>

 About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.


To volunteer to write a blog or suggest a topic send an email here.