journal header

Volume 2, 2019

This Week's Online-Exclusive Feature

Conducting User Activity Monitoring Using Existing IT Infrastructure

Conducting User Activity Monitoring Using Existing IT Infrastructure
6 March 2019
Max Alexander

The term “insider threat” has become commonplace in the lexicon of chief information security officers (CISOs). Events such as the spygate at Tesla, where a former employee “export[ed] large amounts of highly sensitive Tesla data to unknown third parties,” or the arrest of a “senior [US]Treasury Department employee charged with leaking to media about suspicious financial activity reports” have demonstrated that no organization is immune to these devastating breaches of trust, and that organizations need to establish a user activity monitoring (UAM) program to alert them to suspicious activity.

Many CISOs recognize the need to do something and the question is where to start. Many envision that their insider threat problem will be solved with the purchase of an automated tool that monitors their users’ activity, alerts them to potential problems and serves as a panacea for their woes. Unfortunately, this is not at all the case, as, with the purchase of any tool or control, without proper governance, planning, support and oversight, the project will fail to achieve its objectives, leaving the CISO to explain the wasted expense on a costly solution. Read More >>

Indicates Online-Exclusive Content



Podcast  New!
ISACA Journal Volume 1 Podcast

The Road to GDPR Compliance

View More Podcasts >>

This Week's Featured Blog

How to Ensure Data Privacy and Protection Through Ecosystem Integration
25 February 2019
Dave Brunswick

My recent ISACA Journal article, “Data Privacy, Data Protection and the Importance of Integration for GDPR Compliance,” describes how the movement and processing of personal data, along with the procedures around those workflows, are central to General Data Protection Regulation (GDPR) compliance. Here are actionable steps enterprises can take to implement a modern integration strategy that ensures both data protection and data privacy.

Ensure Data Protection
The keys to ensuring enterprise data protection through a combination of tools and policy include:

  • PGP encryption—Apply Pretty Good Privacy (PGP) encryption standards for data in motion and data at rest, and control the keys.

Read More >>

Indicates Online-Exclusive Content



What's New for Nonmembers

IS Audit Basics Articles

Auditing Cybersecurity

Assurance Considerations for Ongoing GDPR Conformance

Affect What Is Next Now

Auditing the IoT

Add Value to What Is Valued

Auditing Data Privacy


Full Journal Issues

Volume 2, 2018 Innovation Governance

Volume 1, 2018 The Future of Data Protection

Volume 6, 2017 Transforming Data

Volume 5, 2017 Enabling the Speed of Business

Volume 4, 2017 Mobile Workforce

Volume 3, 2017 The Internet of Things

Sponsored Feature Articles

Why Security Product Investments Are Not Working

Why Attackers Are Turning Their Attention Toward ERP Applications

Innovating Internal Audit to Unlock Value

Centralized, Model-Driven Visibility Key to IT-OT Security Management

The AICPA’s New Cybersecurity Attestation Reporting Framework Will Benefit a Variety of Key Stakeholders

Indicators of Exposure and Attack Surface Visualization