ISACA Now Blog


 ‭(Hidden)‬ Admin Links

Knowledge Center > ISACA Now

Happy Cyber Security Awareness Month!

Christos K. Dimitriadis, Ph.D., CISA, CISM, CRISC Posted: 10/2/2015 10:18:00 AM | Category: Security | Permalink | Email this post

October is National Cyber Security Awareness Month—an important moment in time that reminds us of a global priority that impacts all of us and our organizations every day.

Cyber security—making our digital world safer and more secure—is everyone’s responsibility. At ISACA, we take very seriously our responsibility to equip cyber security professionals around the world with the tools, credentials, education and community they need to meet cyber security challenges head on.

ISACA is a champion of National Cyber Security Awareness Month and is offering several events and initiatives as part of our Cybersecurity Nexus (CSX). Opportunities include in-person and online events and resources for continuing education, skills building and tools to help you strengthen the security of your enterprises and enhance your careers.


The Risk of Mobile Pivoting in the Enterprise

Georgia Weidman Posted: 9/29/2015 3:02:00 PM | Category: Security | Permalink | Email this post

While users and enterprises are becoming aware of the risk of mobile-based malware to the sensitive data stored on mobile devices, an often overlooked attack vector is attackers using a compromised mobile device to attack other devices on the network. Mobile devices, as their name implies, are upwardly mobile, often connecting to a plethora of different Wi-Fi networks as they accompany their owner to work, school, home, the coffee shop, the airport, etc. Each new platform is a gateway to a direct network connection to vulnerable systems.

Some penetration testers drop malicious devices that call home on a network as part of a physical access attack, simulating compromised devices on a network. This provides a pivot point to attack internal assets from the Internet. While this is a valid attack vector, what is being overlooked is that any of the mobile devices that are joining the network have this functionality by design, if they are compromised. Attached to the corporate network as well as the carrier mobile network, these devices are a natural pivot point.


International President: The Power of Convenience

Christos K. Dimitriadis, Ph.D., CISA, CISM, CRISC Posted: 9/24/2015 3:27:00 PM | Category: Security | Permalink | Email this post

Convenience is a great motivator. The search for greater conveniences for businesses and consumers has created game-changing paradigm shifts. ATMs, online banking, movie streaming and even household appliances all transformed businesses. They opened up completely new markets, and at the same time, marked the end for businesses that didn’t innovate.

But each convenience, and each new service and technology comes with new, often uncharted risks. Mobile payments are no exception. The global mobile payment transaction market, including solutions offered by Apple Pay, Google Wallet, PayPal and Venmo, will be worth an estimated US $2.8 trillion by 2020, according to Future Market Insights.


The Grapes of Career Path—Why Computer Science Graduates Need Cyber Certifications

Adeline Heuchan Posted: 9/23/2015 3:06:00 PM | Category: Certification | Permalink | Email this post
“Why don't you go on west to California? There's work there, and it never gets cold. Why, you can reach out anywhere and pick an orange. Why, there's always some kind of crop to work in. Why don't you go there?”

John Steinbeck, “The Grapes of Wrath”

I am one of the lucky ones. After a few twists and turns along the way, I landed a great job in my chosen discipline (cybersecurity)—the field I spent four years of my life studying. Like many recent college graduates, however, I entered the workforce unwittingly unprepared. What I did not realize then is that a college degree was the barest minimum requirement—it was only a ticket to get me inside a hiring manager’s office. When I graduated Stevenson University with my Bachelor of Science degree in Computer Information Systems, I lacked something that cybersecurity mangers place a great deal of emphasis upon: a certification.


Spy Car: Hacked Vehicles and Potential Internet of Things Regulation

Sarah Pipes, CIPP, CIPT Posted: 9/22/2015 3:01:00 PM | Category: Security | Permalink | Email this post

The terrifying remote hack of a Jeep on the highway, as reported by Andy Greenberg in Wired magazine , seemingly validates the pervasive, yet vague, fears that many consumers have about the digitalization of our everyday lives. Charlie Miller and Chris Valasek’s demonstration of their ability to control the car’s motor management system, remotely cut the brakes or disable the accelerator, and in certain circumstances, turn the steering wheel, all served as a reality check as to what the future of the Internet of Things might hold.

<< First   < Previous     Page: 1 of 104     Next >   Last >>

 About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.


To volunteer to write a blog or suggest a topic send an email here.