ISACA Now Blog


 ‭(Hidden)‬ Admin Links

Knowledge & Insights > ISACA Now

What Capital One Got Right

Gregory J. Touhill, CISM, CISSP, Brigadier General (ret), ISACA board director and president of Cyxtera Federal Group
Posted: 9/20/2019 10:00:00 AM | Category: Security | Permalink | Email this post

Gregory J. TouhillThe massive cyber breach of Capital One, reported in late July, quickly brought a chorus of condemnation of the company from a wide circle of pundits, concerned customers, competitors and potential investors. Lost in the media fray was Capital One’s exceptional incident response.

The facts are impressive when compared to other cyber incidents. Capital One’s cybersecurity team detected the incident within days (as opposed to the industry average of over 100 days before detection.) Critically, the company alerted law enforcement, and collected and analyzed the logs and data that led to an unprecedented rapid identification and apprehension of the perpetrator by law enforcement personnel.


How Company Culture Helps Shape the Risk Landscape

Paul Phillips, CISA, CISM, MBA, Technical Research Manager, ISACA
Posted: 9/19/2019 3:00:00 PM | Category: Risk Management | Permalink | Email this post

Paul PhillipsIn today’s environment, companies all over the globe are experiencing culture risk. Yes, culture indeed has an impact on risk and every company has a unique culture. The key is to understand it, manage it, and leverage it when possible to obtain competitive advantage. Every company is faced with both positive and negative risk – that is, threats and vulnerabilities that could adversely impact the organization, its reputation and stock value, as well as opportunities that could have a positive impact. While there are many factors that impact the risks that a company faces, many times business leaders overlook and underestimate the impact of company culture.


Sizing Up Email Security Protocols

K. Harisaiprasad CISA, APP, Associate Consultant, Mahindra SSG, India
Posted: 9/17/2019 3:01:00 PM | Category: Security | Permalink | Email this post

K. HarisaiprasadGiven the many instances of email security compromises, it has become vital to provide additional security to emails from the domain administrator level. Security protocols such as Domain-Based Message Authentication, Reporting and Conformance (DMARC), Domain Keys Identified Mail (DKIM), Sender Policy Framework (SPF) and Brand Indicators for Message Identification (BIMI) to prevent address spoofing are considered below.


Has GDPR Been a Success So Far?

Posted: 9/16/2019 3:08:00 PM | Category: Privacy | Permalink | Email this post

Laszlo DelleiSince 25 May, 2018, the General Data Protection Regulation (GDPR) has been providing unified rules for data processing, requiring wider protection for the rights and interests of data subjects, and establishing important guidelines around the flow of information in the European Union. One year later, the first “anniversary” of the GDPR offered an exceptional opportunity to assess past achievement and to set goals for the future that were summarized in the communication from the European Commission to the European Parliament titled “Data protection rules as a trust-enabler in the EU and beyond – taking stock.” The report shows that, despite being described as a giant leap to the unknown, measures taken by the relevant stakeholders ensure the success of the new regulation.


Third-Party Vendor Selection: If Done Right, It’s a Win-Win

Ryan Abdel-Megeid, CISA, Director, Internal Audit, AARP
Posted: 9/12/2019 3:04:00 PM | Category: Risk Management | Permalink | Email this post

Ryan Abdel-MegeidThe benefits that can be realized from using third parties to support the delivery of products and services are always part of any good sales pitch by prospective vendors. Often these benefits include reductions in operational spend, scalability, improved delivery time, specialized capabilities, and the availability of proprietary tools or software, all of which equate to a competitive advantage for companies leveraging third-party relationships effectively.

Companies recognize and capitalize on these advantages: A study in 2017 of nearly 400 private and public companies reported that two-thirds of those companies have over 5,000 third-party relationships, according to a report released by the Audit Committee Leadership Network. This staggering statistic illustrates how deeply organizations have come to rely on third parties for everything from back-office activities (payroll, help desk, business continuity infrastructure, etc.) to customer-facing roles (call center, sales and distribution, marketing, etc.). But this heavy reliance also elevates third-party risk management from a “nice to have” capability to a business imperative.

<< First   < Previous     Page: 1 of 243     Next >   Last >>

 About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.


To volunteer to write a blog or suggest a topic send an email here.