ISACA Now Blog


 ‭(Hidden)‬ Admin Links

Knowledge & Insights > ISACA Now

GRC Keynoter Patrick Schwerdtfeger: Endless Insights Within Organizations’ Reach

Posted: 4/23/2019 2:59:00 PM | Category: ISACA | Permalink | Email this post

Patrick SchwerdtfegerEditor’s note: Patrick Schwerdtfeger, closing keynote speaker at the GRC Conference 2019, to take place 12-14 August in Ft. Lauderdale, Florida, USA, is a business futurist specializing in technology topics such as artificial intelligence, blockchain and FinTech. Schwerdtfeger recently visited with ISACA Now to discuss how these and other components of digital transformation will reshape the business landscape going forward. The following is a transcript of the interview, edited for length and clarity:


How to Get Your Employees to Care About Cybersecurity

Larry Alton, Writer,
Posted: 4/22/2019 3:03:00 PM | Category: Security | Permalink | Email this post

Larry AltonWith each highly publicized data breach or cyberattack, it becomes increasingly evident that businesses can’t sit back and hope their security strategy is strong enough to withstand an assault. Something needs to be done sooner rather than later – and you need the support of your employees.

Why employees are hesitant
You can design a thorough, comprehensive cybersecurity strategy that protects your business from all major threats and weaknesses, but all of your efforts are futile without the support and cooperation of your employees. They’re the engines that make the entire operation run. Without them, you’ll find it impossible to execute to the degree that’s necessary to be successful.


The Gap Within the Skills Gap: What Does Cybersecurity Really Need?

Panashe Garande, Cyber Security Recruitment Consultant - Contract/Freelance
Posted: 4/18/2019 2:55:00 PM | Category: Security | Permalink | Email this post

Panashe GarandeI recently took to LinkedIn to air my views on one of the most talked-about topics in the world of tech: the cybersecurity skills gap. The skill gap is often discussed in urgent terms and, given my job as a cybersecurity recruiter, I see how it plays out in practice. But information security is a broad discipline, and I think we need to be more specific when we talk about a “skills gap.” I believe the genuine talent shortage is in hands-on areas, like application security and DevSecOps.

Last year, Forbes released an article stating that the cybersecurity skills gap is an “industry crisis.” As attacks get worse and more commonplace, it noted that companies need cybersecurity professionals more and more. But because of a perfect storm of scarce skills and high demand, security jobs come with a high salary, meaning that businesses not only struggle to find the right people, they have to pay top-dollar to get them.


Why IT Teams Should Avoid Complacency

Ammett Williams, CGEIT, CISSP Telecommunication Team Leader – First Citizens
Posted: 4/17/2019 3:20:00 PM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

Ammett WilliamsWe are in 2019, and have all witnessed the effects of disruptive start-up companies, the growth and stability of the cloud market, the emergence of CI/CD practices and the simple need for agility. Inversely, there are organizations where none of what I mentioned is happening.

There are times when companies become good at what they do, and they become comfortable. With that comfort comes something that leaders and employee may choose to ignore. What is that? Well, to put it mildly, that thing would be the need for change. A provocative question to yourself would be: If I am doing my job properly and getting good results, do I need to change? Some may argue, “No,” and some may argue, “Yes.” From an IT point of view, the question becomes even more complex. This is especially the case when IT has taken on a supportive operational role within an organization, and by doing so, becomes expert at what they do, but finds that innovation is lost and resistance to change grows larger.


The Challenge of Assessing Security for Building Automation Systems

Mario Navarro Palos, CISM, CISA, CISSP, C|CISO, OSCE, CEH, Information Security Officer, Portland State University
Posted: 4/16/2019 3:05:00 PM | Category: Audit-Assurance | Permalink | Email this post

Mario Navarro PalosBuilding automation systems (BAS) have many characteristics that differ from traditional information processing systems, including different risks and priorities. Furthermore, these types of automation systems are subject to different performance and reliability requirements, and often employ operating systems, applications and configurations that may be considered unusual IT practices.

BAS frequently encompass any electrical component or device that is used to control a building by managing security, safety and utility services, such as physical access, HVAC, heating, alarms, and lighting, among other electrical and mechanical controllers that automate the buildings.

<< First   < Previous     Page: 1 of 226     Next >   Last >>

 About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.


To volunteer to write a blog or suggest a topic send an email here.