If you are an internal auditor, you can picture this scene because it has probably happened to you. You are at a party or some other social event and the conversation turns to work. Someone asks what you do for a living. “I work in internal audit,” you explain. What is that? You explain as best you can, but not everyone gets it. So you try and make your explanation easier to understand—probably too easy. And then someone says it: “Ah, so it’s like internal affairs...”
Now, I do not know about you, but in every cop show I’ve ever seen, internal affairs are always the bad guys that investigate and get in the way of the good guys, who are busy trying to save the world. Is this really how we are thought of, and if so, how can we change it?
There is no argument that today’s cybersecurity attacks are likely a foreshadowing of more intense and harmful events to come, as seen by the growth of such incidents in the last few years alone. Cyber attackers have both the desire and the means to conduct these offenses, are organized, well supported and use more sophisticated methods.
Intersect this with the fact that our society has become highly dependent on the use of technology and connectivity through things such as mobile devices, Internet of Things (IoT), and demands to share information quickly, the need to protect against cybersecurity attacks is paramount. Couple these scenarios with the ever-increasing threats to critical infrastructure, and the stakes grow exponentially.
To advance cyber education for children and families, CynjaTech and ISACA are partnering to create a new fully guided educational experience that teaches kids and their families about computer science, security and safety.
The collaboration combines ISACA’s industry-leading Cybersecurity Nexus (CSX) curriculum with the successful Cynja comic series inside the CynjaSpace mobile app to offer exciting interactive games and lessons that teach digital survival skills to children.
The vendor risk assessment is the lynchpin of every effective third-party risk management program. In theory, the essential components of an assessment are easily determined. However, in practice, the ability to effectively understand and assess third-party controls usually conflicts with the resources available to perform the assessments, and is further handicapped by the need to rapidly conclude assessments so contracts can be finalized and projects begun.
All too often this results in assessments that are performed based on resource availability and time rather than an appropriate review of required security controls.
Have you heard the story about the foolish farmer’s new horse? The story goes that one day in early spring, a farmer’s horse dies. The farmer needs a horse to pull his plow, so he goes to market to buy a new horse. There he meets a neighbor who says, “I have a promising yearling [adolescent horse] that will be up for sale in a month or two. Why not wait? The yearling will be much stronger and healthier than some old nag you’d buy here.” The farmer agrees.
A few months go by, and on the way to bring the yearling to market, the neighbor tells the (still horseless) farmer, “I have a foal—born just this season—that will be the strongest and healthiest of all my animals. Much stronger than this yearling if you wait a few more months.”
This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.
The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.
Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.
To volunteer to write a blog or suggest a topic send an email here.