ISACA Journal Blog

 ‭(Hidden)‬ Admin Links

ISACA > Journal > Practically Speaking Blog

Leveraging SOC Use Cases

Aleksandr Kuznetcov, CISM, MVP Posted: 5/17/2018 3:17:00 PM | Category: Security | Permalink | Email this post

The majority of modern organizations have embarked on the path security operations centers (SOCs) are building. Today, the SOC is not a modern trend; it is a forced restructuring and reorganizing of existing information security or cybersecurity departments. An SOC is a set of staff, processes, technologies and facilities that are primarily focused on identification (detection) and response to cybersecurity incidents, which arise as a result of cybersecurity threat realizations.

From the management point of view, a use case within SOCs is a mechanism for consistent selection and implementation of cybersecurity incident detection scenario rules, tools and response tasks. From the practical (technical) point of view, a use case is a specific condition or event (usually related to a specific threat) to be detected or reported by the security tool.


How Blockchain Technology Will Revolutionize the Global Workforce and Education System

James Massaquoi, MOS Excel, MOS PowerPoint Posted: 5/7/2018 3:03:00 PM | Category: | Permalink | Email this post

James MassaquoiBy 2020, about 40% of the US workforce will be temporary workers. The median tenure of workers age 25 to 34 is 2.8 years. The average working American changes their job 10 to 15 times during the lifetime of their career. When was the last time you spoke to someone who has been with their employer for more than 10 years? We are witnessing the death of workplace loyalty. No one, unless they helped create it, stays with their current employer in the long term. With a US unemployment rate of 4.1% and a global unemployment rate of 5.78%, the demand for professionals in most fields is sky high, giving workers the economic freedom to jump from job to job without fear. We are in the golden age of choice.


Security of Currencies

Vijayavanitha Sankarapandian, CISA, CIA Posted: 4/23/2018 3:08:00 PM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

Vijayavanitha SankarapandianRecently, the world has seen more leaders win elections based on promises to fight against  corruption in their countries . This shows how eager people are to weed out corruption, terror funding, illegal transactions and to bring transparency to every sphere of human life. People want reform and, if given an opportunity by the government to participate in the process of governance of currencies, both the people and the government will benefit.

The 3 main components in the implementation of the e-governance of currencies are encrypted Quick Response (QR) code printing on currencies, endpoint devices handling currencies and the backend system of the central bank.


Performing Cyberinsurance “CPR”

Posted: 4/16/2018 3:03:00 PM | Category: Risk Management | Permalink | Email this post

Indrajit AtluriCyberinsurance and data privacy will garner more focus for the remainder of 2018 and beyond. The impending “Equifax effect,” which most of us anticipated, was put forth in late February 2018 by the US Securities and Exchange Commission (SEC) in the form of guidance that states that public companies should inform investors about cybersecurity risk even if they have never succumbed to a cyberattack. The guidance also emphasizes that companies should publicly disclose breaches in a timely manner.

This development perfectly aligns with the (cyber)consumers, providers and regulators (CPR) cycle (see figure 1) I propose in my recent Journal article, which basically necessitates participation from 3 key players—cyberinsurance providers, consumers and regulators. This conglomerative effort not only improves addressing and estimating cybersecurity risk from an insurance coverage perspective but also minimizes cataclysmic breaches. Providers need to be able to identify the right amount of cyberrisk that they are willing to undertake to provide ideal pricing for the coverage. This, in turn, depends on the consumers themselves to quantitatively know how much risk they own.


IT Innovation Governance: From International Policy to Company Oversight

Guy Pearce Posted: 4/9/2018 3:07:00 PM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

“Governance” and “innovation” are terms of such global importance today that an innovation governance event billed as “the first global leadership roundtable centered on issues at the intersection of [artificial intelligence] innovation and governance” was hosted in Belgium in March. No less than the country’s deputy prime minister cohosted the event.

Few can forget Elon Musk’s comments at the Massachusetts Institute of Technology (Massachusetts, USA) as quoted by The Guardian on 27 October 2014:  “I’m increasingly inclined to think that there should be some regulatory oversight, maybe at the national and international level, just to make sure that we don’t do something very foolish.” USA Today reported cosmologist Stephen Hawking saying that artificial intelligence (AI) could prove to be “the worst event in the history of civilization” on 2 January 2018. The source reminds us that Facebook’s Mark Zuckerberg poo-pooed these warnings. The summit’s participants, however, recognize that there is a potential issue and, therefore, aim to begin the conversation of AI innovation governance at a global policy level.

<< First   < Previous     Page: 1 of 79     Next >   Last >>