ISACA Digital Videos

CMMI Tech Talk: Technical Solution (TS): Practice Area Overview

This CMMI Tech Talk is intended to be an overview of the CMMI Model Practice Area Technical Solution (TS).

CMMI Tech Talk: Model Deep Dive: Requirements Development and Management (RDM)

This is intended to be a CMMI Model Deep Dive into the Requirements Development and Management (RDM)Practice Area as it relates to interpreting practices in an agile Approach.

CMMI Tech Talk: Requirements Development and Management (RDM): Practice Area Overview

This CMMI Tech Talk is intended to be an overview of the Requirements Development and Management (RDM) Practice Area.

CMMI Tech Talk: Governance (GOV): Practice Area Overview

This is intended to be a 2-part CMMI Tech Talk on CMMI Practice Area Governance (GOV). Related Tech Talk- CMMI Tech Talk: CMMI Model Deep Dive: Governance (GOV) and Implementation Infrastructure (II): High Maturity Practices.

CMMI Tech Talk: Managing Performance and Measurement (MPM): Practice Area Overview

This is intended to be a 2-part CMMI Tech Talk on CMMI Practice Area Managing Performance and Measurement (MPM). Related Tech Talk- CMMI Tech Talk: CMMI Model Deep Dive: Managing Performance and Measurement (MPM) High Maturity Practices.

CMMI Tech Talk: Model Deep Dive: Managing Performance & Measurement (MPM) High Maturity Practices

This is intended to be a part 2 of the CMMI Tech Talk series on CMMI Practice Area Managing Performance and Measurement (MPM) containing High Maturity practices. Related Tech Talk- CMMI Tech Talk: Managing Performance and Measurement (MPM): Practice Area Overview.

CMMI Tech Talk-CMMI Model Deep Dive-Process Management (PCM) 4.1

This is intended to part 2 of CMMI Tech Talk series on CMMI Practice Area Process Management (PCM) that includes 4.1. Related Tech Talk- CMMI Tech Talk: Process Management (PCM) Practice Area Overview.

CMMI Tech Talk-CMMI Model Deep Dive-Planning (PLAN) 4.1

This is intended to be Part 2 of the CMMI Tech Talk series on CMMI Practice Area Planning (PLAN) that includes 4.1. Related CMMI Tech Talk-CMMI Tech Talk: Planning (PLAN) Practice Area Overview.

CMMI Tech Talk-Causal Analysis and Resolution (CAR) Practice Area Overview

This is intended to be a 2-part CMMI Tech Talk on CMMI Practice Area Causal Analysis and Resolution (CAR). Related Tech Talk- CMMI Tech Talk: CMMI Model Deep Dive: Causal Analysis and Resolution (CAR) High Maturity Practices.

Data-Driven Confidence: Elevating Enterprise Value with CMMI Data

In the age of AI & other technological advancements, data is no longer just an asset—it’s the foundation of trust, intelligence, and innovation. Join us for an engaging webinar on CMMI Data, a powerful framework that helps enterprises benchmark and mature their data management practices. Discover how structured data governance, quality assurance, and lifecycle management are pivotal to unlocking the full potential of business & AI interventions.

Building Cyber Resilience in a Digitally-Driven World

Is your leadership aligned to secure trust, continuity, and competitive advantage in a digital-first world? In today’s hyper-connected business landscape, cybersecurity is a strategic differentiator! As digital ecosystems expand, so do the risks. From ransomware to insider threats, any organization can be put to the test! See how CMMI Security can help organizations build, assess, enhance and assure their security posture vis a vis operational security, solution security and supply chain security.

People First – CMMI’s Blueprint for Workforce Excellence

People are the key factor for any organization’s success and sustained business growth. CMMI People provides a structured approach for development and improvement of workforce practices. This session will provide directions around leveraging the best practices for systematic workforce transformation based on CMMI People covering topics such as talent management, talent competency development, mentoring, talent motivation, empowerment, and continuous training towards business goals & strategy driving towards continuous improvement.

ISACA Advanced in AI Security Management (AAISM) Certification Insights

Learn why experienced IT professionals should explore the AAISM certification - why to take it, how to study, and when you know you're ready to pass the exam. A next step for CISM or CISSP certified professionals who want to manage evolving security risks related to artificial intelligence, implement policy, and ensure its responsible and effective use across their organizations.

Las Vegas: Bet on Innovation. Double Down on Connection

Get ready—ISACA’s 2026 North America Conference is coming to Las Vegas! 🎉 Join global leaders, innovators, and changemakers for three unforgettable days of learning, connection, and inspiration—6–8 May 2026 at the Paris Las Vegas Hotel & Casino. ✨ Dive into powerful sessions. 🎤 Hear from visionary speakers. 🤝 Connect with peers from around the world. 💡 Leave inspired, informed, and ready to lead the future of digital trust. Be the first to get updates on speakers, sessions, and early-bird discounts! 👉 Sign up for conference updates #isaca #ISACANA2026 #CyberSecurity #ITAudit #TechLeadership #DigitalTrust #ISACAConference #LasVegas

What Are the Top AI Challenges? ISACA Members Weigh In

ISACA members and AI experts share what is top of mind for them as AI becomes increasingly prevalent in the digital trust fields.

London 2025: Building Connections, Expanding Insights

Save the Date: 15–17 October 2025 Join us in iconic London for the ISACA 2025 European Conference—your destination for premier IS/IT learning, connection, and growth. This immersive 2.5-day experience brings together global professionals, trailblazing speakers, and leading thinkers in information systems, cybersecurity, and digital trust. Whether you’re looking to sharpen your skills, explore future-focused tech, or expand your professional network, this conference is designed to elevate every aspect of your career. What You’ll Experience: World-Class Content: Dive into sessions and workshops led by experts at the forefront of IS/IT innovation. Unmatched Networking: Connect with peers and pioneers from across Europe and beyond. Career Advancement: Gain insights and knowledge to help you grow, lead, and thrive in a rapidly evolving digital world. Set against the backdrop of one of the world’s most dynamic cities, ISACA’s 2025 European Conference offers the perfect blend of inspiration, education, and connection. Dates: 15–17 October 2025 Location: London, United Kingdom

ISACA CommunITy Day 2025

Visit the CommunITy Day page on Engage to find an opportunity, either in-person or virtually, with your chapter or with our global community. It’s an incredible experience, and we hope you’ll join us on Saturday, 4 October!

How AI is Impacting the Audit Profession

ISACA experts share tips and insights on how auditors can best position themselves for success as AI creates new challenges and opportunities in the profession.

Cyberrisk Quantification: Strengthening Financial Resilience

In this episode of the ISACA Podcast, Lisa Cook speaks with Yakir Golan, CEO and Co-Founder of Kovrr, about the importance of Cyberrisk Quantification (CRQ) in strengthening organizational financial resilience. They explore how CRQ enables leaders to objectively assess cybersecurity posture, align risk mitigation with business goals, and translate cyberrisk into monetary terms to support strategic decision-making and maintain shareholder confidence. Listen and subscribe via the ISACA Podcast Library or your favorite podcast platform.

Securing Desktops and Data from Ransomware Attacks

Ransomware remains one of the most formidable cybersecurity threats facing organizations worldwide. In this episode of the ISACA Podcast, host Chris McGowan speaks with Netwrix endpoint protection expert Jeremy Moskowitz, who explains how ransomware infiltrates and cripples desktop environments. He breaks down the tactics cybercriminals use to exploit social engineering and system misconfigurations to gain unauthorized access, offering actionable insights on the most effective prevention and mitigation strategies.

CMMI Tech Talk: Continuity (CONT) Practice Area Overview

Review of the Continuity (CONT) Practice Area. We will discuss the intent of this Practice Area and look at what value it can provide to an organization, as well as look at the individual practices to see how they can be used to help protect the organization and minimize disruption caused by catastrophic events.

CMMI Tech Talk: Process Quality Assurance (PQA) Practice Area Overview

Review of the Process Quality Assurance (PQA) Practice Area. We will discuss the intent of this Practice Area and look at what value it can provide to an organization, as well as looking at the individual practices to see how they can be used to improve the quality of an organization’s processes.

CMMI Tech Talk: Risk and Opportunity Management (RSK) Practice Area Overview

Review of the Risk and Opportunity Management (RSK) Practice Area. We will discuss the intent of this Practice Area and look at what value it can provide to an organization, as well as look at the individual practices to see how they can be used to improve an organization’s approach to managing uncertainty.

CMMI Tech Talk: Process Management (PCM) Practice Area Overview

Review of the Process Management (PCM) Practice Area, specifically practice group levels 1-3. Process Management (PCM) provides the management practices which ensure processes are implemented and maintained in such a manner as to support the business objectives of the organization. An additional review of High Maturity in PCM can be found in our CMMI Tech Talk Deep Dives.

CMMI Tech Talk: CMMI Model Deep Dive: Causal Analysis Resolution (CAR) High Maturity

Review of the Causal Analysis and Resolution Practice Area (CAR) with attention to the Level 4 and 5 practices and discuss the High Maturity aspects of this important Practice Area. For more information on CAR Levels 1-3, please see additional CMMI Tech Talks.

CMMI Tech Talk: Organizational Training (OT) Practice Area Overview

Review of the Organizational Training (OT) Practice Area. We will discuss the intent of this Practice Area and look at what value it can provide to an organization, as well as looking at the individual practices to see how they can be used to build up the knowledge and skills that an organization needs to meet its business objectives and deliver its products and services effectively.

CMMI Tech Talk: Estimating (EST) Practice Area Overview

Review of the Estimating (EST) Practice Area. We will discuss the intent of this Practice Area and look at what value it can provide to an organization, as well as looking at the individual practices to see how they can be used to help plan and build commitments to solutions that will meet our customers’ needs.

CMMI Tech Talk: Process Asset Development (PAD) Practice Area Overview

Review of the Process Asset Development (PAD) Practice Area. We will discuss the intent of this Practice Area and look at what value it can provide to an organization, as well as look at the individual practices to see how they can be used to build the process assets an organization needs to operate effectively.

CMMI Tech Talk: CMMI Appraisal Planning Considerations: Schedule and Scope

In this CMMI Tech Talk we will discuss two critical areas of the Appraisal planning process: the Schedule and Scope of the Appraisal.

CMMI Tech Talk: CMMI and SAFe®

Welcome to this CMMI Tech Talk where we are beginning to explore how CMMI works with other frameworks including SAFe. Including Graphic needed for Tech Talk

CMMI Tech Talk: Verification and Validation (VV) Practice Area Overview

Today we are going to have a look at the Verification and Validation (VV) Practice Area. We shall discuss the intent of this Practice Area and look at what value it can provide to an organization, as well as looking at the individual practices to see how they can be used to improve the quality of an organization’s solutions, products or services.

ISACA Scholarship 2024 Recap: $1M Awarded to 500 Recipients

Watch the 2024 ISACA Scholarship recap as we celebrate supporting over 500 students and $1 million awarded! A big thank you to our partners for making this possible. See the faces of those impacted and the difference we're making together.

Progress Report: Women Growing Influence in Tech Workforce

ISACA’s Tech Workplace and Culture Report spotlights where progress has been made and where disparities and obstacles continue to exist.

ISACA Foundation: Building the Future of Digital Trust

By building pathways and pipelines into digital trust careers for the under-represented, we can make real progress in bridging the workforce gap. One In Tech works globally with ISACA chapters, enterprises, and key stakeholders to remove barriers by providing scholarships, resources, and tools that will change the face of digital trust.

Building Digital Trust: Collaboration Between ISACA Netherlands and the Online Trust Coalition (OTC)

In an exclusive interview, Chris Dimitriadis, ISACA’s Chief Global Strategy Officer, moderates an insightful discussion on how ISACA Netherlands and the Online Trust Coalition (OTC) are working together to enhance digital trust. Featuring Tom Vreeburg, Michiel Steltman, and Dwayne Valkenburg, the panel dives into OTC’s mission to streamline regulatory compliance, ISACA’s advocacy for industry standards, and the innovative solutions being implemented to strengthen IT governance. Key highlights include: · OTC’s three-pillar framework for building trust in online services. · The role of standardization and harmonization in managing IT compliance. · A five-step management cycle for IT governance developed in alignment with regulatory requirements like NIS2 and DORA. · Collaborative efforts, such as the Holistic Data Framework, designed to identify and address overlaps in regulatory mandates. This discussion provides actionable insights into fostering a trusted and resilient digital environment.

Certified Cybersecurity Operations Analyst

Introducing ISACA’s newest certification, Certified Cybersecurity Operations Analyst (CCOA). Tailored for analysts with 2-3 years of experience, CCOA focuses on the technical skills needed to evaluate threats, identify vulnerabilities, and recommend countermeasures to prevent cyber incidents.

Cybersecurity Predictions for 2025

The prevalence of ransomware and the security concerns associated with AI have made the role of cybersecurity professionals vital for enterprise success. The complex security landscape can make cybersecurity jobs stressful, but enterprises can take steps to retain cybersecurity talent and ensure enterprise assets are protected. In this podcast, Justin Rende, founder and CEO at Rhymetec, shares insight on the top concerns for cybersecurity professionals, the most in-demand skills, and the impact of AI on cybersecurity.

ISACA: A Partner Throughout the Career Journey

ISACA members share how ISACA has been a valued career catalyst for them in different ways as their careers have evolved.

ISACA Member-Exclusive Leadership Series: Leading From Where You Are with Ginny Clarke

Hear from conscious leadership expert, former executive recruiter, and entrepreneur Ginny Clarke about her upcoming Member-Exclusive Leadership Series event "Leading From Where You Are" on 22 January at 11 am CT. Operating inside of, and with, highly competitive and complex organizations, Ginny Clarke had to develop her own principles to be and remain a strong and effective leader, while maintaining her physical, mental, and emotional health.

Safely and Responsibly Using Emerging Health Technology

Emerging healthcare technologies have the potential to revolutionize healthcare and accessibility-related concerns, but these advancements are not without risk. To maximize the value and minimize the harms associated with emerging health technologies, it is critical to address ethical, privacy, and societal concerns to ensure that these technologies help rather than hurt humanity. In this ISACA Podcast, join Safia Kazi and Collin Bedder as they explore the applications and risks associated with emerging healthcare technologies.

ISACA Podcast | Jon Brandt & Chase Cunningham

Given the dynamic nature of cyberthreats and the ever-expanding digital ecosystem, authentication is more critical than ever. In this episode, ISACA director of professional practices and innovation discusses a new content piece titled, "Examining Authentication in the Deepfake Era" with author Dr. Chase Cunningham. Their conversation of the paper explores the evolution, current state, and future trajectory of authentication technologies.

ISACA Live | Ask a Cybersecurity Recruiter

Get ISACA's latest stats on the cybersecurity job market and hear cybersecurity recruiter Jeff Combs answer your burning questions on how to best position yourself to land your dream job, whether you're new to the field or a seasoned professional.

ISACA Europe Conference Interview with ISACA Germany Chapter Scholarship Recipient: Somaye Hoseinpur

Join us for an inspiring interview with Somaye Hoseinpur, the ISACA Germany Chapter Scholarship recipient, at the ISACA Europe Conference. Somaye shares her journey into cybersecurity and machine learning, the impact of the ISACA scholarship on her career, and valuable advice for professionals. Learn how this opportunity shaped her professional path and get insights into the benefits of the ISACA community for aspiring tech leaders. Don’t forget to like, share, and subscribe for more interviews and stories from ISACA Foundation scholars!

Empowering Future Tech Leaders: ISACA Foundation Scholarship Program

Discover how the ISACA Foundation Scholarship Program is opening doors for the next generation of tech professionals! Through scholarships and financial support, ISACA is helping students and aspiring professionals from diverse backgrounds gain access to education and career opportunities in the high-demand fields of tech. Learn more about how you can apply or support the program today: https://www.isaca.org/about-us/isaca-foundation#scholarships

Addressing SAP Security Gaps

SAP systems are treated differently than many other enterprise applications from a cybersecurity perspective. Most SAP security teams are siloed and left to meet security objectives on their own. Since SAP is so integral to organizations, it is unusual for SAP security objectives to not be on the radar of an existing 24/7 cybersecurity team executing response actions for Linux or Microsoft environments. SAP teams must be integrated with other cybersecurity groups within an organization to empower them with a security approach that unifies the entire enterprise landscape. A chief information security officer (CISO) has many priorities, but when it comes to SAP environments, CISOs must fully understand how SAP applies to the IT enterprise and organizational environment to help them achieve all security goals. In addition, CISOs need to know their SAP team members personally so they can integrate them rather than contain them in silos. Finally, SAP must be secured to the same degree as other enterprise applications. When there is a Linux, Microsoft, or even a hybrid cloud incident, cybersecurity teams have a detailed plan of action upon which they are ready to act. SAP requires high-level consideration, or critical elements of the business will be vulnerable to malicious cyber actors—with no apparent response.

Mid-Year Privacy Check-In: Key Updates and Insights for 2024 and Beyond

Join three privacy experts who discuss the latest developments in data privacy and protection, as well as their relevant operationalization considerations and risks.

Mid-Year Privacy Check-In: Key Updates and Insights for 2024 and Beyond

Join three privacy experts who discuss the latest developments in data privacy and protection, as well as their relevant operationalization considerations and risks.

Orlando 2025: Building Connections Expanding Insights

Mark Your Calendars: May 2025 Welcome to the official channel for the ISACA 2025 North America Conference , taking place in sunny Orlando, Florida! 🌟 This year’s conference is set to be our most exciting and innovative event yet. Join industry leaders, tech enthusiasts, and professionals from around the globe for an unforgettable experience filled with cutting-edge presentations, hands-on workshops, and unparalleled networking opportunities. What to Expect: 🌐 Keynote Speakers: Hear from visionary thought leaders and pioneers in technology. 🛠️ Workshops & Panels: Participate in interactive sessions on AI, cybersecurity, blockchain, and more. 🚀 Exhibition Hall: Explore the latest products and services from top tech companies. 🤝 Networking Events: Connect with peers, potential partners, and industry experts. Whether you’re looking to gain new skills, discover the latest tech trends, or simply be inspired, this conference has something for everyone. Location: Orlando, Florida Dates: May 21-23 2025 Venue: Loews Sapphire Falls Resort.

CMMI Helps Organizations Operate Better

Learn how CMMI is another instrument in the toolbox that helps organizations operate more effectively and efficiently to deliver better product to their customers.

AI Innovations

Artificial intelligence (AI) not only impacts how enterprises do business, but also significantly impacts society as a whole. Emerging AI technologies will cause disruptions in how we perform daily functions, including managing data and other company assets. While in this burgeoning phase of AI, companies are relying on IT professionals in the audit, risk, and security space to provide guidance regarding what safeguards to put in place to protect their assets while taking advantage of the efficiencies the technology brings to everyday functions. Get some tips in this video!

Unlocking Careers: Inside the Digital Trust Workforce Inclusion Program

ISACA’s Digital Trust Workforce Inclusion Program is designed to bridge the skills gap, create opportunities for underrepresented and economically disadvantaged communities, and ensure a diverse and inclusive digital workforce. Read more: https://www.isaca.org/campaigns/digital-trust-workforce-inclusion-program

ISACA 2025 Virtual Conference

Save the Date for the ISACA 2025 Virtual Conference, 18-20 February!

CMMI Tech Talk: CMMI Model Deep Dive: Supplier Agreement Management (SAM) 4.1

This is intended to be a 2-part series reviewing the CMMI Practice Area: Supplier Agreement Management (SAM). Related CMMI Tech Talk- CMMI Tech Talk: Supplier Agreement Management (SAM) Practice Area Overview

CMMI Tech Talk: Model Deep Dive: Workforce Empowerment (WE) Practice Area

A deeper look into one of the new Practice Areas in the CMMI Model, Workforce Empowerment (WE) https://www.isaca.org/cmmi

CMMI Tech Talk: Managing Security Threats and Vulnerabilities (MST) Practice Area Overview

This is intended to be a 2-part CMMI Tech Talk on CMMI Practice Area Managing Security Threats and Vulnerabilities (MST). Related Tech Talk- CMMI Tech Talk: CMMI Model Deep Dive: Managing Security Threats and Vulnerabilities (MST) 4.1.

Future-proof your organization with CMMI: PeopleTec’s story

Hear how PeopleTec first chose CMMI to create a solid process and infrastructure foundation. They saw clear ROI and a competitive advantage and decided to go further by working toward achieving CMMI Maturity Level 5 to increase predictability and planning for the future. Watch the video to hear about their CMMI journey!

The Consequences of Not Prioritizing Trust

The Digital Trust Ecosystem Framework (DTEF) was created and developed in response to the need to consider interactions, transactions, relationships, and how trust manifests in a digital environment in order to achieve business benefits. One major negative newsworthy event, significant outage, or improper transaction can change the way stakeholders trust an organization. The harm or potential risks from the lack of digital trust should be recognized. What are some key consequences of not considering your digital trust? This video outlines 10 of them.

DTEF and AI

Artificial intelligence (AI) is a key extension of digital transformation and has become a household term. Organizations are facing a new data ecosystem that must be met with strong, proactive governance, which is why the Digital Trust Ecosystem Framework (DTEF) can be a key enabler in embedding and supporting trust when it comes to interacting with your customers and consumers. AI will require careful thought about how to balance the advances in innovation with the potential impact on privacy, security, and, most of all, trust. This is why the DTEF framework is a crucial tool in your enterprise’s tool kit.

A Privacy View of the Digital Trust Ecosystem Framework (DTEF)

It can be incredibly challenging for organizations to balance the need for customer data to drive business decisions and the need to respect customers’ privacy. The good news is that ISACA’s Digital Trust Ecosystem Framework (DTEF) can help. Learn how DTEF can be a powerful resource to help ensure privacy is embedded throughout the enterprise and works to build trust and support the organization’s objectives

Five Business Challenges the Digital Trust Ecosystem Framework (DTEF) helps you navigate

ISACA’s Digital Trust Ecosystem Framework (DTEF) gives organizations the good practices and direction they need to integrate digital trust across the organization to boost competitiveness and reputation. This video features five examples of specific ways DTEF can benefit your organization, from reducing costs to strengthening customer loyalty.

When You Need COBIT and When You Need DTEF (and Why You Need Both)

ISACA’s Digital Trust Ecosystem Framework (DTEF) is new to the scene, but ISACA has long been a respected leader when it comes to developing impactful industry frameworks such as COBIT. COBIT and DTEF are highly complementary (by design), and each supports enterprise business needs. So, if you are using COBIT already, why do you need DTEF? COBIT and DTEF together give organizations an unmatched opportunity to be more secure, more resilient, and more trustworthy than their competitors. Learn how.

ISACA CommunITy Day 2024

Visit the CommunITy Day page on Engage to find an opportunity, either in-person or virtually, with your chapter or with our global community. It’s an incredible experience, and we hope you’ll join us on 5 October! https://engage.isaca.org/events/communityday

What Enterprises Need to Know About ChatGPT and Cybersecurity

Many people are pondering whether generative artificial intelligence (AI) tool ChatGPT is a friend or a foe. In this ISACA Podcast episode, Camelot Secure Director of Solutions Engineering Zachary Folks discusses not only his view of how ChatGPT can be considered an evolution of the encyclopedia, but importantly how it is aiding cybersecurity professionals and the overall goal of enterprise security, as well as how cybercriminals who want to exploit it can leverage it as well. He believes the world is entering a time when AI is fighting AI, and security professionals must focus on feeding ChatGPT technology more relevant data faster than the adversary. Folk also addresses how AI is affecting social engineering and his predictions for upcoming AI developments. For more ISACA Podcasts go to https://www.isaca.org/resources/news-and-trends/isaca-podcast-library

Leading the Way: An Introduction to Our ISACA Foundation Board of Directors

Meet the ISACA Foundation’s Board of Directors! These visionary leaders guide our foundation with their extensive expertise, diverse backgrounds, and unwavering commitment to excellence. Get to know the individuals who drive our strategic direction and uphold our core values. Learn more about our Board: https://www.isaca.org/about-us/isaca-foundation#leadership

ISACA Live | GRC Keynote Speaker: Justin Forsett

Justin Forsett

ISACA Live | GRC Keynote Speaker: Zack Kass

Zack Kass

ISACA Live: GRC Keynote: Rachel Wilson

Rachel Wilson

The Cyber Standard Podcast | Episode 4

Welcome to Episode 4 of "The Cyber Standard Podcast"! Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the world of cybersecurity standardization. In this episode, titled "Becoming a License Body," Ameet is joined by esteemed guests Bryan Lillie, Strategic Technical Lead at the UK Cyber Security Council, and Peter Leitch, Co-Founder and Managing Partner at ANSEC. Together, they explore the intricacies of licensed bodies in shaping the cyber profession. Don't miss this insightful conversation! Explore Further: Delve deeper into the subject with additional resources provided in the episode description. https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme

Shape Your Future: ISACA Foundation's Scholarship & Workforce Inclusion Opportunities

CMMI Tech Talk: Strategic Service Management (STSM) Practice Area Overview

In this Tech Talk, we are going to look at the Strategic Service Management (STSM) Practice Area, one of four Practice Areas in the Services Domain. We will discuss the intent of this practice area and look at what value it can provide to an organization, as well as looking at the individual practices to see how they can be used to manage and maintain standard services that are aligned to our strategic business needs.

CMMI Tech Talk: Enabling Safety (ESAF) Practice Area Overview

This CMMI Tech Talk in our series of Practice Area deep dives provides a brief overview of the ‘Enabling Safety (ESAF) ’ Practice Area –the sole practice area in the Safety Domain

ISACA Live: The AI Reality--Where We Are Now and Where We Need to Be

ISACA's Karen Heslop and Jon Brandt share the results of ISACA's 2024 AI Pulse Poll, including where organizations are now in terms of policy, training, ethics and more--and where they need to be. Get the survey results, see how your organization compares, and learn about the resources ISACA has to help you navigate your future in an AI world.

ISACA Live | 2024 North America Conference Preview with Aadeel Akhtar

Aadeel Akhtar, PhD, CEO and Founder of PSYONIC, a company developing advanced bionic limbs that are accessible to humans and robots, will speak at ISACA 2024 North America Conference on Friday, 10 May, hosted both in Phoenix, AZ, and virtually. Aadeel speaks to ISACA's Paul Phillips about the upcoming conference, how AI is revolutionizing prosthetics, and the risks of integrating AI and robotics into healthcare.

The ISACA Foundation is Unlocking Potential: See How Your Donation Makes a Difference

Meet the people of the ISACA Foundation – our leadership, scholarship recipients, and program participants and instructors! Learn more about the foundation’s programs: https://www.isaca.org/about-us/isaca-foundation And please consider donating to support students pursuing IT audit and cybersecurity degrees: https://www.isaca.org/about-us/isaca-foundation#donate.

The ISACA Foundation is Unlocking Potential: See How Your Donation Makes a Difference

CMMI Tech Talk: Virtual Appraisal Delivery Risks

In this Tech Talk we will begin looking at Virtual Appraisal Delivery risks. We will review the risks involved with virtual delivery and how to overcome those during an appraisal.

CMMI Tech Talk: CMMI Model Deep Dive: Supplier Agreement Management (SAM)

In this Tech Talk, we will examine these additions to Supplier Agreement Management (SAM) and highlight some of the existing content in SAM that is highly important focusing on Practice Group Levels 1-3 for this tech talk.

Exploring CISA Motivations

CISA-certified professionals share what motivated them to pursue ISACA’s CISA credential.

Benefits of Obtaining Your CISA

From meeting job requirements to more pay to increased standing in their careers, CISA-holders detail some of the benefits they have gained from earning the CISA.

Tips on Preparing for Your ISACA Certification

ISACA-certified professionals offer tips of how certification candidates can position themselves for success on exam day.

CMMI Tech Talk: Service Delivery Management (SDM) Practice Area Overview

In this Tech Talk, we are going to 4 look at the Service Delivery Management (SDM) Practice Area, one of four Practice Areas in the Services Domain. We shall discuss the intent of this Practice Area and look at what value it can provide to an organization, as well as looking at the individual practices to see how they can be used to improve an organization’s approach to delivering services to its customers.

CMMI Tech Talk: Enabling Security (ESEC) Practice Area Overview

In this video, we shall discuss the intent of this Practice Area and examine its potential value to an organization. We will also examine the individual practices to see how they can improve an organization’s security processes.

CMMI Tech Talk: Using the CMMI Model Viewer

Learn how to use the CMMI Model Viewer

Discover the Value of an ISACA Membership

Watch as members share how ISACA’s member-exclusive benefits have helped put them on the fast track to a more rewarding career.

Unlocking Strategic Value from a Bug Bounty Program

Are you curious about how to maximize the strategic value and impact of your bug bounty program? In this episode, you can learn how Adobe continuously develops and improves its bounty program to engage security researchers and hackers globally and improve its security posture from an adversary perspective. In this ISACA Podcast, Chris McGown, ISACA's Information Security Professional Practices Principal, chats with Alex Stan, Product Security Engineer and member of the Product Security Incident Response Team (PSIRT), discusses the value of bug bounty programs and shares how you can develop a metrics-driven approach to enhance the internal security testing and detection capabilities of your organization. Explore Further: Delve deeper into the subject with additional resources https://blog.developer.adobe.com/adobe-announces-researcher-hall-of-fame-initiative-for-security-researchers-5e677286dbd6 https://blog.developer.adobe.com/researcher-q-a-aem-solution-architect-by-day-adobe-bug-bounty-hunter-by-night-aed39a4750e4 https://blog.developer.adobe.com/attention-security-researchers-level-up-your-skills-and-join-our-private-bug-bounty-program-2da9d5979d8b https://blog.developer.adobe.com/adobe-recap-2023-ambassador-world-cup-final-four-df701e1a1b12

The Cyber Standard Podcast | Episode 2

Welcome to Episode 2 of "The Cyber Standard Podcast"! Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the intricacies of cybersecurity standardization. In this episode, titled "Audit and Assurance," Ameet is joined by esteemed guests Leanne Sperry, Project Manager for Standards Development at the UK Cyber Security Council, and Mike Hughes, the ISACA Immediate Past President for ISACA Central UK. Together, they explore key challenges, lessons learned, and insights from related workshops in the realm of Audit and Assurance. Don't miss this insightful conversation! Explore Further: Delve deeper into the subject with additional resources provided in the episode description. https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme

The Cyber Standard Podcast | Episode 3

Welcome to Episode 3 of "The Cyber Standard Podcast"! Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the essential aspects of applying for and assessing candidates in the cybersecurity field. In this episode, titled "How to Apply," Ameet is joined by distinguished guests Ethan Duffell, representing the UK Cyber Security Council, and Allan Broadman, Director of CyberAdvisor London. Together, they shed light on the launch of specializations and the significance of professional standards in the cybersecurity sector. Don't miss this insightful conversation! Explore Further: Delve deeper into the subject with additional resources provided in the episode description. https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme

ISACA Live | SheLeadsTech - International Women's Day

Join Kristine O'Sullivan from ISACA as she celebrates International Women's Day alongside SheLeadsTech Advisory Council member Anna Murray and Sushila Nair, Vice President of ISACA's Greater Washington D.C. Chapter.

The Cyber Standard Podcast - Episode 1

Tune in to the inaugural episode of "The Cyber Standard Podcast", “The Vision”! Join host Ameet Jugnauth as he interviews Robin Lyons, ISACA Principal, IT Audit Professional Practices, and Annmarie Dann, Director of Professional Standards at the UK Cyber Security Council, in a compelling discussion about the standardization of specialisms in cybersecurity. Explore the Council's and ISACA's visions for the future, the significance of the Audit & Assurance specialism, and the collaborative efforts between the two organizations. Don't miss this insightful conversation that sets the stage for the podcast's journey into the world of cybersecurity standardization. Explore Further: Delve deeper into the subject with additional resources provided in the episode description. https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme

Reflecting on 25 Years of Information Security Matters

ISACA recently marked the 25th anniversary of Steve Ross’ ISACA Journal Information Security Matters column. Over the last quarter century, technology, security, and the workforce have evolved, while certain challenges remain the same. In this ISACA Podcast episode, Safia Kazi speaks to Steve about how he started writing for the Journal, societal shifts in security’s perception, and how writing skills are invaluable for anyone in the security industry.

A View into CTEM Exposure Management: Reducing your Attack Surface 3x

Organizations can no longer rely on legacy vulnerability management solutions to protect against even basic attacks. Instead, vulnerability management is just one small component in a unified continuous threat exposure management (CTEM) approach to securing an enterprise from malicious intruders and ransomware. In addition to vulnerability management, security around misconfigurations, patching, identity, software, external attack surfaces, and more must be included. In this ISACA Podcast, Nanitor Chief Strategist Derek Melber explains that an organization can prevent breaches and ransomware by taking an asset-centric prioritized-security approach that includes all of these security areas.

ISACA Live | ISACA 2024 Virtual Conference Keynotes Preview

Our regional conference, 20-22 February, features three remarkable keynotes: RV Raghu (Asia-Pac, 20 Feb), Mike Echols (Americas, 21 Feb) and Tichaona Zororo (EMEA, 22 Feb). They are joined by ISACA's Paul Phillips for a preview of their keynote presentations and the region-focused content at our upcoming event.

ISACA Live | Data Privacy Priorities in 2024

Join Lisa McKee and Safia Kazi as they discuss the latest data privacy challenges, priorities and opportunities, and share insights from ISACA's latest Privacy in Practice 2024 research report.

2023 Academic Scholarship Program Recap

Read more about the scholarship program: https://isaca.secure-platform.com/a/page/oitscholarship/aboutscholarships

Leveraging Agile Concepts for Neurodiverse Auditors

In this ISACA Podcast episode, we’ll delve into how leveraging Agile concepts can mitigate common challenges neurodiverse auditors face in the workplace. Neurodivergent auditors can bring a fresh and dynamic energy to projects if given appropriate accommodation. Join us as ISACA's Robin Lyons chats with Program External Audit IT Program Manager Amanda Tucker as they explore small changes that can significantly impact not only neurodiverse individuals on your team but the entire team itself.

Improving Security While Enabling Market Access With a CCF

Software-as-a-Service (SaaS) providers continue to face increasing customer demand to attain security compliance certifications that demonstrate commitment to security, privacy, confidentiality, and more. Pursuing every national and international certification individually results in a repetitive cycle of ongoing walkthroughs, interviews, testing, and evidence requests (i.e., audits). A central CCF can be considered a one-stop shop response to the complex alphabet soup of compliance standards on the market today. In this ISACA Podcast episode, ISACA's Chris McGowan listens in as James Huang, Global Cloud Compliance Senior Manager explains why having a central CCF can help various product engineering teams meet their security compliance needs and understand the level of effort required for each compliance certification.

Issue Management Confidential: Tools and Best Practices for Improving IT Issue Management

Effective IT issue management is crucial for organizations to mitigate financial loss, reputational damage, and operational disruptions. Issue management tools streamline the process by tracking and resolving issues, while risk rating helps prioritize responses based on their impact and likelihood. In this ISACA Podcast episode, ISACA's GRC Professional Practices Principal, Lisa Cook chats with IT Risk Manager, Eric Peck about why acknowledging and addressing high-risk issues with a structured approach empowers organizations to protect themselves and ensure compliance in today's complex regulatory landscape.

ISACA Podcast | Minimizing Risk and Audit Requests

With the increasing demand for audits and risk assessments, artifact requests will not be going away anytime soon. However, the burden these activities bring to the organization can be drastically reduced when audit and risk work together. In this ISACA Podcast episode, Paul Phillips, Director of Event Content Development at ISACA, hosts Staff Governance, Risk, and Compliance Analyst, Benjamin Bartz. Ben takes a deeper dive and elaborates on some of the must-haves for this partnership to live to its full potential.

ISACA’s Digital Trust World Dublin 2023: See What You Missed and Join Us Next Year!

ISACA’s Digital Trust World Dublin 2023: See What You Missed and Join Us Next Year!

How to Propel Your IT Audit Career

IT auditors and audit leaders share insights from their careers and tips for auditors new to the field and those looking to advance. Watch this video to learn how to boost your audit career. To learn more, go to https://www.isaca.org/campaigns/career-pathways

How to Propel Your IT Audit Career

IT auditors and audit leaders share insights from their careers and tips for auditors new to the field and those looking to advance. Watch this video to learn how to boost your audit career. To learn more, go to https://www.isaca.org/campaigns/career-pathways

ISACA Live: Generative AI: Risks, Opportunities and Critical Next Steps

AI expert and author Raef Meeuwisse will share insights from ISACA's brand-new generative AI research and outline the top concerns, opportunities and next steps organizations should be taking.

Exploring the Benefits of Neurodiversity within Cybersecurity

Neurodiversity within cybersecurity offers many benefits but requires organizations and hiring managers re-evaluate hiring practices and job descriptions typically structured for neurotypical applicants. Join ISACAs Director of Professional Practices and Innovation as he hosts a conversation with a company helping to remove barriers and maximize the value neurodiverse talent bring to cybersecurity.

Cultivating Inspired Leaders with Kristi Hedges

If we want people to bring their most creative, innovative selves to work, we need to cultivate a culture where inspiration is given, encouraged, and fostered. In this ISACA Podcast, Kristi Hedges, executive coach, and leadership development consultant, speaker, and author, gives a sneak peek of her upcoming member-exclusive 'Cultivating Inspired Leaders, a CPE-eligible event. At the event, Kristi Hedges will provide a roadmap for building an inspired mindset for leaders, teams, and individuals. Register for this ISACA event at https://www.isaca.org/membership/member-exclusive-speaker-series

ISACA Member Benefits and Community

ISACA CMO Julia Kanouse shares the many ISACA member benefits that strengthen our community, expand your professional network, help you grow as a thought leader and earn CPE, and enjoy exclusive discounts Learn more at https://www.isaca.org/membership/become-a-member/member-benefits.

ISACA IT Audit Career Pathways

ISACA provides you with the resources you need to take the next step in your IT Audit career. Click to learn more, https://www.isaca.org/campaigns/career-pathways

ISACA Live | CMMI Mythbusting: Misconceptions vs. Realities

ISACA's COO Simona Rollinson and CMMI Lead Appraisers discuss common misconceptions around CMMI and what the reality is. Think CMMI is only for large organizations? Think again. Is CMMI only for government contractors or software development companies? No! Organizations from all industries across the globe are using it. Watch for more! For more information, visit: https://cmmiinstitute.com/

Internal Audits That Create Stakeholder Value Adopting an Agile Mindset

Agile Scrum is a lightweight framework that promises to significantly improve internal audits by creating a mindset that generates stakeholder value through adaptive solutions for complex auditing problems. This mindset is needed as organizations face unprecedented changes and pressures in today's business landscape. Internal audits must keep leaders informed and aware of potential risks. Such a mindset addresses some of the often-experienced auditing challenges such as a lack of senior management support, insufficient audit preparation time, difficult auditees and lack of time needed to write audit results. Featuring special guest Thomas Bell and hosted by ISACA's Robin Lyons.

CMMI Tech Talk: Using the Organizational Behavorial Toolkit

Learn how to use the CMMI Organizational Behavior Toolkit. For more information, visit https://cmmiinstitute.com/

Strategies for Avoiding Burnout

Chronic workplace stress can lead to burnout, which poses a significant risk to the mental health of busy professionals, such as auditors. But how can these professionals protect themselves from burnout? And how can their employers help them do so? If you are interested in learning the answers to these questions, then watch as ISACA’s Robin Lyons and Dr. Elena Klevsky, Assistant Professor of Accounting at the University of Tampa, discuss strategies for avoiding burnout. Inspired by the Sustainable Model of Human Energy proposed by Ryan Quinn, Gretchen Spreitzer and Chak Fu Lam, these strategies focus on managing your personal energy by increasing resources, decreasing job demands, practicing skills and tasks, and monitoring energy. Properly implementing these strategies has the potential to help busy professionals ensure that they have sufficient resources to meet their job demands, and, therefore, increase the likelihood that they feel energized instead of exhausted.

The Danger of Distraction in Augmented Reality

While users of technology are becoming more educated in how to avoid cyberattacks such as phishing, a distracted user might be more prone to missing signs of social engineering. This project explored whether users immersed in augmented reality applications were more inclined to fall for an on-screen text message that prompted familiarity (such as a friend calling in) or urgency (such as a warning to update software or be subject to an automatic device re-boot within a certain timeframe). Featuring special guest Sarah Katz and hosted by ISACA's Collin Beder.

Member Get a Member (MGAM) - Testimonials

In this video, you will hear firsthand from members on the immense value of ISACA’s Member Get a Member (MGAM) referral program. Members discuss why they choose to participate and what they learn in return. The 2023 MGAM program provides members an opportunity to recruit new members by sharing the benefits of being part of a 165,000 community of likeminded professionals and earn cash-based rewards while doing it.

Managing Human Risk Requires More Than Just Awareness Training

A comprehensive information security awareness program must be in place to ensure that employees are aware of and educated about the threats they may encounter at the workplace. The workforce needs to be prepared to know how to respond to these threats. It all starts with a risk assessment to identity the most critical of risks that need to be mitigated through preparedness. Making security a part of the organization’s culture reduces these risks to an acceptable level. Featuring special guest Chris Madeksho and hosted by ISACA's Lisa Cook.

ISACA Community Spotlight

Want to feel engaged and inspired? Watch our Community Spotlight; a video highlighting a variety of our initiatives and contributions showcasing who we are at the core.

Preparing for Interruptions, Disruptions and Emergence Events

This podcast speaks about how an Information Systems (IS) Auditor can prepare for the Interruptions, Disruptions and the Emergence events that happen to the business and to technology. Describing the features of Interruptions, Disruptions and Emergence events and distinguishing the differences between them, special guest Anantha Sayana outlines how the IS Auditor can prepare, react, and contribute to all the three. Hosted by ISACA's Hollee Mangrum-Willis.

3 Keys to Engagement!

Register now to attend the next Member-Exclusive Speaker Series. Not a member? Join today to attend and enjoy a variety of member benefits.

IS Audit in Practice: Data Integrity On Demand

On this podcast, ISACA's Hollee Mangrum-Willis and special guest Cindy Baxter discuss the disparities between American communities and access to electronic health records. From there, they examine how key data insights from the ISACA community can help us all be healthier.

The ISACA Certification Acronym Challenge: No Wrong Answers!

No matter how you pronounce the acronyms, ISACA's certifications are highly regarded and in-demand by digital trust professionals and their organizations around the globe.

Processes of Engagement with Scott Gould

Scott Gould is the author of 'The Shape of Engagement: The Simple Process Behind how Engagement Works.' In this podcast, Scott gives a sneak peak at his upcoming member-exclusive, CPE-eligible event. Scott will discuss the essential frameworks for understanding and operationalizing engagement and building enduring connections with your networks and communities.

Together We Are Stronger

In this video short, a soft-spoken professional finds their voice through ISACA.

Delivering Security Value to Product Teams Using the Power of Data

In security, aligning with product teams has never been more important, especially when outmaneuvering adversaries. To foster a truly productive and action-oriented cybersecurity culture, security teams must begin addressing their product engineering counterparts as customers they serve rather than entities they govern. In this podcast, ISACA’s Chris McGowan listens in as Adobe’s Manager of Adversary Intelligence Gurpartap “GP” Sandhu provides unique insight into how he’s bringing intrapreneurship to life in product security through a key project that delivers actionable data that product teams can use to enhance their security posture more rapidly. They’ll also discuss how his team is harnessing strong adversary focus using the power of data and share advice on how you can stay ahead of adversaries by better predicting their next move in the ever-changing threat landscape. Tune into this ISACA Podcast to learn more! Check out more from Adobe, https://www.adobe.com/trust.html For more ISACA podcasts, www.isaca.org/podcasts

ISACA Hall of Famers Share Their Inspirations

Recent ISACA Hall of Fame inductees Allan Boardman, Jo Stewart-Rattray, Mike Hughes, Lily Shue and Robert Parker share what motivated them to make such large impacts on ISACA and their favorite ISACA memories.

Learn about the Value of Becoming an ISACA Accredited Training Organization

We invite you to view this short video to learn more about the ISACA Accredited Training Partner Program and how it can help IT Training organizations differentiate themselves by delivering ISACA’s globally recognized Credentials and Training. For more information, check out: https://www.isaca.org/partnerships/become-a-training-partner

SheLeadsTech Chapter Liaison Quarterly Meeting, May 2023

Recording of SheLeadsTech Chapter Liaison Quarterly Meeting held virtually on 18 May 2023 at 10:00 AM CDT. Please visit the Chapter Leader Exchange via ISACA's Engage Online Platform to access accompanying slide deck and further discussion. Please also email info@oneintech.org to access the SheLeadsTech Liaison Quarterly Report.

SheLeadsTech Ambassador Semi-Annual Meeting, May 2023

Recording of SheLeadsTech Ambassador Semi-Annual Meeting held virtually on 16 May 2023 at 11:00 AM. Please visit the SheLeadsTech community via ISACA's Engage Online Platform to access accompanying slide deck and further discussion. Please also email info@oneintech.org to access the SheLeadsTech Ambassador Quarterly Report.

AI Ethics and the Role of IT Auditors

We, as a society, have always lived by certain norms that are driven by our communities. These norms are enforced by rules and regulations, societal influence and public interactions. But is the same true for artificial intelligence (AI)? In this podcast we discuss and explore the answers to some of the key questions related to the rapid adoption of AI, such as: What are the risks associated with AI and the impact of its increasing adaption within almost every industry? And, what role should we as IT Auditors should play in this fast changing technological landscape? Hosted by ISACA's Hollee Mangrum-Willis and featuring special guest Jai Sisodia.

Using a Risk-Based Approach to Prioritize Vulnerability Remediation

Organizations today struggle with vulnerability management. More specifically, remediating vulnerabilities in a timely manner poses a challenge. With vulnerability remediation backlogs growing at an alarming rate, what can organizations do to meet their established remediation timelines and to protect the organization from cybersecurity threats. Cybersecurity leader Ray Payano will discuss the exponential increase in published vulnerabilities, the lack of resources in cybersecurity to perform remediation and balancing remediation with reduced maintenance windows. These challenges contribute to organizations struggling with remediation backlogs. Ray will explain how calculating vulnerability risk can help organizations prioritize their vulnerabilities based on risk level to help determine the order in which vulnerabilities are addressed. Hosted by ISACA's Chris McGowan.

The True Cost of a Data Breach

Guests Jack Freund and Natalie Jorion discuss the need for additional data for quantitative risk analyses and methods to derive that data when it does not exist. They cover how this was done in the past and their updated method for interpolation of such data from record losses and other firmographic data. They end with a discussion of the role of model validation and how it can enable reliable risk management decision making. Hosted by ISACA's Safia Kazi.

2023 IT Compliance and Risk Benchmark Report

Are you wondering about the ever-changing landscape of IT compliance and risk management? Look no further. Hyperproof, a leading SaaS compliance operations provider, conducts an annual survey of over 1,000 IT risk, compliance, and security professionals to uncover their top challenges. Tune in to this exclusive episode to hear about the top five most important statistics uncovered from the survey and get an overview of how your industry peers are managing IT risk and compliance programs within their organizations. We’ll cover: ● The top five findings from the survey ● How your peers are planning to handle compliance, audit management, and risk management in the midst of this year’s volatile economy ● What companies are doing differently in response to recent and highly publicized security breaches to avoid security lapses and compliance violations Download Hyperproof’s 2023 IT Compliance and Risk Benchmark Report https://hyperproof.io/it-compliance-benchmarks/

What Kind of Glasses Are You Wearing? Your View of Risk May Be Your Biggest Risk of All

The world of business has changed dramatically over the past few years. Our digital world is more connected than ever, leaving security and technology teams stretched even thinner. Privacy and data regulations are increasing on a state and national level, threat actors are learning and evolving, and cybersecurity has finally become a boardroom priority! Now that you have leadership’s attention- what will you do? If your answer is “risk management as usual”, that may be holding you back. Traditional risk management approaches make a lot of promises, but most of them are myths. Do any of these sound familiar? ● You can make better-informed decisions by using a single platform. ● You can use automation to achieve continuous compliance. ● You can implement risk management by creating a risk register. ● You can use qualitative attributes to measure and assess risk. In this episode, we’ll assess risk management myths and discuss how to establish scalable, quantifiable, and always-on risk management for the future. Hosted by Lisa Cook and featuring special guest Meghan Maneval.

The Value of Internal Appraisal Team Members (ATMs) in MDDAP

Hear the benefits of training your internal staff to become experts on the CMMI model and participate on your next MDDAP Appraisal.

CMMI Lead Appraisers: What They Do and the Value They Offer

Learn what a CMMI Lead Appraiser is, their goals, and the value they can bring organizations through CMMI and MDDAP appraisals. For more information, go to https://www.isaca.org/enterprise/performance-improvement-solutions

Case Study: How Innovize Was Able to Generate Higher Quality Outputs More Reliably

See how Contract Manufacturer Innovize improved organizational performance with participation in the Case for Quality collaborative community Voluntary Improvement Program (VIP) using the Medical Device Discovery Appraisal Program (MDDAP). For more information, go to https://www.isaca.org/enterprise/performance-improvement-solutions

How Organizations Can Consistently Reduce Cyberrisk

Cyber threats are now a “clear and present danger” to most organizations, companies and governments of the world. A good cyber defense involves many, intricate layers. You can never have enough layers, just like you can never remove all the risk. In order for organizations to reduce as much risk as possible, in a rapidly shifting threat landscape, they must constantly make improvements. The threat groups are making rapid improvements and increasing their expertise at a steady rate. They are investing in R&D and Zero-Day exploits. To offer a good defense, we must make progress at the same rate as the threat groups or we may fall behind, increasing risks and allowing the cyber world to become like the “wild-wild west.”

Key Considerations for Conducting Remote IT Audits

Conducting adequate preparation including risk assessments, assessing resource requirements and ensuring ongoing communication to harness both the benefits and to address the potential challenges faced when conducting hybrid or fully virtual audits.

Understanding and Assessing Organization Culture

Organizational culture is crucial because it shapes behaviors and attitudes in the workplace, which can profoundly impact operations and overall success. However, it is sometimes difficult for CISOs and other infosec managers to fully understand their culture because they are inside it constantly. In this ISACA Podcast episode, author and journalist Mark Tarallo chats with ISACA's Safia Kazi about how infosec managers can assess the organizational culture by using a culture model to examine the behaviors, relationships, attitudes, values, and environment that the culture sustains. It also discusses possible ways to lead a culture change initiative. To read Mark's full ISACA Journal article, "Understanding, Assessing, Aligning and Transforming Organizational Culture," click the link https://www.isaca.org/organizational-culture For more ISACA Podcasts: https://www.isaca.org/podcasts

Seven Things to Know Before Automating IT General Control Audits

This podcast is a practical discussion with two IT Internal Auditors, Frans Geldenhuys and Gustav Silvo, that have automated IT General Controls across their highly diversified and decentralized group. They will share some of the pitfalls they have experienced in their automation roll out and advise on how to avoid or manage these pitfalls with host, Robin Lyons. Check out Frans and Gustav’s full ISACA Industry News article, “Seven Things to Know Before Automating IT General Control Audits,” http://www.isaca.org/automating-it-general-control-audits For more ISACA Podcasts, https://www.isaca.org/podcasts

ISACA Volunteer Appreciation Week 2023

Learn more about the impact made by ISACA volunteers.

Industry Spotlight - Julia Kanouse

Get to know Chief Membership and Marketing Officer Julia Kanouse as she sits down with childhood best friend and ISACA VP Amanda Raible. The duo discuss everything from leadership to motherhood while competing in Mario Kart! Tune in!

ISACA Live | Measuring & Communicating Cyber Capabilities

There are many standards describing cybersecurity outcomes to achieve and capabilities to implement, but what does success look like, and how do we know if we’re doing enough? In this video, Kelly Hood, CDPSE, Cybersecurity Engineer at Optic Cyber Solution, shares different types of measurements, such as metrics and performance indicators, to help you understand how and when to use each of them when measuring your cyber capabilities and communicating the outcomes of your cybersecurity programs.

CMMI Tech Talk: Data Management Practice Area Overview

In this video, you will get a brief overview of one of the new Practice Areas from the CMMI Model, known as Data Management (DM). https://cmmiinstitute.com/cmmi/data

CMMI Tech Talk: Course Tailoring Guidance

In this tech talk we will explore how CMMI classes can be tailored by instructors based on student needs and instructor preferences according to ISACA tailoring rules.

CMMI Tech Talk: Data Quality Practice Area Overview

In this video, you will get a brief overview of one of the new Practice Areas from the CMMI Model, known as Data Quality (DQ). https://cmmiinstitute.com/cmmi/data

CMMI Tech Talk: Learner Centered Principles

In this CMMI Tech Talk, we’ll summarize the seven Learner Centered Principles used in CMMI classes. https://www.isaca.org/enterprise/cmmi-performance-solutions

CMMI Tech Talk: What is a Solution?

In this video, we will explore what the term “solution” means in the context of a CMMI Practice Area or Practice. https://www.isaca.org/enterprise/cmmi-performance-solutions

What Is Your IP Address Cybersecurity IQ? The Role of IP Address Data in a Digital World

There are literally thousands of VPN services on the market. Some are undeniably benign, but others offer a slate of features that are friendly to cyber criminals. Keeping your network safe from hackers requires you to understand the VPN market, and make decisions based on your company’s appetite for risk. Fortunately, by analyzing IP address data associated with these devices, security professionals can get access to a wealth of VPN contextual data that helps them distinguish between perfectly legitimate providers and those that turn a blind eye toward crime. In today’s world, it is vital for security professionals to know how to leverage IP address data and its contextual insights to protect enterprise networks.

Data Quality Practice Area Overview

In this video, you will get a brief overview of one of the new Practice Areas from the CMMI Model, known as Data Quality (DQ).

How To Be An ISACA Volunteer

Take a tour of ISACA's volunteer program on Engage, and learn how to get involved. For more information visit https://engage.isaca.org

Create a Successful Career Path with ISACA

ISACA has the resources, credentials and training options to guide IT professionals in their steps to create a successful, fulfilling career path at any level.

ISACA Live | The Equity Gem: Actionable Steps to Help Close the Equity Gap

In celebration of International Women's Day, themed #EmbraceEquity, Limor Bergman and Willena Lon will share tips on actionable steps to help close the equity gap.

CMMI Tech Talk: Using CMMI to Improve an ISO9001 or AS9100 QMS

In this CMMI Tech Talk, we are going to explore how CMMI, ISO9001, and AS9100 work together to improve a quality management system. https://www.isaca.org/enterprise/cmmi-performance-solutions

Conference Chats with Chelsey & Robyn

Tune in to listen to ISACA’s very own Chelsey Byrd and Robyn Franko as they discuss the upcoming fun at ISACA Conference North America 2023: Digital Trust World.  Listeners will  get some insider information into future conferences and some laughs as the ladies discuss past, present & future ISACA events! Additional event information can be found https://www.isaca.org/training-and-events/isaca-digital-trust-world-conference

Eight Cybersecurity Trends to Watch for in 2023

With the start of a new year, it is a key time for all organizations, small through enterprise, to examine their IT infrastructure and review cyber security policies. With the new digital transformations and an evolving regulatory landscape, organizations are more prone to cyberattacks. In fact, statistics released in Nov 2022, show that approximately 52 million data breaches occurred globally during the second quarter of this year alone. So what do businesses need to know to be able to try and mitigate these issues?

We Are ISACA, Episode 05

In the fifth episode of We Are ISACA, Joseph Kachiliko from Zambia/UAE and Abbas Kudrati from India/Australia, chat with Megan Moritz about doing a TedX talk, writing several books, taking breaks from technology, and the one candy they cannot live without. (5 Star and Snickers for the wins!) This episode also feature Sri Srinivasa’s incredible voice acting talents, showcased in English and his native language, Tamil. Intros & locations: 0:00-1:43 Joseph’s TEDx talk: 1:44-7:13 Abbas’s best-selling books: 7:14-9:11 Staying connected to yourself and others: 9:12-11:22 Setting better habits: 11:23-15:05 ISACA student groups: 15:06-18:25 The importance of mentoring: 18:26-24:21 One candy for the rest of your life: 24:22-25:54 Voice actor, Sri Srinivasa: 25:55-31:39 Until next time: 31:40-32:14

The Equity Gem: Actionable Steps to Help Close the Equity Gap

In celebration of International Women's Day, themed #EmbraceEquity, Limor Bergman and Willena Lon will share tips on actionable steps to help close the equity gap.

Measuring Security Resilience from the Lens of the Adversary Community

In a world where adversaries are constantly adapting to improve tactics, techniques, and procedures (TTPs), it is crucial to understand the unique traits and goals of various types of adversaries that actively seek to cause harm to an organization. The personification of these threats will ultimately help measure resilience against specific threat actors, identify investment and hardening opportunities, and improve trust with customers. In this podcast, Daniel Ventura, Manager of Product Security Incident Response Team (PSIRT), shares insight into Adobe’s approach to adversary personification as well as provides guidance on how you can better measure the security resilience of your products. He’ll also talk about Adobe’s bug bounty program which helps his team identify new trends in adversary interest and defend against real incident response events.

The Future of Technology Risk: 4 Ways to Build Stakeholder Trust in the Technology Risk Imperative

Today, the pace of change across industries is quicker than ever before. Economic, political, and social unrest and a global climate crisis have placed unprecedented disruption and pressures on organizations looking to navigate a rapidly changing environment. Firms are being out-innovated and entire industries are being disrupted in a matter of months or years, as opposed to decades. Shifting regulations, data as an asset, dynamic customer behavior and employee expectations of continued flexibility in a more virtual workplace add to the challenge. Technology risk and compliance needs to adjust to this new reality. The strategy and value of an organization’s technology risk management are becoming essential to build and secure stakeholder trust. That means moving closer to the point where the risk events occur and using preventative, detective, and automated controls as much as possible. In this podcast, Beth McKenney, a Principal in the KPMG Technology Risk service network, offers a game plan for companies to meet these today’s challenges with an eye on building stakeholder trust. That means having a proactive, rather than a reactive, approach to risk management.

Risky Business – Jon Brandt

For the average person, life moves quickly. But for business leaders and anyone involved in any aspect of IT, the pace at which technology is changing is overwhelming. Technology can help businesses and individuals do more with less and increase profit margins. However, technological advances carry tremendous risk and increase the criticality of risk management. No longer can business and personal use of technology be viewed in siloes. ISACAs Director of Professional Practices and Innovation, Jon Brandt, is joined by Ryan Cloutier as they discuss some of the latest headlines and impact to intellectual property.

CCP CMMI Explainer

Cybersecurity is a huge challenge for companies today. Every organization has unique vulnerabilities. Cyber threats are growing and so are the costs of failure. ISACA's CMMI Cyber Maturity Platform meets these challenges head on. For more information, check out https://www.isaca.org/enterprise/cmmi-cybermaturity-platform

CMMI Tech Talk: Appraising Governance (GOV) and Implementation Infrastructure (II)

In this tech talk we will explore the role that senior management plays in supporting performance and process improvement efforts and how the Sustaining Habit and Persistence Practice Areas are appraised. https://cmmiinstitute.com/learning/appraisals

Advertising Information Security

In this episode, executive principal at Risk Masters International’s Steven Ross discusses why vendors of IT products and services are advertising information security, why businesses are not advertising their security and how to use information security as a component of organizations’ public images with host Safia Kazi.

Building Digital Trust Through Advocacy

If you thought ISACA was only about certification and education, get ready to listen to this podcast and see how ISACA advocates for the IT Audit and Risk Management professions! Join Cindy Baxter, author of the Audit in Practice column in the ISACA Journal, as she interviews two members of the ISACA New England Board of Directors who attended ISACA’s Hill Day in Washington DC. Hear how they met with their government representatives and with ISACA’s help, discussed legislation that supports our profession! It’s an opportunity to think about the impacts you can have in your own back yard and with civic leaders!

Value of ISACA: Enterprise Solutions

Discover how ISACA’s enterprise solutions enhance the ability of people, organizations, processes, and technology to create and maintain a better digital world. Our enterprise offerings in team training, performance improvement solutions and partnership opportunities have helped drive innovation and education globally. Learn more at isaca.org/enterprise

Rethinking Identity Governance

SaaS is eating the world even more than we think. Companies are dealing with SaaS sprawl: hundreds of apps distributed across different owners that store sensitive data and which are used to orchestrate critical business workflows. Security-minded teams are turning to external compliance frameworks to help protect their customers and data. However, traditional identity governance controls have fallen short of delivering real security outcomes in this digital-first world. They’re missing a critical piece: automation. In this episode, ConductorOne’s CEO and Co-Founder, Alex Bovee joins this episode to discuss why we need to change the way we think about compliance and risk and what a security-led governance program could look like. Learn more about ConductorOne at https://www.linkedin.com/company/conductorone/ or https://www.conductorone.com/blog/automating-compliance-controls-least-privilege-access/

We Are ISACA, Episode 04

The fourth episode of We Are ISACA brings us our first virtual participants. Gustavo Galegale joined from São Paulo, Brazil and shared quite the story about his son’s birth, while Glory Idehen connected from Abuja, Nigeria and shared how the Abuja Chapter has built impressive local participation for ISACA’s annual CommunITy Day. Watch and listen to their discussion with host Megan Moritz.

2023: The Year of Risk

A review of the events of 2022 shows that 2023 will not be the year of dire new cyber attacks waged by hoodie-wearing cyber criminals or office-bound nation-state APTs. Instead, 2023 will be when multiple regulatory bodies express their mounting frustration with public and private companies' collective inability to reduce the volume and impact of prior cyber attacks. Tune into this ISACA Episode as Hyperproof’s Field CISO, Kayne McGladrey, speaks with ISACA’s Jeff Champion on how 2023 will be the year of risk. Learn more about Hyperproof at: https://twitter.com/Hyperproof https://www.linkedin.com/company/hyperproof/ https://www.instagram.com/hyperproof/ Additional Hyperproof Resources: https://hyperproof.io/resource/the-ultimate-guide-to-enterprise-risk-management/ https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2022/three-key-predictions-for-2023-the-year-of-risk https://hyperproof.io/resource/risk-management-software-buyer-guide/ https://hyperproof.io/case-studies/pythian-uses-hyperproof-to-get-time-back-and-improve-its-risk-management-maturity/

Improving Cyber Resilience in an Age of Continuous Attacks

We live in the age of continuous compromise. This podcast dives into why so many organizations continue to be breached even after spending money on cybersecurity point solutions. Many organizations gravitate towards silver bullet solutions without understanding the threat and impact. In this ISACA Podcast episode, Chris McGown speaks to Rex Johnson and Hamlet Khodaverdian about why a holistic and collaborative approach is absolutely critical to creating cyber-resilience.  For more information check out www.isaca.org/improving-cyberresilience-in-an-age-of-continuous-attacks

CMMI Tech Talk: Navigating the Different Frameworks

Understand and navigate the different models and frameworks. Understand how CMMI fits in the different models and frameworks and how it can be used alongside the other models and frameworks. https://www.isaca.org/enterprise/cmmi-performance-solutions

Learn More About ISACA Foundation, Part 4

Building diversity and inclusion in Cyber and IT Audit careers is one of the ways to address the workforce crisis and ensure innovation that meets all perspectives. ISACA Foundation is a way for ISACA to philanthropically support the mission of advancing the professional space. ISACA Foundation seeks to create a healthy digital world that is safe, secure, and accessible for all.

Learn More About ISACA Foundation, Part 3

Building diversity and inclusion in Cyber and IT Audit careers is one of the ways to address the workforce crisis and ensure innovation that meets all perspectives. ISACA Foundation is a way for ISACA to philanthropically support the mission of advancing the professional space. ISACA Foundation seeks to create a healthy digital world that is safe, secure, and accessible for all.

Learn More About ISACA Foundation, Part 2

Building diversity and inclusion in Cyber and IT Audit careers is one of the ways to address the workforce crisis and ensure innovation that meets all perspectives. ISACA Foundation is a way for ISACA to philanthropically support the mission of advancing the professional space. ISACA Foundation seeks to create a healthy digital world that is safe, secure, and accessible for all.

Learn More About ISACA Foundation, Part 1

Building diversity and inclusion in Cyber and IT Audit careers is one of the ways to address the workforce crisis and ensure innovation that meets all perspectives. ISACA Foundation is a way for ISACA to philanthropically support the mission of advancing the professional space. ISACA Foundation seeks to create a healthy digital world that is safe, secure, and accessible for all.

ISACA Live | Digital Trust Priorities for Privacy and Emerging Tech

ISACA Digital Trust Advisory Council Members Anne Toth and Michelle Finneran Dennedy will discuss privacy concerns and priorities around emerging tech and the most critical considerations for ensuring strong digital trust. Visit isaca.org/privacy-month-2023

ISACA. Community. Resilience.

ISACA's Global Community is bigger and stronger than you may realize...and more resilient than you probably ever dreamed. Hear how ISACA members around the world have supported fellow members in Ukraine, and discover how it is never too late to make a difference. A very special thanks to those who took the time to share their personal stories. https://www.isaca.org/ To donate: https://bank.gov.ua/en/

State of Privacy 2023

Privacy is an essential component of digital trust—so how does your organization compare to others when it comes to privacy trends, challenges, budgets, and approaches? Learn about the latest global ISACA research and get key findings on the privacy workforce, privacy skills, privacy by design, and the future of privacy.

We Are ISACA Episode 3

The third episode of We Are ISACA was recorded in Rome, Italy. Host Megan Moritz talked with polyglot Mounir Messaoud from Sweden, and coffee connoisseur Vladlena Benson from the UK.

CMMI Tech Talk: CMMI and Agile

Learn more about integrating CMMI and agile. https://www.isaca.org/enterprise/cmmi-performance-solutions

ISACA Live - Career Changing Impact of Mentorship

To celebrate International Mentorship Day in January, we are hosting an ISACA Live hosted by Liz Pisney, with panelists Veronica Rose (ISACA Board Director) and career expert Caitlin McGaw.

Information Privacy Contradiction: Interest-Based Posture of Compliance and Violation

Why do individuals, organizations, institutions, nations, or responsible agents work hard to preserve their personal and enterprise data, personnel information, trade secrets, intellectual properties, technical know-how, or national data, yet easily trade on the individual and enterprise data and national data of others? To understand and answer the question appropriately, one must examine the underlying of the Information Privacy Realities Contradiction Theory (IPRCT), which is integral to (1) our natural unity of opposites, (2) our material dialectic mechanism or struggle of choosing from the opposites, and (3) the role of our self-interest in time and circumstance. Therefore, understanding the intricacies of the IPRCT would be instrumental to the proper and timely introduction of privacy requirements early in our system development lifecycle and in the development and enactment of information privacy policies, directives, guidance, and regulations around the world. In this ISACA Podcast episode, Safia Kazi host Dr. Patrick Offor, Chief Warrant Officer Five Retired (CW5(R)); Associate Faculty, to discuss his recently released ISACA Journal article. To read Dr. Offor’s full article, please visit https://www.isaca.org/resources/isaca-journal/issues/2022/volume-6/the-information-privacy-contradiction. To listen to more ISACA podcasts, please visit www.isaca.org/podcasts.

CMMI Tech Talk: Using the Performance Report to Provide Value

Discover how the appraisal team can use the Performance Report to provide value to the appraised organization. https://www.isaca.org/enterprise/cmmi-performance-solutions

CMMI Tech Talk: The Performance Report: Validating the Performance Report

Learn more about how an appraisal team validates the performance report during the conduct phase of an appraisal. https://www.isaca.org/enterprise/cmmi-performance-solutions

2023 Tech Predictions and Priorities

Chris Dimitriadis, Chief Global Strategy Officer at ISACA, shares his predictions for the industry for 2023. Listen in as Chris explains his predictions around digital trust, the skills gap, securing the supply chain, and quantum computing. Please like and subscribe for more updates from ISACA.

How to Become an ISACA Member

A complete guide on becoming a member of ISACA. Get helpful instructions and tips in this video. Join a global community of 185,000+ members.

Should Cybersecurity Be Subject to a SOX-Type Regulation?

Numerous laws and regulations have been passed to protect sensitive information, both at the federal and state level, creating a patchwork of requirements for companies to comply with. However, with limited resources for cybersecurity investment, this uncoordinated approach has clouded objectives and led to decision paralysis within firms. Could cybersecurity implementation benefit from a Sarbanes-Oxley Act (SOX) type approach? This approach would create a risk-based, internal control model focused on cybersecurity that includes enforcement capabilities and requires third-party oversight and executive accountability. To read Should Cybersecurity Be Subject to a SOX-Type Regulation? Please visit www.isaca.org/should-cybersecurity-be-subject-to-a-sox-type-regulation. To listen to more ISACA podcasts, please visit www.isaca.org/podcasts.

Beware the Traps of Data Governance and Data Management Practice

Guy Pearce joins ISACA’s Lisa Villanueva for a conversation about the traps of Data Governance and management. Guy breaks down Lore vs. Data, reasons for not using information for decision-making and why data is a shared benefit for the organization. Stay tuned until the close to hear Guy’s advice on how to use metaphor when communicating technical concepts to executive leadership. To read Guy's full article, visit: To listen to more ISACA podcasts, please visit: www.isaca.org/podcasts.

Convergence: Where Next?

ISACA’s Jeff Champion welcomes Steven Ross to the ISACA podcast. Steven asks what the effect of Convergence on the Control Community and concludes that everything is connected to every role, and it is becoming risky to have employees siloed within their own practice. He also remarks on how he once wrote an ISACA Journal article about companies creating a role for Chief Security Officer and now that is becoming a reality within the industry. Tune in now! To read Steven’s full-length article, visit: www.isaca.org/convergence-where-next. To listen to more ISACA podcasts, visit: www.isaca.org/podcasts

Do Data Go to Waste

The Impact of SOX on the Industry 20 Years Ago and Today. Opponents of Sarbanes Oxley, (SOX) contend the law is too costly for companies to operationalize given the small benefit that SOX regulation provide. Proponents say that a world without SOX is a world in chaos. This article discusses how SOX measures up 20 years after the law was enacted. To read Cindy's ISACA Journal article, Do Data Go to Waste, please visit: www.isaca.org/do-data-go-to-waste. To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.

Protecting Your Enterprise and Deterring Fraud in a New Risk Era

As uncertainty persists due to the COVID-19 pandemic, the war in Ukraine, international cyberthreats, inflation, and a looming recession, it is clear that the world has entered a new era of risk. These factors have created the perfect storm for rising fraud. In the past year, unauthorized digital account openings increased by 21%, while smartphone-related cyberattacks soared by 71%, reflecting a changing threat landscape impacting enterprises and consumers alike. According to one global survey, nearly half of all respondents experienced fraud in the past 24 months, 3 compromising financial resources, personal data, and peace of mind with frightening rapidity. Recent research we have completed also reflects that “60% of Consumers Don't Believe Companies Do Enough to Protect Their Data as Demand for Security Grows". Listen to the CEO of GBG Americas, Christina Luttrell, as she explains that, as a result, identity verification is a priority for organizations and government agencies that view it as a strategic differentiator that allows them to enhance the customer experience while improving their defensive posture at a critical time in this ISACA podcast episode. To read the ISACA Journal article, Protecting Your Enterprise and Deterring Fraud in a New Risk Era, please visit: https://www.isaca.org/protecting-your-enterprise To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.

In Pursuit of Digital Trust – Alon Amit

ISACA member Alon Amit says that education and safety should be the two greatest areas of emphasis for professionals tasked with building digital trust.

ISACA Privacy Month - January 2023!

Privacy Awareness Month is here–as are continuing threats to your organization. Today’s privacy practitioners are challenged to keep pace with the ever-evolving technology space. ISACA is raising awareness about the importance of privacy and Digital Trust by offering valuable resources for understanding trends and solutions to overcome privacy challenges. Learn More: http://www.isaca.org/cdpse

In Pursuit of Digital Trust – Francisco Guimaraes

ISACA member Francisco Guimaraes thinks providing digital trust is “the right umbrella” for technology professionals to think about how they can positively impact their organizations.

The Circle of Failure: Why the Cyber Security Industry Doesn’t Work

Richard Hollis, Director of Rick Crew, is serious about asking the tough questions. ISACA’s Jon Brandt welcomes him to the ISACA podcast to have a conversation that challenges the status quo: Does the Cyber Security Industry work? After decades of experience in the security industry, Richard asks, “have I affected any change?” Richard points out that if we buy a toaster at the store and it doesn’t work, we return it, but as security professionals, we don’t hold products to the same standards. Why is this? Jon and Richard go back and forth on FUD, vendors, false positives, and where accountability lies in the industry. Join Richard and Jon in the conversation to think about how we can affect the positive change that we want to see in our industry in the future! To read Richard's full report, please visit www.isaca.org/the-circle-of-failure. To listen to more ISACA podcasts, visit www.isaca.org/podcasts.

We Are ISACA, Episode 02

In this, the second episode of We Are ISACA, host Megan Moritz visits with BodyJam enthusiast Natalie Perez from Melbourne and school owner Alok Kakker from Washington, DC. 00:00:14 Intro 00:01:38 Natalie 00:14:01 Alok 00:26:54 Dance 00:30:12 Close

CMMI Tech Talk - Appraisal Roles: Appraisal Sponsor: After the Appraisal

The Appraisal Sponsor's responsibilities and expectations after an appraisal have concluded. Click here for more information: https://www.isaca.org/enterprise/cmmi-cybermaturity-platform?gclid=Cj0KCQiAm5ycBhCXARIsAPldzoX0ko3MgtB-Um8MC3Jrri2qFkCv7aFokT1ZN8G5mWiCXzJZuZSdOtkaAjPyEALw_wcB

CMMI Tech Talk - Appraisal Roles: Appraisal Sponsor: During the Appraisal

The Appraisal Sponsor's responsibilities during the conduct phase of the appraisal. Click here for more information: https://www.isaca.org/enterprise/cmmi-cybermaturity-platform?gclid=Cj0KCQiAm5ycBhCXARIsAPldzoX0ko3MgtB-Um8MC3Jrri2qFkCv7aFokT1ZN8G5mWiCXzJZuZSdOtkaAjPyEALw_wcB

Taking Security Strategy to the Next Level: The Cyber Kill Chain vs. MITRE ATT&CK

In an era of rampant ransomware and other malicious cyberattacks, it’s mandatory to double down on cybersecurity analysis and strategy to ensure an optimal security posture and the protection of critical assets and data. Today, two models can help security professionals harden network resources and protect against modern-day threats and attacks: the cyber kill chain (CKC)and the MITRE ATT&CK framework. Tim Liu, long-term security technologist, co-founder, and CTO, will provide an overview of these two frameworks and the limitations or benefits of each approach. To read Taking Security Strategy to the Next Level, please visit: www.isaca.org/taking-security-strategy-to-the-next-level To listen to more ISACA podcasts, please visit: www.isaca.org/podcasts

What Can ISACA Certifications Do for You?

ISACA certification holder Bruno Horta Soares shares how ISACA certifications gave him credibility and recognition in his career. Bruno, a CISA, CRISC, and CGEIT certification holder, shares what motivated him to get certified. Hear how, no matter how his career focus changed, he could o benefit from ISACA certifications, prove his commitment to high standards of professionalism and be successful across multiple aspects such as IS/IT audit, security, risk, and governance. Learn more about ISACA certifications: https://www.isaca.org/credentialing 00:00:01 What's your current role in your organization? 00:00:44 How long have you been certified, and what motivates you to stay certified? 00:01:54 How likely are you to recommend getting certified?

CMMI Tech Talk: Appraisal Roles: Appraisal Sponsor: Before the Appraisal

In this CMMI Tech Talk, we talk about the role and expectations of the Appraisal Sponsor before an appraisal begins.

Auditee Buy-In—A Key Component of Effective Audits

As you plan and execute your audit, do you take time to invest in the stakeholder relationship? This can be an often-overlooked element but essential in an effective audit. Tune into this ISACA Video Podcast as Steve Jackson, IT Audit Manager at Airbnb, chats with ISACA’s Robin Lyons about ways to gain auditee buy-in and have a successful and effective audit. To read Steve’s full-length article, “Auditee Buy-In—A Key Component of Effective Audits,” visit www.isaca.org/auditee-buy-in For more ISACA Podcasts, please visit: www.isaca.org/podcasts

Breaking Down the ESET T2 2022 Threat Report

In this ISACA Podcast episode, ESET’s Chief Security Evangelist, Tony Anscombe, joins ISACA’s Principal, Emerging Technology Professional Practices, Collin Beder to discuss ESET’s recently released T2 2022 Threat Report. As a global leader in cybersecurity, ESET’s T2 2022 Threat Report summarizes the most notable trends that have shaped the threat landscape for the past four months. This report dives into CloudMensis, the previously unknown macOS malware discovered by ESET researchers. To read the full ESET report: https://www.welivesecurity.com/wpcontent/uploads/2022/10/eset_threat_report_t22022.pdf. For more information, check out ESET’s award-winning blog: WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research. To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.

We Are ISACA, Episode 01

Hooray! You found the first episode of We Are ISACA! Join host Megan Moritz as she spends time getting to know "the person behind the member." This episode features former Marine Joe Mendez and marathoner Allyson Zoller. 00:00 Show Open 00:00:14 We Are ISACA Introduction 00:02:37 Joe Mendez 00:21:38 Allyson Zoller

Enabling Digital Trust through Canada's Digital Charter

Data are the lifelines of a digital economy. They drive innovation, enabling cutting-edge research and next-generation technologies, including artificial intelligence (AI), robotics, and the Internet of things (IoT). But these opportunities introduce new sources of risk that must be managed appropriately. Canadians are raising important questions such as, “How will personal data be used?” and “What controls are in place to safeguard privacy and security?” To encourage innovation within the digital economy while managing this risk, the Government of Canada has established the need for digital trust between citizens and organizations as an enabler by implementing a Digital Charter. As the Canadian government cites, “Trust is the foundation on which our digital and data-driven Canadian economy will be built.” This digital trust is defined by the “confidence that users have in the ability of people, technology, and processes to create a secure digital world. Tune into this ISACA Podcast as the Acting Director of Internal Assurance at the Office of Enterprise Risk & Assurance of the University of British Columbia (UBC), Mary Carmichael, join’s ISACA’s Safia Kazi to explore topics including what is the Digital Charter and how it supports digital trust; what are critical elements of the Digital Charter (e.g., AI Ethics, Privacy, Principles for the Digital Economy); what are the implications for organizations and the public. To read Mary’s full-length article, visit https://www.isaca.org/enabling-digital-trust-with-canadas-digital-charter. To listen to more ISACA podcasts, visit https://www.isaca.org/podcasts.

It's About (Down) Time

It is all about the system's downtime. In this ISACA Podcast episode, Risk Masters International's Steven Ross tells ISACA's Collin Beder that organizations should start focusing on hours of unavailable systems and data when measuring the cost of a cyber-attack. Steven also discusses the causes and targets of system downtime and why he thinks the IT world is currently living in a dangerous time. To read Steven's full-length article, visit: www.isaca.org/its-about-down-time To listen to more ISACA Podcasts, visit: www.isaca.org/podcasts

How Social Engineering Bypasses Technical Controls

We are subjected to phishing scams almost every day, and even the most seasoned professional must examine an email to ensure the links included are safe. Brown University and Federal Reserve Bank of Cleveland's Allen Dziwa says people are the weakest link and that customized messaging using regional language for targeted attacks are becoming more prevalent. Allen breaks down the many types of attacks (phishing, spear phishing, smishing, vishing, whaling) with ISACA's Kevin Keh. Tune into this ISACA Podcast to learn how to be vigilant when facing potential attacks from scammers. To read Allen’s full article, please visit: www.isaca.org/how-social-engineering-bypasses-technical-controls To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

What Makes Risk Assessments So Unpleasant and How to Change That

Ryan Cloutier's child came home from school one day and told him that he had figured out the staff Wi-Fi password. Frustrated that the security wasn't better for a school network, Ryan decided to do something about it. Since then, his career has been focused on serving K12, local government and socio-economically disadvantaged communities with his company Security Studio. ISACA's Jeff Champion asks him about ways to overcome technical language barriers when completing risk assessments, and Ryan discusses key issues with risk assessments and a path forward to resolving them. Tune in to start thinking about more interesting ways to approach risk assessments! To read Ryan's full-length article, visit: www.isaca.org/what-makes-risk-assessments-so-unpleasant To listen to more ISACA Podcasts, visit: www.isaca.org/podcasts

ISACA CyberPros – Naomi Buckwalter

Executive Director of Cybersecurity Gatebreakers Foundation, Naomi Buckwalter, joins ISACA’s Jon Brandt to discuss burnout. There are many factors at play when discussing burnout: company culture, work-from-home flexibility, unrealistic expectations from supervisors, and industry pressure, but Naomi gives you multiple action plans for combatting workplace burnout and creating healthy boundaries with your colleagues. Tune into this ISACA Podcast now! To learn more about Naomi, please visit: https://www.linkedin.com/in/naomi-buckwalter/ To listen to more ISACA podcasts, please visit: www.isaca.org/podcasts

Quantifying the Qualitative Risk Assessment

In this ISACA podcast episode, IT Risk Director and Senior Vice President Mike Powers, joined by IT Segment Risk Manager Julie Ebersbach to discuss the use of the qualitative risk assessment as part of an organization's enterprise risk framework, focusing on the use of data to inform subjective judgments. The value and accuracy of a qualitative risk assessment, based on subject matter expert judgment, can be improved with focused data. Tune in now to hear Mike and Julie chat with ISACA’s Jeff Champion about how using quantifiable data increases the reliability, accuracy, and credibility of the qualitative risk assessment. To read Quantifying the Qualitative Technology Risk Assessment, please visit: www.isaca.org/quantifying-the-qualitative-technology-risk-assessment To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

ISACA Live: Advancing Digital Trust Through Cybersecurity

ISACA's Jon Brandt and Chris McGowan will discuss how cybersecurity professionals can advance digital trust, share some consumer perspectives on cybersecurity and outline new ISACA resources for cybersecurity professionals.

Industry Spotlight with Ali Pabrai

There is no denying the passion that ecfirst's CEO, Ali Pabrai has for cybersecurity. In this ISACA Podcast, Ali tells ISACA's Hollee Mangrum-Willis that after all his years in the industry, he is still more excited than a two-year-old at the entrance to Disneyland. Listen in as Ali discusses his origin story as a first-generation American working for Fermi National Accelerator Laboratory, creating a startup soon after the new millennium and how he has balanced all his career accomplishments while raising a neurodivergent child. Tune in now to hear about why Ali thinks we should compare the human body to cybersecurity and much more! To learn more about Ali, please visit: https://www.linkedin.com/in/pabrai/.  To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

How to Mature Your Privacy Compliance Program: A Conversation With OneTrust DPO Linda Thielova

Compliance with the world’s ever-increasing list of privacy laws can be a tricky undertaking for any organization, but by taking a few simple steps, you can begin to mature your privacy program from a series of check-box exercises into an intelligent compliance program that can help organizations to build consumer trust and protect brand reputation. Join this conversation with OneTrust DPO Linda Thielova and ISACA's Paul Phillips to learn how to operationalize privacy compliance within your organization and get practical tips on how to mature your privacy compliance program.

Managing Cybersecurity Risk as Enterprise Risk

Cybersecurity incidents like ransomware can potentially bring operations to a standstill. Recent regulatory changes by the FTC and proposed changes by the SEC show that both agencies are drafting cybersecurity rules similar to ERM concepts. This would include board oversight of cybersecurity and the responsibility of senior management to implement cybersecurity policies and procedures and provide training for information security staff that is sufficient for them to address relevant security risks. In addition, this could mean that your organization may be required to report incidents and disclose cybersecurity policies and procedures. Tune in to this ISACA Podcast episode to listen in as Cyber Defense Labs’ Manager of Cybersecurity Advisory Services Tom Schneider tells ISACA’s Jeff Champion that any threat to this essential information is an enterprise risk that needs to be managed by the enterprise through teamwork, with leadership from both the board and senior management. Tom also gives insights into managing cybersecurity risk as an enterprise risk. To read Managing Cybersecurity Risk as Enterprise Risk, please visit: www.isaca.org/managing-cybersecurity-risk-as-enterprise-risk. To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts.

Implementing Artificial Intelligence: Capabilities and Risk

University of Florida's Ivy Munoko is passionate about AI and has plenty to share regarding implementation and usage, but ISACA's Collin Beder asks, "is it ethical"? Ivy breaks down the ethical considerations for AI and the four types of intelligence (Mechanical, Analytical, Intuitive, Empathetic), and she shares her take on why she thinks AI won't be replacing our jobs for a very long time to come. To read Ivy's article, please visit www.isaca.org/implementing-ai-capabilities-and-risk. To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.

ISACA Foundation: Building the Future of Digital Trust

By building pathways and pipelines into digital trust careers for the under-represented, we can make real progress in bridging the workforce gap. ISACA Foundation works globally with ISACA chapters, enterprises, and key stakeholders to remove barriers by providing scholarships, resources, and tools that will change the face of digital trust.

Audit in Practice: Auditing Culture

What’s The Risk LLC’s Cindy Baxter sits down with ISACA’s Robin Lyons to discuss auditing culture, which can be one of the most interesting areas to audit. We all have things we want out of our work environment like remote work, flexible hours or as Cindy comments: “I’d love to take my dog to work with me!”, but she and Robin question what is really important to workplace culture, and does it start with a “tone at the top”? Cindy gives advice on auditing approaches and key assessments when auditing as culture can be a critical part of an organization, making or breaking its effectiveness. To read Cindy’s full length article, please visit: www.isaca.org/auditing-culture To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

Incident Report & Continuous Control Monitoring

This episode of the ISACA Podcast is all about incident reporting. Lesotho Postbank's Relebohile Kobeli talks to ISACA's Collin Beder about mitigating risk, minimizing losses from events, and good communication. As Relebohile says: "as we carry out our daily tasks at work, we should always be proactive... and recognize abnormal behavior". Tune in now! To read Relebohile's full article, please visit: www.isaca.org/how-enterprises-can-leverage-incident-reporting To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

ISACA Live | Advancing Digital Trust Through IT

On National IT Professionals Day, ISACA's Kevin Keh explains how IT professionals can advance digital trust in their organizations and in their industries. Learn more at isaca.org/digital-trust

Industry Spotlight - Lisa Young

Netflix's Lisa Young started as a bank teller that learned tech by fixing and servicing ATMs, which transitioned to her joining the network ops field and leading her to "help organizations understand what could keep them from meeting their strategy, objectives or mission". After rough telecom layoffs, she re-educated herself with ISACA certifications and started leading a chapter, which included the honor of hosting an ISACA conference and she has developed content with ISACA's Paul Phillips. In this episode she sits down with Paul to discuss their shared work on ISACA-related projects, cyber careers and why you should be curious and ask how things work. Lisa loves the idea of continuous learning and asks, "what is a good next step for you?" To listen to more ISACA Podcasts, go to isaca.org/podcasts Be sure to like, comment, and subscribe for more ISACA Productions content.

Why I Renew My Membership with ISACA

In this video, we hear from various ISACA members on why they renew their membership with ISACA year after year. The value of membership and the exclusive benefits it offers, that keeps bringing them back. For more information, visit: https://www.isaca.org/renewals.

How to Get Started with CMMI: Adoption and Transition Guidance

A review of the Adoption and Transition Guidance, one of the many adoption guidance materials available from with the CMMI Product Suite. The Adoption and Transition Guidance is a great tool to help organizations new to CMMI or those who are evolving with CMMI new content. Additional CMMI Content: https://youtu.be/qImzALUL9kY https://cmmiinstitute.com/resource-files/public/v2-0-materials/cmmi-v2-0-adoption-and-transition-guide

What does Digital Trust Mean to You? Alex Feng Testimonial

ISACA members weigh in on what Digital Trust means to them. For more information, check out https://www.isaca.org/digital-trust

What does Digital Trust Mean to You? Scott Bauman Testimonial

ISACA members weigh in on what Digital Trust means to them. For more information, check out https://www.isaca.org/digital-trust

What does Digital Trust Mean to You? Ria Bluitt Testimonial

ISACA members weigh in on what Digital Trust means to them. For more information, check out https://www.isaca.org/digital-trust

What does Digital Trust Mean to You? Chris Madeksho Testimonial

ISACA members weigh in on what Digital Trust means to them. For more information, check out https://www.isaca.org/digital-trust

What does Digital Trust Mean to You? Charlotte Harris Testimonial

ISACA members weigh in on what Digital Trust means to them. For more information, check out https://www.isaca.org/digital-trust

What does Digital Trust Mean to You? Martin Poipoi Testimonial

ISACA members weigh in on what Digital Trust means to them. For more information, check out https://www.isaca.org/digital-trust

What does Digital Trust Mean to You? Julie Chatman Testimonial

ISACA members weigh in on what Digital Trust means to them. For more information, check out https://www.isaca.org/digital-trust

What does Digital Trust Mean to You? Tamara Lauterbach Testimonial

ISACA members weigh in on what Digital Trust means to them. For more information, check out https://www.isaca.org/digital-trust

What does Digital Trust Mean to You?

ISACA members weigh in on what Digital Trust means to them. For more information, check out https://www.isaca.org/digital-trust

ISACA Live | State of Digital Trust 2022: What It Means for You and Your Organization

ISACA's Vice President of Content Development and Karen Heslop and Cerby's Chief Trust Officer Matt Chiodi look at the results of ISACA's global research on the state of digital trust and what it means for enterprises worldwide. Learn more at https://isaca.org/digital-trust

ISACA Live | The Dark Future of Privacy

Privacy Mining will increase because of billions of IoT devices being connected every day. Combined with advanced psychologic research, this can be a very powerful tool for manipulating people's behavior. A Fake reality also poses a big threat to our future of privacy. Software, such as Deep Fakes, has the ability to use someone's facial structure and create fake videos featuring digitally created characters with an uncanny resemblance of real people, such as celebrities. This technology is so advanced, that our minds aren't sophisticated enough to comprehend the difference between real and fake data created by it, which leads to the next point. We are entering a trust crisis. Trust is the foundation for innovation and technological advance. If people don't trust autonomous cars - they won't use them; if people don't certain websites - they won't read their news; Without trust, we cannot move forward, which is why we need to raise awareness about the dark future of privacy.

Foco de la industria - Arnulfo Espinosa Dominguez, Parte II

El vicepresidente del Capítulo Monterrey de ISACA y Director de Auditoría y Fraude de TI de uno de los Grupos Financieros más grandes de México, Arnulfo Espinosa Domínguez, se une a Jocelyn Alcantar de ISACA para compartir muchas cosas que ha aprendido durante sus 20 años de experiencia profesional en la industria. Habiéndose dado cuenta del valor de la información a una edad temprana, Arnulfo ha forjado su camino dentro de la comunidad de TI. Es un formador acreditado para múltiples certificaciones, asesor independiente y presidente de varios comités de Ciberseguridad, Riesgo y Auditoría, y es reconocido mundialmente por un apodo que sus compañeros le han dado, "El AudiTHOR". Como voluntario de ISACA desde hace mucho tiempo y orador de conferencias, Arnulfo ha sido premiado en numerosas ocasiones por sus destacados logros. En 2019, se le otorgó el "Premio al Líder de Capítulo Sobresaliente" (Outstanding Chapter Leader Award) de ISACA, en 2020, recibió el "Premio John Kuyers al Mejor Orador" (John Kuyers Award for Best), y recibió el mayor logro, el "Premio Salón de la Fama de ISACA" (ISACA Hall of Fame Award) en 2021.  ¡Únase a la escucha de este episodio mientras Arnulfo ofrece sus mejores consejos y prácticas para convertirse en un orador excepcional, consejos sobre cómo los profesionales emergentes pueden entrar en la industria, y cómo su alter ego, AudiTHOR, alimenta su pasión por la auditoría! Para leer más sobre Arnulfo, visite www.isaca.org/resources/news-and-trends/isaca-now-blog/2020/iamisaca-from-rock-star-to-speak-star Para escuchar más Podcasts de ISACA, visite www.isaca.org/podcasts

Ethical AI Shifting the Conversation Left

Many organizations prioritize goals such as gains and profits, which often require rich data sets, but fail to consider the eventual impact of their data handling methodologies on foundational social justice issues. ISACA's Collin Beder talks to Josh Scarpino about his recently released article Evaluating Ethical Challenges in AI and ML. Josh discusses issues such as ethical behavior, systemic issues and how to create trusted systems. Collin also asks what is the future for humans in regards to AI. Tune in now! To read Evaluating Ethical Challenges in AI and ML, visit: www.isaca.org/evaluating-ethical-challenges-in-ai-and-ml To listen to more ISACA Podcasts, visit: www.isaca.org/podcasts

Why (And How to) Dispose of Digital Data

The stakes are too high for organizations not to comply with data privacy regulations,” Bassel Kablawi states in his article, "Why (and How to) Dispose of Digital Data." As the Information Security and Data Privacy Consultant for System Solutions, Bassel Kablawi has the knowledge and experience to determine that the value of data disposal can help an organization protect personal data from being exposed and why the final step in the Data Lifecycle could be considered the most crucial. Bassel takes us on a deep dive into digital data with ISACA's Safia Kazi on the five stages of data disposal in this ISACA podcast episode. He explains why it is essential to understand that destruction should be performed based on an organization’s retention policy and the five main disposal methods of data, which include date anonymization, data deletion, data crypto shredding (for encrypted data), data degaussing, and data destruction. Tune in to hear Bassel explain why data destruction is critical to developing digital trust with customers and stakeholders and could save an organization’s reputation. To read Bassel's article, please visit: www.isaca.org/resources/news-and-trends/industry-news/2022/why-and-how-to-dispose-of-digital-data To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

ISACA CommunITy - Call to Action

Attention all past and current ISACA chapter leaders: If you or someone you know within the ISACA community has done something awesome to help make the world a better place, I want to share that story. Help us bring attention to what you and others are doing so we can elevate the importance of helping others. To learn more, reach out to mmoritz@isaca.org

Industry Spotlight - Johann Dettweiler, Part II

Link to Part I: https://youtu.be/jWGT03ftV58 In this ISACA podcast episode, we connect with TalaTek Director of Operations Johann Dettweiler to discuss his almost two decades of experience across multiple industry fields, his involvement in FEDRAMP compliance, and why the next generation should focus on adding certifications to their resumes. Johann tells ISACA's Keith Karlsson that it was his work ethic and guidance of a trusted mentor that provided an opportunity in the IT security field. In less than 12 months, he racked up multiple impressive certifications such as CISSP, CCSP, and CEH that rapidly advanced his career and, as he explains it, allows him to be “the person that everyone hates because I tell you what is wrong with your system.” Johann’s strong background in research and his constant quest for knowledge about this evolving industry, he is more than willing to provide listeners with his efficiency hacks to stay productive, motivational career advice, and why the next-generation cyber professionals may have an advantage over him. Tune in now to meet Senior Security Information Security Consultant Johann Dettweiler. To learn more about Johann, visit https://talatek.com/project/johann-dettweiler/ To listen to other ISACA Podcast episodes, visit www.isaca.org/podcast

In Pursuit of Digital Trust – Tamara Lauterbach (Short)

ISACA member Tamara Lauterbach shares her perspective on why focusing on digital trust is a must for companies to succeed in today’s world. Learn more at https://isaca.org/digital-trust

In Pursuit of Digital Trust – Tamara Lauterbach

ISACA member Tamara Lauterbach shares her perspective on why focusing on digital trust is a must for companies to succeed in today’s world. Learn more at https://isaca.org/digital-trust

Industry Spotlight - Johann Dettweiler, Part I

Link to Part II: https://youtu.be/Dhr-VAFid-E In this ISACA podcast episode, we connect with TalaTek Director of Operations Johann Dettweiler to discuss his almost two decades of experience across multiple industry fields, his involvement in FEDRAMP compliance, and why the next generation should focus on adding certifications to their resumes. Johann tells ISACA's Keith Karlsson that it was his work ethic and guidance of a trusted mentor that provided an opportunity in the IT security field. In less than 12 months, he racked up multiple impressive certifications such as CISSP, CCSP, and CEH that rapidly advanced his career and, as he explains it, allows him to be “the person that everyone hates because I tell you what is wrong with your system.” Johann’s strong background in research and his constant quest for knowledge about this evolving industry, he is more than willing to provide listeners with his efficiency hacks to stay productive, motivational career advice, and why the next-generation cyber professionals may have an advantage over him. Tune in now to meet Senior Security Information Security Consultant Johann Dettweiler. To learn more about Johann, visit https://talatek.com/project/johann-dettweiler/ To listen to other ISACA Podcast episodes, visit www.isaca.org/podcast

Achieving Effective Cloud Risk Management

Cloud is ubiquitous now. From small enterprises to large companies, all are moving a part of their technology operations to cloud. Initial reluctance is now nowhere to be seen. There is more confidence among the user for the use of cloud technology. Join ISACA’s Jeff Champion as he talks with Risk and Control Specialist, Upesh Parekh about cloud deployment models, the various risks involved with cloud storage, and what to know when using cloud technology for an organization. Read Achieving Effective Cloud Risk Management at: www.isaca.org/achieving-effective-cloud-risk-management Listen to more ISACA Podcasts at: www.isaca.org/podcasts

Advancing Digital Trust Through Data Privacy

For more information, check out https://www.isaca.org/digital-trust

Industry Spotlight - Dr. Blake Curtis Part II

Link to Part I: https://youtu.be/AE-FykwzviU Author, editor, speaker, and educator, Dr. Blake Curtis is joined by Red Cross’s Senior Internal Auditor Niki Gomes to talk about everything from growing up in a small town to completing his master’s degree in 10 weeks and publishing his 600-page dissertation in this ISACA Industry Spotlight episode. In a meaningful conversation, Blake discusses how surviving a near-death experience transformed and motivated him to expand his understanding of what it means to be a human. He was inspired to supercharge his learning, career journey, and personal growth. Making the decision to become intentional in every interaction and giving 100% of his effort in every initiative, he blazed his path to success. At the 2022 ISACA North America Conference, Blake presented his findings from his ground-breaking and internationally known dissertation, "The Next Generation Cybersecurity Auditor.” His research discovered a technical competency gap in Big Four IT Auditors and SMEs and debunked the 10,000-hour rule and "years of experience" fallacy. His study proved that task-based experience is more objective than time-based experience. Blake is also the author of "How to Complete Your Master's Degree in One Semester," which has assisted over 150 students to complete their master’s degrees in record-setting times. Along his journey, he has earned over 30 IT certifications and gained additional impressive certificates for engineering, advising, managing, and leadership. Blake has an abundance of experience to share with ISACA’s audience. Tune in now to be inspired, uplifted, and enlightened by his techniques, advice, and wisdom that can help boost your career! Below you can find materials and resources that Blake would like to share with our audience. Links: How to regulate a profession pg. 261 and 265 of Creating the Next Generation Cybersecurity Auditor: Examining the Relationship between It Auditors’ Competency, Audit Quality, & Data Breaches - ProQuest Debunking Years of Experience: https://www.linkedin.com/posts/reginaldblakecurtis_science-hiring-experience-activity-6951573321901621248-cygl?utm_source=linkedin_share&utm_medium=member_desktop_web Videos Equitable Hiring YouTube Series link: https://www.youtube.com/watch?v=IsnoCNIA2WU&list=PLfr4LANhCPrCXIc6V_h_k2dyKwPP7wJJa Tools Inoreader: Inoreader - Take back control of your newsfeed Anki Notecards (Spaced Repetition): About - AnkiWeb Notion Books Art of Conversation – Judy Apps Verbal Judo – George Thompson The Science of Self-Learning – Peter Hollins Finish What Your Start – Peter Hollins The Power of Discipline – Daniel Walter

Industry Spotlight - Dr. Blake Curtis, Part I

Link to Part II: https://youtu.be/zlrGdTRP-OA Author, editor, speaker, and educator, Dr. Blake Curtis is joined by Red Cross’s Senior Internal Auditor Niki Gomes to talk about everything from growing up in a small town to completing his master’s degree in 10 weeks and publishing his 600-page dissertation in this ISACA Industry Spotlight episode. In a meaningful conversation, Blake discusses how surviving a near-death experience transformed and motivated him to expand his understanding of what it means to be a human. He was inspired to supercharge his learning, career journey, and personal growth. Making the decision to become intentional in every interaction and giving 100% of his effort in every initiative, he blazed his path to success. At the 2022 ISACA North America Conference, Blake presented his findings from his ground-breaking and internationally known dissertation, "The Next Generation Cybersecurity Auditor.” His research discovered a technical competency gap in Big Four IT Auditors and SMEs and debunked the 10,000-hour rule and "years of experience" fallacy. His study proved that task-based experience is more objective than time-based experience. Blake is also the author of "How to Complete Your Master's Degree in One Semester," which has assisted over 150 students to complete their master’s degrees in record-setting times. Along his journey, he has earned over 30 IT certifications and gained additional impressive certificates for engineering, advising, managing, and leadership. Blake has an abundance of experience to share with ISACA’s audience. Tune in now to be inspired, uplifted, and enlightened by his techniques, advice, and wisdom that can help boost your career! Below you can find materials and resources that Blake would like to share with our audience. Links: How to regulate a profession pg. 261 and 265 of Creating the Next Generation Cybersecurity Auditor: Examining the Relationship between It Auditors’ Competency, Audit Quality, & Data Breaches - ProQuest Debunking Years of Experience: https://www.linkedin.com/posts/reginaldblakecurtis_science-hiring-experience-activity-6951573321901621248-cygl?utm_source=linkedin_share&utm_medium=member_desktop_web Videos Equitable Hiring YouTube Series link: https://www.youtube.com/watch?v=IsnoCNIA2WU&list=PLfr4LANhCPrCXIc6V_h_k2dyKwPP7wJJa Tools Inoreader: Inoreader - Take back control of your newsfeed Anki Notecards (Spaced Repetition): About - AnkiWeb Notion Books Art of Conversation – Judy Apps Verbal Judo – George Thompson The Science of Self-Learning – Peter Hollins Finish What Your Start – Peter Hollins The Power of Discipline – Daniel Walter

Industry Spotlight - Arnulfo Espinosa Dominguez, Part II

Link to Part I: https://youtu.be/yNQvbf9onik Vice President of the ISACA Monterrey Chapter and IT Audit & Fraud Director of one of the largest Financial Groups in México, Arnulfo Espinosa Dominguez, joins ISACA’s Jocelyn Alcantar to share some of the many things he has learned over his 20 years of professional experience in the industry. Having realized the value of information at an early age, Arnulfo has forged his path within the IT community. He is an accredited trainer for multiple certifications, an independent advisor and chairman for various Cybersecurity, Risk, and Audit committees, and is globally recognized by a nickname his peers have given him, "The AudiTHOR.” As a long-time ISACA volunteer and conference speaker, Arnulfo has been awarded on numerous occasions for his outstanding achievements. In 2019, he was given the ISACA “Outstanding Chapter Leader Award,” in 2020, he received the “John Kuyers Award for Best Speaker”, and he received the highest achievement, the “ISACA Hall of Fame Award” in 2021. Tune into this episode as Arnulfo offers his best tips and practices for becoming an exceptional keynote speaker, advice on how the up-and-coming professionals can get into the industry, and how his alter ego, AudiTHOR, fuels his passion for auditing! To read more about Arnulfo, visit www.isaca.org/resources/news-and-trends/isaca-now-blog/2020/iamisaca-from-rock-star-to-speak-star. To listen to more ISACA Podcasts, visit www.isaca.org/podcasts.

Career Coach Advice: How to Launch Your IT Audit Career

Career coach Caitlin McGaw will share her top tips for young professionals and career changes on how to launch a successful career in IT audit--from acing your first interview and landing your first job to career resources to help your career continue to grow and thrive. To learn more, check out https://www.caitlinmcgaw.com/

ISACA CommunITy Day 2022

In this video, Pam Nigro, ISACA Board Chair welcomes members to attend ISACA’s 4th Annual CommunITy Day to be held on Saturday, 1 October 2022. A one-day initiative to foster relationships between members and offer opportunities for networking and leadership. Members along with their friends and family are encouraged to give back to their local or global communities, individually or collectively to make a lasting global impact. For more information, check out https://engage.isaca.org/communityday/about

Industry Spotlight - Arnulfo Espinosa Dominguez, Part I

Link to Part II: https://youtu.be/plxD2frpYk0 Vice President of the ISACA Monterrey Chapter and IT Audit & Fraud Director of one of the largest Financial Groups in México, Arnulfo Espinosa Dominguez, joins ISACA’s Jocelyn Alcantar to share some of the many things he has learned over his 20 years of professional experience in the industry. Having realized the value of information at an early age, Arnulfo has forged his path within the IT community. He is an accredited trainer for multiple certifications, an independent advisor and chairman for various Cybersecurity, Risk, and Audit committees, and is globally recognized by a nickname his peers have given him, "The AudiTHOR.” As a long-time ISACA volunteer and conference speaker, Arnulfo has been awarded on numerous occasions for his outstanding achievements. In 2019, he was given the ISACA “Outstanding Chapter Leader Award,” in 2020, he received the “John Kuyers Award for Best Speaker”, and he received the highest achievement, the “ISACA Hall of Fame Award” in 2021.   Tune into this episode as Arnulfo offers his best tips and practices for becoming an exceptional keynote speaker, advice on how the up-and-coming professionals can get into the industry, and how his alter ego, AudiTHOR, fuels his passion for auditing! To read more about Arnulfo, visit www.isaca.org/resources/news-and-trends/isaca-now-blog/2020/iamisaca-from-rock-star-to-speak-star. To listen to more ISACA Podcasts, visit www.isaca.org/podcasts.

CMMI Tech Talk: How to Properly Identify Strengths

Discover how to identify a gratuitous strength and learn how to write proper strength statements. For more information, check out www.isaca.org/enterprise/cmmi-cybermaturity-platform

Current State of Cybersecurity in K12

ISACAs Director of Professional Practices and Innovation Jon Brand hosts Doug Levin, co-founder and National Director of K12 Security Information eXchange (K12 SIX), a national non-profit dedicated solely to helping schools protect themselves from emerging cybersecurity threats. Levin's work includes development and implementation of the nations initial and subsequent technology plans and well as creation of K-12 Cyber Incident Map, the most comprehensive database of publicly-disclosed K-12 cybersecurity incidents. Throughout this episode they discuss the often unique challenges for the underrepresented sector of U.S. critical infrastructure and current initiatives to bolster K-12 cybersecurity and privacy. For more information, check out https://www.k12six.org/ Be sure to like, comment and subscribe for more ISACA Productions content

ISACA Mentorship Program - Testimonials

In this video, ISACA members share their personal experience with the ISACA Mentorship Program (exclusive to members) which facilitates one-to-one mentorship connections and brings together ISACA members at all stages of their careers, to give or receive professional development support. Mentorship is a two-way opportunity, and we hear perspectives from both mentors and mentees on how the program has allowed them to expand their networks, gain new knowledge and build new skills. For more information, visit: https://mentorship.isaca.org

Industry Spotlight - Todd Fitzgerald

Cybersecurity leader, author, and host of the CISO Stories podcast, Todd Fitzgerald sits down with ISACA’s Chelsey Byrd to discuss his extensive career journey in security, his best-selling book, CISO COMPASS, and how a make-believe FBI club connects directly to his career passions today. As one of ISACA’s top-rated speakers, Todd gives tips and techniques for the best way to prepare for a speaking event, how to engage the audience, and some entertaining moments and behind-the-scenes accounts from conferences! Named the Chicago CISO of the Year and ranked Top 50 IS Executive in 2016 and 2017, Todd offers listeners his best career advice, ways to stay aware of current business trends, and much more. Listen now to this episode of ISACA’s Industry Spotlight. To listen to CISO Stories, visit https://securityweekly.com/category-shows/the-ciso-stories-podcast/ To listen to more ISACA Podcasts, visit www.isaca.org/podcasts

CMMI Tech Talk: How to Handle Common Appraisal Issues

How to handle appraisal issues and understand when to stop an appraisal. For more information, check out www.isaca.org/enterprise/cmmi-cybermaturity-platform

ISACA Engage: Why Engage?

Get involved in your professional community and expand your network through ISACA Engage. Engage offers many opportunities to get involved in ways that align with your time, talent, and interests. To learn more, go to https://engage.isaca.org/home

ISACA Engage: Learn More About ISACA Engage

Get involved in your professional community and expand your network through ISACA Engage. Engage offers many opportunities to get involved in ways that align with your time, talent, and interests. To learn more, go to https://engage.isaca.org/home

Managing Security Across Disparate Database Technologies

We usually think about the most efficient way to do things while working in production environments. Still, often employees forget about an insecure environment once the work has been completed and they have moved on to another project. “We don’t always need to audit things; sometimes you can gauge risk by having a conversation with stakeholders…on how they manage databases,” says Adam Kohnke, Cybersecurity Architect for Charter Next Generation. Adam joins ISACA’s Jon Brandt in this episode to discuss his recently released ISACA Journal article, “Managing Security Across Disparate Database Technologies.” Adam breaks down best practices for User Access Management, Encryption, and Logging. He comments on the best ways to start the conversation about security beyond what management considers vital for IT. Tune in now for the full episode! To read the full article, visit www.isaca.org/managing-security-across-disparate-database-technologies. To listen to more ISACA podcasts, visit: www.isaca.org/podcasts

In Pursuit of Digital Trust – Anthony Ayo

ISACA member Anthony Ayo talks about how people, processes and technology can come together to strengthen digital trust and how those dynamics play out in his role at the local government level. For more information, check out https://isaca.org/digital-trust

In Pursuit of Digital Trust – Anthony Ayo (Short)

ISACA member Anthony Ayo talks about how people, processes and technology can come together to strengthen digital trust and how those dynamics play out in his role at the local government level. For more information, check out https://isaca.org/digital-trust

ISACA Engage: Other Engage Opportunities

Get involved in your professional community and expand your network through ISACA Engage. Engage offers many opportunities to get involved in ways that align with your time, talent, and interests. To learn more, go to https://engage.isaca.org/home

Advancing Digital Trust Through Audit and Assurance

A strong audit and assurance function is critical to achieving digital trust in an organization. This conversation spotlights audit's role in digital trust and outlines key priorities. It also shares new ISACA resources for auditors. For more information, go to https://isaca.org/digital-trust

ISACA Engage: How to Get Involved

Get involved in your professional community and expand your network through ISACA Engage. Engage offers many opportunities to get involved in ways that align with your time, talent, and interests. To learn more, go to https://engage.isaca.org/home

Implementing Emerging Technologies: Agile SDLC Still Works

AI is a part of our everyday life. What's The Risk LLC's Cindy Baxter gives ISACA's Kevin Keh examples of modern media like the movies Free Guy, Ron’s Gone Wrong and The Matrix, and how they relate to AI-related risk factors, and they ask the questions, what is true? what is the data we are looking at? AI is about data accuracy and reputational risk, and Cindy discusses how to manage frameworks, create meaningful check points and intended outcomes six months or 2 years later that are spot on for what an organization intended. Cindy strongly believes that you always get a better outcome with diversity, because people from diverse backgrounds and life experiences create different ways to learn and produce innovative ideas and avoid rework. To read Cindy's full article, visit: www.isaca.org/implementing-emerging-technologies To listen to more ISACA podcasts, visit: www.isaca.org/podcasts

ISACA Engage: What Makes ISACA's Volunteer Program Different?

Get involved in your professional community and expand your network through ISACA Engage. Engage offers many opportunities to get involved in ways that align with your time, talent, and interests. To learn more, go to https://engage.isaca.org/home

ISACA Engage: Benefits of ISACA Engage

Get involved in your professional community and expand your network through ISACA Engage. Engage offers many opportunities to get involved in ways that align with your time, talent, and interests. To learn more, go to https://engage.isaca.org/home

ISACA Engage: ISACA’s Volunteer Board

Get involved in your professional community and expand your network through ISACA Engage. Engage offers many opportunities to get involved in ways that align with your time, talent, and interests. To learn more, go to https://engage.isaca.org/home

ISACA Live | Managing Supply Chain Risk with Richard Hollis

ISACA's risk expert Paul Phillips and Richard Hollis, CEO of Risk Factory and an ISACA Conference Europe speaker, examine top cyber risks impacting the supply chain, steps organizations need to take to manage supply chain risk, and important steps to take in the contract process. For more information, check out https://www.isaca.org/supply-chain-security Be sure to like, comment, and subscribe for more ISACA Productions content.

ISACA Engage: What is ISACA Engage?

Get involved in your professional community and expand your network through ISACA Engage. Engage offers many opportunities to get involved in ways that align with your time, talent, and interests. To learn more, go to https://engage.isaca.org/home

ISACA Engage: ISACA Engage & Volunteerism

Get involved in your professional community and expand your network through ISACA Engage. Engage offers many opportunities to get involved in ways that align with your time, talent, and interests. To learn more, go to https://engage.isaca.org/home

Industry Spotlight - Pam Nigro

On this episode of Industry Spotlight, ISACA's outgoing Board Chair, Greg Touhill, introduces the 2022-23 Board Chair, Pam Nigro. They trade stories from their careers, Pam's thoughts on the future of ISACA, how Game of Thrones relates to Cybersecurity, and Greg shares his favorite moments from his tenure. To read Pam's welcome letter, go to: www.isaca.org/letter-from-the-incoming-board-chair To listen to more ISACA Podcasts, go to: www.isaca.org/podcasts

ICNA - In-Person Buzz with Alex Holden

In-Person Buzz interview with Alex Holden from 2022 ICNA For more information, go to https://www.isaca.org/

ICNA - In-Person Buzz with Rob Clyde

In-Person Buzz interview with Rob Clyde from 2022 ICNA. For more information, go to https://www.isaca.org/

The Impact of People on the Information Technology Landscape

In this episode, ISACA’s Jon Brandt chats with Thomas Lenzenhofer, Business Development Manager at Cisco, about his new ISACA article titled, “The Impact of People on Today’s Information Security Landscape.” With over 20 years of industry experience and named 2016–17 Chicago CISO of the Year, ranked Top 50 IS Executive, Thomas has a wealth of knowledge to share with ISACA listeners. Security of an organization is a serious matter and Thomas gives a vivid scenario from his recent ISACA Journal article about how an attack of a country's health care system could be massively disruptive to daily functions of staff computer systems, possibly causing employees to not receive payroll. Thomas also gives examples of how to properly train staff to avoid an event like this and says that from the top-down security is a business enabler. Tune in now! To read Thomas' ISACA article, visit: www.isaca.org/impact-of-people-on-information-security-landscape To listen to more ISACA podcasts, visit: www.isaca.org/podcasts

CMMI Tech Talk: Quality Audits

A review of the quality audit process from what triggers an audit, what an audit entails, and what are the possible results of the audit. For additional information, check the links below: https://cmmiinstitute.com/resource-files/public/quality/quality/cmmi%C2%A9-appraisal-%E2%80%93-sponsor-role-and-responsibilitie https://cmmiinstitute.com/resource-files/public/quality/quality/cmmi%c2%a9-appraisal-%e2%80%93-sponsor-role-and-responsibilitie https://cmmiinstitute.com/resource-files/public/quality/quality/quality-remedial-and-corrective-actions-policy https://cmmiinstitute.com/resource-library/public/quality/policies/cmmi-quality-audit-policy https://cmmiinstitute.com/partners/policies https://cmmiinstitute.com/resource-files/public/quality/quality/policies/code-of-professional-conduct

GRC for Intelligent Ecosystems (GRCIE): An Innovative Approach to Workforce Enablement Part II

In part 2, executive Director for GRC for Intelligent Ecosystem (GRCIE) Jenai Marinkovic joins ISACA Director of Professional Practices and Innovation Jon Brandt to address key findings in ISACA's 2022 State of Cybersecurity report and talk about GRCIE program.

GRC for Intelligent Ecosystems (GRCIE): An Innovative Approach to Workforce Enablement Part I

Executive Director for GRC for Intelligent Ecosystem (GRCIE) Jenai Marinkovic joins ISACA Director of Professional Practices and Innovation Jon Brandt to address key findings in ISACA's 2022 State of Cybersecurity report and talk about GRCIE program.

Smarter Testing = Safer Digital Experiences

Application testing is a critical component of a software development lifecycle. A complete testing battery for any application includes not only functionality and usability testing but security and reliability testing as well. However, helping ensure that security testing in particular produces results that focus on actionable items – with accurate relative priorities – has been a persistent challenge. Are actionable items from testing actually going to move the needle in terms of product quality and resilience – especially in how they manage evolving threats? While the “OWASP Top 10” and “CWE/SANS Top 25” are still important, they represent merely a reasonable beginning to a security testing strategy. How do you go beyond those lists and become truly more “adversary-aware” in testing? In addition, how do you make sure that these testing efforts genuinely help your development teams “shift left” in their thinking and implementation of better security controls in your applications? These are challenges Adobe set out to solve by not just making our testing efforts more extensive or frequent – but smarter, and with as tight of alignment as possible to the software development lifecycle and even closer in modeling real-world adversary threats. We invite you to join Shannon Lietz, VP, Adobe Security, as she speaks with ISACA's IT Audit Professional Practices Principal, Robin Lyons for a discussion of these issues and others that we must address as an industry to make us genuinely more “DevSecOps”-minded in our approach to application security testing. Robin and Shannon will discuss Adobe’s overall strategy around our application testing efforts and how smarter testing is fundamental to achieving a true “shift left” approach around application security. They will also talk about how this effort is really going to help us deliver the safer digital experiences users are demanding. For more information go to https://trust.adobe.com Be sure to like, comment, and subscribe for more ISACA Productions content.

Learn about the Value of Becoming an ISACA Accredited Training Organization

We invite you to view this short video to learn more about the ISACA Accredited Training Partner Program and how it can help IT Training organizations differentiate themselves by delivering ISACA’s globally recognized Credentials and Training. For more information, check out https://www.isaca.org/en/enterprise/partner-with-isaca

ISACA State of Privacy 2022

Join Safia Kazi, Privacy Professional Practices Associate at ISACA, as she breaks down the key findings, stats and figures from the latest ISACA State of Privacy 2022 report. With over 27,000 participants, the recent study reveals exciting discoveries and shocking truths regarding the current state of the industry, the differences in funding and staffing between technical privacy teams and legal/compliance privacy teams and so much more. For more information, be sure to check out https://store.isaca.org/s/community-event?id=a334w000004cmroAAA

Cybersecurity at ISACA

Our ever-changing world relies on the power of professionals like you to defend against potential cybersecurity threats. ISACA has the training, credentialing, networking, resources and so much more that prepare you for what tomorrow brings. Learn more at isaca.org/resources/cybersecurity

Building Early Career Momentum with ISACA

Young professionals accelerate their career growth and expand their networks by getting involved with ISACA early in their careers. www.isaca.org/young-professionals

What Can ISACA Certifications Do for You? Hear from Certification Holders

ISACA certification holders share how ISACA certifications gave them credibility and recognition in their careers. http://bit.ly/2P3Xz2i Bruno, CISA, CRISC, CGEIT shares what motivated him to get certified. Hear how, no matter how his career focus changed, he was able to benefit from ISACA certifications, prove his commitment to high standards of professionalism and be successful across multiple aspects such as IS/IT audit, security, risk and governance. Learn more about ISACA certifications: http://bit.ly/2P3Xz2i

IS/IT Certifications Validate Credibility and Commitment to Learning

ISACA certification holders share their experience, citing significant improvements in engagement and performance in themselves as well as their mentees and staff. http://bit.ly/2P3Xz2i Hear from a Certified Information Systems Auditor® (CISA®) certification holder on how CISA brings built-in brand recognition, validates his expertise, and helps him be nimble in an ever-evolving technology landscape. Since CISA’s inception in 1978, ISACA now has 151,000+ CISA holders worldwide. CISA is a building block for your career success, no matter which aspect of IS/IT you are focused on. Learn more about ISACA certifications: http://bit.ly/2P3Xz2i

Why Volunteer as an ISACA Chapter Leader?

Learn from those who have benefitted from serving on an ISACA chapter board. To learn more, check out https://www.isaca.org/

ISACA CommunITy Day 2021

Join is on Saturday, 2 October 2021 for the 3rd Annual ISACA CommunITy Day! For more information, visit https://engage.isaca.org/communityday

Data Resilience

Ensuring That Your Organization Is Data Resilient Part I--Data is something we constantly interact with. What happens when an adverse event occurs, thus compromising your organization? Guy Pearce is the Chief Data Officer and Chief Digital Officer at Convergence Tech. Guy sits down with ISACA's Kevin Keh to dig into everything you'll want to know to keep your organization's data safe. Listen is as Guy defines data resilience, understanding what the 4 aspects of the data operating model are and how to utilize them, and the importance of data governance. Kevin and Guy will also cover the resilience attributes—availability, usability, robustness interoperability and performance—as well as the need for enterprise risk officers to assure they actually perform data risk assessments. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-3/data-resilience-is-data-risk-management for more information!

Two Perspectives On Data Resilience: Data Operating Model And Data Capabilities

Ensuring That Your Organization Is Data Resilient Part II--Data is something we constantly interact with. What happens when an adverse event occurs, thus compromising your organization? Guy Pearce is the Chief Data Officer and Chief Digital Officer at Convergence Tech. Guy sits down with ISACA's Kevin Keh to dig into everything you'll want to know to keep your organization's data safe. Listen is as Guy defines data resilience, understanding what the 4 aspects of the data operating model are and how to utilize them, and the importance of data governance. Kevin and Guy will also cover the resilience attributes—availability, usability, robustness interoperability and performance—as well as the need for enterprise risk officers to assure they actually perform data risk assessments. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-3/data-resilience-is-data-risk-management for more information!

Key Constructs Of A Resilient System

Ensuring That Your Organization Is Data Resilient Part III--Data is something we constantly interact with. What happens when an adverse event occurs, thus compromising your organization? Guy Pearce is the Chief Data Officer and Chief Digital Officer at Convergence Tech. Guy sits down with ISACA's Kevin Keh to dig into everything you'll want to know to keep your organization's data safe. Listen is as Guy defines data resilience, understanding what the 4 aspects of the data operating model are and how to utilize them, and the importance of data governance. Kevin and Guy will also cover the resilience attributes —availability, usability, robustness interoperability and performance— as well as the need for enterprise risk officers to assure they actually perform data risk assessments. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-3/data-resilience-is-data-risk-management for more information!

Data Capability Failures

Ensuring That Your Organization Is Data Resilient Part IV--Data is something we constantly interact with. What happens when an adverse event occurs, thus compromising your organization? Guy Pearce is the Chief Data Officer and Chief Digital Officer at Convergence Tech. Guy sits down with ISACA's Kevin Keh to dig into everything you'll want to know to keep your organization's data safe. Listen is as Guy defines data resilience, understanding what the 4 aspects of the data operating model are and how to utilize them, and the importance of data governance. Kevin and Guy will also cover the resilience attributes—availability, usability, robustness interoperability and performance—as well as the need for enterprise risk officers to assure they actually perform data risk assessments. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-3/data-resilience-is-data-risk-management for more information!

Attributes of Data Resilience

Ensuring That Your Organization Is Data Resilient Part V--Data is something we constantly interact with. What happens when an adverse event occurs, thus compromising your organization? Guy Pearce is the Chief Data Officer and Chief Digital Officer at Convergence Tech. Guy sits down with ISACA's Kevin Keh to dig into everything you'll want to know to keep your organization's data safe. Listen is as Guy defines data resilience, understanding what the 4 aspects of the data operating model are and how to utilize them, and the importance of data governance. Kevin and Guy will also cover the resilience attributes—availability, usability, robustness interoperability and performance—as well as the need for enterprise risk officers to assure they actually perform data risk assessments. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-3/data-resilience-is-data-risk-management for more information!

Considering The Various Types Of Data Risks

Ensuring That Your Organization Is Data Resilient Part VII--Data is something we constantly interact with. What happens when an adverse event occurs, thus compromising your organization? Guy Pearce is the Chief Data Officer and Chief Digital Officer at Convergence Tech. Guy sits down with ISACA's Kevin Keh to dig into everything you'll want to know to keep your organization's data safe. Listen is as Guy defines data resilience, understanding what the 4 aspects of the data operating model are and how to utilize them, and the importance of data governance. Kevin and Guy will also cover the resilience attributes—availability, usability, robustness interoperability and performance—as well as the need for enterprise risk officers to assure they actually perform data risk assessments. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-3/data-resilience-is-data-risk-management for more information!

Benefits Of Data Resilience

Ensuring That Your Organization Is Data Resilient Part VIII--Data is something we constantly interact with. What happens when an adverse event occurs, thus compromising your organization? Guy Pearce is the Chief Data Officer and Chief Digital Officer at Convergence Tech. Guy sits down with ISACA's Kevin Keh to dig into everything you'll want to know to keep your organization's data safe. Listen is as Guy defines data resilience, understanding what the 4 aspects of the data operating model are and how to utilize them, and the importance of data governance. Kevin and Guy will also cover the resilience attributes—availability, usability, robustness interoperability and performance—as well as the need for enterprise risk officers to assure they actually perform data risk assessments. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-3/data-resilience-is-data-risk-management for more information!

Ensuring Your Organization Is Data Resilient

Ensuring That Your Organization Is Data Resilient Part VI--Data is something we constantly interact with. What happens when an adverse event occurs, thus compromising your organization? Guy Pearce is the Chief Data Officer and Chief Digital Officer at Convergence Tech. Guy sits down with ISACA's Kevin Keh to dig into everything you'll want to know to keep your organization's data safe. Listen is as Guy defines data resilience, understanding what the 4 aspects of the data operating model are and how to utilize them, and the importance of data governance. Kevin and Guy will also cover the resilience attributes—availability, usability, robustness interoperability and performance—as well as the need for enterprise risk officers to assure they actually perform data risk assessments. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-3/data-resilience-is-data-risk-management for more information!

Data Risk Assessments And The Journey Of Data Resilience

Ensuring That Your Organization Is Data Resilient Part IX--Data is something we constantly interact with. What happens when an adverse event occurs, thus compromising your organization? Guy Pearce is the Chief Data Officer and Chief Digital Officer at Convergence Tech. Guy sits down with ISACA's Kevin Keh to dig into everything you'll want to know to keep your organization's data safe. Listen is as Guy defines data resilience, understanding what the 4 aspects of the data operating model are and how to utilize them, and the importance of data governance. Kevin and Guy will also cover the resilience attributes—availability, usability, robustness interoperability and performance—as well as the need for enterprise risk officers to assure they actually perform data risk assessments. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-3/data-resilience-is-data-risk-management for more information!

Digital Body Language

What is digital body language, and why does it matter? Join ISACA's Director of Global Volunteer Engagement, Megan Moritz, as she speaks with Erica Dhawan, author of Digital Body Language: How to Build Trust and Connection, No Matter the Distance. Megan and Erica discuss our modern digital environments and how we can prioritize thoughtfulness over hastiness, building trust from behind a computer screen, and how collective conversations are now possible in the digital world. Book: Digital Body Language: How to Build Trust and Connection No Matter the Distance: https://us.macmillan.com/books/9781250246523

Epic Fails of the Cybersecurity Industry

The cyber security industry was founded to protect businesses from getting breached. Simple. Yet, since the first computer virus was reported more than three decades ago – breaches have increased exponentially year after year, after year. In the last year alone just over eight and a half billion records were reported as breached. At ISACA Oceania Conference 2021, Richard Hollis, Director of Risk Crew, spoke on “Epic Fails of the Cybersecurity Industry” and started a controversial conversation. Mr. Hollis believes and clearly showcases his feeling that the industry has failed with its core objective – miserably. Could it be that the cyber security industry is, in fact, NOT designed to stop breaches? Check out this video as Mr. Hollis breaks down the statistics that are everywhere and overwhelming. For More Information, Don't Forget to Check Out - https://www.isaca.org/training-and-events/conferences

ISACA'S CET - Cloud Certificate

By successfully passing the Cloud Fundamentals exam, you’ll obtain the certificate that affirms your understanding of basic cloud computing principles, concepts and more. The knowledge and performance-affirming CET Cloud Fundamentals Certificate validates your know-how and practical skills in cloud governance and service supporters and your ability to use open-source cloud technologies. Like the other modules of ISACA’s CET, Cloud Fundamentals helps you hone and prove expertise, and moves you farther down the road to obtaining your CET Certification. For more information, visit: https://www.isaca.org/credentialing/cet/cloud-fundamentals-certificate

In Pursuit of Digital Trust – Shea Nangle

ISACA member Shea Nangle shares his perspective on what he calls “the implicit struggle between profit and what is done with consumer data,” and how that factors into creating digital trust. For more information, check out https://isaca.org/digital-trust

In Pursuit of Digital Trust – Shea Nangle (Short)

ISACA member Shea Nangle shares his perspective on what he calls “the implicit struggle between profit and what is done with consumer data,” and how that factors into creating digital trust. For more information, check out https://isaca.org/digital-trust

Cyber Decisions Only Executives Can Make

One of ISACA’s most popular Journal columnists joins us to discuss his most recent release, “Cyber Decisions Only Executives Can Make.” Steven Ross chats with ISACA’s Safia Kazi about cyber recovery plans that organizations have in place and that only when an attack disrupts normal business operations do those organizations realize they should have prepared and planned for operation continuity without the system and data they rely on. As Executive Principal for Risk Master International and fifty plus years of industry experience, Steven shares his insights into cyber recovery plans, categorizing cyberattacks, paying ransom to cyber criminals, and offers his advice on what organizations should do if they find themselves in the middle of a critical cyber decision. To read the full ISACA Journal article, click here: https://www.isaca.org/resources/isaca-journal/issues/2022/volume-4/cyber-decisions-only-executives-can-make Be sure to like, comment, and subscribe for more ISACA Productions content.

Elevate Organizational Performance with CMMI

CMMI’s performance improvement model has helped thousands of globally recognized companies over the last 30+ years. Watch how CMMI can help organizations quickly understand their current level of capability and performance and offer a guide to optimize business results.

Breaking Down the ESET T1 2022 Threat Report

ESET, a global leader in cybersecurity, has released its T1 2022 Threat Report, which summarizes the most notable trends that shaped the threat landscape from January to April 2022. Join ISACA’s Research Advisor, Brian Fletcher, as he breaks down the ESET T1 2022 Threat Report with Chief Security Evangelist for ESET, Tony Anscombe. For more information, check out ESET’s award-winning blog: WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research. Be sure to like, comment, and subscribe for more ISACA Productions content.

SheLeadsTech Keynote: Power of Authenticity in the Workplace

There is a human side to technology. Professionals at all levels have struggles, personal priorities, goals and obligations. Many have expertise, knowledge, gifts, and talents that are deactivated, underutilized, untapped, or unknown in the workplace, yet very valuable. This session will discuss the power of authenticity in the workplace and why leadership should intentionally embrace multipotentiality. ISACA member, Executive Coach, and Empowerment Speaker, Belinda Enoma discusses the struggles people face in their careers in their quest for elevation and empowers the audience to value their brilliance and fearlessly pursue their goals. For more information, check out https://oneintech.org/

ISACA Foundation: A Re-Introduction & Masterclass: Women in Tech, Authentic Allyship and Intentional Leadership

Ginger Spitzer shares the new strategic direction of the foundation. Later, ISACA Member, Cybersecurity Leader, and Empowerment Speaker Belinda Enoma converses with Hollee Mangrum-Willis. This discussion focuses on the issues women face in the industry and strategies for purposeful and impactful improvement/change.

Real-World Data Resilience

Join ISACA's Lisa Villanueva as she talks with Guy Pearce about his recently released ISACA Journal article "Real-World Data Resilience". Guy has a deep knowledge of the movement of data and says "it’s about change and nothing is stable." Lisa asks Guy about AI model implications, Data Drift and cloud adoption. If you want to dive deeper, you can read the entire journal article and learn about data and resilience in its modern context at: https://www.isaca.org/resources/isaca-journal/issues/2022/volume-3/real-world-data-resilience-demands-an-integrated-approach-to-ai-data-governance-and-the-cloud To listen to more ISACA podcasts, visit: www.isaca.org/podcasts Be sure to like, comment, and subscribe for more ISACA Productions content.

Where Privacy Meets Security

Jo Stewart-Rattray, the Director of Technology & Security Assurance for BRM Advisory, believes privacy is a team sport. Every organization needs to be responsible for asking, “what data is being collected,” “where is the information held,” “what purpose is the information being collected for,” and “how is the information being protected.” Jo chats with ISACA's Safia Kazi about why it is essential that security and privacy teams collaborate when it comes to collecting data. She expands on why the central role of a CISO needs to be educating and communicating this team approach to organizations. Jo says that the issue of data privacy will only continue to grow as the digital economy grows and why privacy and security professionals play a critical role in ensuring that enterprises adhere to privacy laws and regulations that protect their customers’ personal data. To read Jo's full article, follow this link www.isaca.org/where-privacy-meets-security Be sure to like, comment, and subscribe for more ISACA Productions content.

Learn More About ISACA Chapters

ISACA chapters foster a sense of community at the local level. Contact the chapter in your area (www.isaca.org/chapters), or send an email to chapters@isaca.org to learn how you can get involved.

ISACA Chapters: How to Join an ISACA Chapter

ISACA chapters foster a sense of community at the local level. Contact the chapter in your area (www.isaca.org/chapters), or send an email to chapters@isaca.org to learn how you can get involved.

How To Build A Following Around Your Ideas

In this talk based on her book Stand Out: How to Find Your Breakthrough Idea and Build a Following Around It, Dorie Clark explains how to build a following around your ideas. Join Megan Moritz and Dorie Clark as they discuss advancing your business or your cause and inspiring others to listen and take action. Be sure to like, comment, and subscribe for more ISACA Productions content.

ISACA Chapters: Get Involved with an ISACA Chapter

ISACA chapters foster a sense of community at the local level. Contact the chapter in your area (www.isaca.org/chapters), or send an email to chapters@isaca.org to learn how you can get involved.

North America Conference 2022 - Wrap Up

For more information, check out https://www.isaca.org/en/training-and-events/conferences

North America Conference 2022 - Wrap Up

For more information, check out https://www.isaca.org/en/training-and-events/conferences

ISACA Chapters: Benefits of Joining an ISACA Chapter

ISACA chapters foster a sense of community at the local level. Contact the chapter in your area (www.isaca.org/chapters), or send an email to chapters@isaca.org to learn how you can get involved.

Study Your Social Media Environment

How Do Organizations Control Their Use of Social Media Part IV - What are the main risks that most enterprises need to consider when it comes to social media? If you don’t know, you and your organization are in danger of serious reputational risk! Watch as ISACA’s IT Governance Job Practice Lead, Lisa Villanueva discusses the risks of social media with Robert Findlay, Global Head of IT Audit at Glanbia. Social media is one of the easiest platforms to hack and it isn’t just from external threat actors. Oftentimes, the hack is coming from inside the organization from current and recently released employees. And remember, it doesn’t matter who hacks into your social platform, it is your enterprise that gets the blame and negative press. Robert and Lisa also discuss the current state of security on social media platforms and how organizations can benefit by bringing in auditors to show how to control the management of social media and avoid these pitfalls. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-4/how-do-organizations-control-their-use-of-social-media-part-1 for more information!

Privacy and Social Media

How Do Organizations Control Their Use of Social Media Part V - What are the main risks that most enterprises need to consider when it comes to social media? If you don’t know, you and your organization are in danger of serious reputational risk! Watch as ISACA’s IT Governance Job Practice Lead, Lisa Villanueva discusses the risks of social media with Robert Findlay, Global Head of IT Audit at Glanbia. Social media is one of the easiest platforms to hack and it isn’t just from external threat actors. Oftentimes, the hack is coming from inside the organization from current and recently released employees. And remember, it doesn’t matter who hacks into your social platform, it is your enterprise that gets the blame and negative press. Robert and Lisa also discuss the current state of security on social media platforms and how organizations can benefit by bringing in auditors to show how to control the management of social media and avoid these pitfalls. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-4/how-do-organizations-control-their-use-of-social-media-part-1 for more information!

Cybersecurity Certification and Mitigating Risk

How Do Organizations Control Their Use of Social Media Part VII - What are the main risks that most enterprises need to consider when it comes to social media? If you don’t know, you and your organization are in danger of serious reputational risk! Watch as ISACA’s IT Governance Job Practice Lead, Lisa Villanueva discusses the risks of social media with Robert Findlay, Global Head of IT Audit at Glanbia. Social media is one of the easiest platforms to hack and it isn’t just from external threat actors. Oftentimes, the hack is coming from inside the organization from current and recently released employees. And remember, it doesn’t matter who hacks into your social platform, it is your enterprise that gets the blame and negative press. Robert and Lisa also discuss the current state of security on social media platforms and how organizations can benefit by bringing in auditors to show how to control the management of social media and avoid these pitfalls. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-4/how-do-organizations-control-their-use-of-social-media-part-1 for more information!

ISACA Chapters: Chapter Awards

ISACA chapters foster a sense of community at the local level. Contact the chapter in your area (www.isaca.org/chapters), or send an email to chapters@isaca.org to learn how you can get involved.

ISACA Chapters: ISACA Chapters Go Virtual

ISACA chapters foster a sense of community at the local level. Contact the chapter in your area (www.isaca.org/chapters), or send an email to chapters@isaca.org to learn how you can get involved.

ISACA Chapters: The History of ISACA Chapters

ISACA chapters foster a sense of community at the local level. Contact the chapter in your area (www.isaca.org/chapters), or send an email to chapters@isaca.org to learn how you can get involved.

Industry Spotlight: Jan Anisimowicz

Jan Anisimowicz is an experienced senior IT manager with over 23 years of experience in GRC, data analysis, broad business, and technical perspective in telco, banking, pharma, and insurance. As the COO and EVP at C&F, he is consistently solving business problems by leveraging his all-around experience in creating and developing IT products and IT service offerings for businesses. In this ISACA Industry Spotlight episode, Jan Anisimowicz chats with ISACA's Megan Moritz on what he believes the most pressing current business continuity issue is in this always-changing industry. With the recent pandemic, Jan also discusses his active participation in the digital transformation technology for vaccine manufacturers, the key component to the development and delivery of the vaccine. He also explains why he wants to travel to Mars, how some friends convinced him to run 9 marathons, and his dream to build a 14th-century-style restaurant with archival computers and gaming devices! To learn more about Jan, visit: linkedin.com/in/anisimowicz Be sure to like, comment, and subscribe for more ISACA Productions content.

How to Get Started with CMMI

How to properly get started with CMMI adoption and how to choose a reputable consultant to help your organization on its performance improvement journey. https://www.isaca.org/enterprise/cmmi-performance-solutions

ISACA Chapters - What is an ISACA Chapter?

ISACA chapters foster a sense of community at the local level. Contact the chapter in your area (www.isaca.org/chapters), or send an email to chapters@isaca.org to learn how you can get involved.

In Pursuit of Digital Trust – Julie Chatman

ISACA member Julie Chatman describes her eventful career journey, her passions outside of work and why digital trust matters to her both professionally and personally. For more information, check out https://isaca.org/digital-trust

In Pursuit of Digital Trust – Julie Chatman (Short)

ISACA member Julie Chatman describes her eventful career journey, her passions outside of work and why digital trust matters to her both professionally and personally. For more information, check out http://isaca.org/digital-trust

Climate Resiliency and Regulation

Climate resiliency and green innovations are of worldwide interest today, but what is the best way to use skills and expertise that will make a difference?  Cindy Baxter from What's the Risk, LLC talks with Frank O'Brian, leader of the East Boston Climate Coalition to hear about the Coalition's approach, the challenges they've faced, and what they do to overcome obstacles.  This discussion takes us into everyone's backyard to understand how IS audit and risk professionals can contribute to climate resiliency in an impactful way. Please join us to imagine the role you can play in environmental resiliency and justice! To read Cindy's full ISACA Journal article - follow this link - www.isaca.org/resilience-and-regulation Be sure to like, comment, and subscribe for more ISACA Productions content!

Mark Thomas: Benefits of Enterprise Team Training

Mark Thomas, founder of Escoute Consulting, provides his perspectives on the benefits and positive outcomes of ISACA Team Training for students, teams, and team leaders, why it is worth the investment, and the ROI for organizations. Watch as Mark Thomas addresses these quick questions about ISACA Team Training. For more information, check out isaca.org/enterprise/enterprise-training

Cybersecurity In A Covid-19 World: Insights On How Decisions Are Made

In the early days of the Covid-19 pandemic, all organizations pivoted to remote work. Now that we are years into working remotely, University of West Florida's Jerry Burch asks if the choices we made in 2020 are still the best ones. He explains to ISACA's Brian Fletcher what the concept of "satisficing" is and why we might want to explore other options before picking a solution for employees’ remote work. While we have all adjusted to the shift that came in March 2020, Jerry argues that it could happen again and now is the time to consider all options for your cybersecurity team. He also discusses Rational choice theory as it relates to cybersecurity and fighting cybercrime. Tune in now! To read Cybersecurity In A Covid-19 World: Insights On How Decisions Are Made, Please visit: www.isaca.org/cybersecurity-in-a-covid-world To listen to more ISACA Podcasts, please visit: isaca.org/podcasts

Industry Spotlight: Caitlin McGaw

Caitlin McGaw answered an ad in the newspaper in 1997 for a position with an Executive Search Firm and she was instantly hooked. She tells ISACA's Hollee Mangrum-Willis that for the past 25 years, she has been passionate about the idea of corporate match-making in the IT Audit space. Hollee asks Caitlin about process improvement within the ISACA community and the examples of candidates using transferable skills to pivot to different positions within the industry. Caitlin discusses the growth mindset and coachability of a candidate during the hiring process and how that translates to performance on the job. Caitlin also explains why she thinks more candidates should pursue careers in IT Audit. To learn more about Caitlin, visit: www.linkedin.com/in/caitlinmcgaw and www.caitlinmcgaw.com To listen to more ISACA podcasts, visit: isaca.org/podcasts

Industry Spotlight: Ed McCabe

One of Ed McCabe's first childhood memories was taking apart his grandparent's heirloom grandfather clock to find out why it wasn't working. His grandparents were not happy to find it in pieces, but he did get it working again and says that experience was the beginning of a life-long interest in IT, beginning his quest to always ask "why, how and what is technology supposed to do and what is it not, supposed to do?". ISACA's Angie Coleman talks to Ed about his career in the US Navy, private sector and founding his own company The Rubicon Advisory Group. Ed discusses how his organization has supported clients through the most challenging moments during the pandemic, how he learned to find balance for his life while sustaining his passion for education and technology, and what his advice is to ISACA members when preparing for a certification test. For more information on Ed, visit: www.therubiconadvisorygroup.com To listen to more ISACA Podcasts, visit: www.isaca.org/podcasts Be sure to like, comment, and subscribe for more ISACA Productions content!

Cyber (Business) Recovery

"The thing that you plan for is not the thing that is going to happen" says Risk Masters' Executive Principal Steven Ross. Steven talks to ISACA's Safia Kazi about how to prepare for a cybersecurity Event and how to recover. Steven discusses the types of attacks to watch out for, Business Continuity Planning and how to recover from a cybersecurity event. Listen in as Steven shares some ways you can use your imagination to prepare for "the thing that is going to happen". To read Steven's full article, visit: https://www.isaca.org/resources/isaca-journal/issues/2022/volume-3/cyber-business-recovery To listen to more ISACA Podcasts, visit: https://www.isaca.org/podcasts

Enterprise Direct Series

ISACA is globally known for professional IT credentials. But did you know we help enterprises train IT teams for the changing technology landscape? Make your teams work better and smarter. For more information check out isaca.org/enterprise-training

What is MDDAP?

In highly regulated industries like health care, it is imperative to meet compliance standards. ISACA, in collaboration Medical Device Innovation Consortium, the Food & Drug Administration, and industry stakeholders have developed the Case for Quality Voluntary Improvement Program, or VIP, to help shift the mindset of medical device manufacturers beyond compliance and towards continuous improvement. VIP leverages ISACA's Medical Device Discovery Appraisal Program, or MDDAP, which is a tailored version of the CMMI Maturity Model Framework and appraisal methodology for the medical device industry. For more information, check out https://www.isaca.org/enterprise/medical-device-discovery-appraisal-program

Industry Spotlight – Niki Gomes

Everyone starts somewhere and for Niki Gomes, it was at the front desk of a hotel where she worked her way up to hospitality management, before pivoting to accounting and finally to the American Red Cross, where she is currently Senior Internal Auditor. Niki tells ISACA's Melissa Swartz about her passion for people, technology and how the pandemic changed her work life to better connect with her family. Dive deep into this Industry Spotlight episode as Niki discusses why young Black and Latina women are under-represented in the industry and her plan to remedy that divide, mentoring and what her advice is for the next generation. Tune in now to hear all of Niki's inspiring story! For more information, check out out https://www.redcross.org/ Be sure to like, comment, and subscribe for more ISACA Production content.

Managing Data Privacy Risks and Compliance with a Distributed Workforce

Data now includes, consumer's social media, news, view and even browser searches. From 2010-2020, the amount of data created, captured, and copied in the world increased from 1.2 trillion GB to 59 trillion GB and the amount created in the next 5 years is projected to double. With that massive amount of data being collected, there is a growing sense of distrust with consumers when it comes to privacy. RGP's Janis Parthun and Lynn Rohland join ISACA's Safia Kazi for a discussion about data privacy. Janis and Lynn discuss trends from their clients, challenges that AI is introducing and the effect that the pandemic has had on the industry. Visit ISACA.org/podcasts for more ISACA Podcasts! Be sure to like, comment, and subscribe for more ISACA content! To find out more about RGP, visit https://rgp.com/

CMMC and CUI: Rocket Fuel

"Cybersecurity is only as good as an organization's weakest link" - Ali Pabrai Join ISACA's Senior Manager, CMMI Professional Practice, Kileen Harrison as she talks with ecfirst's Chief Executive Officer, Ali Pabrai about his recently released articles, “What Cyberprofessionals Should Know About CUI”, and “US DoD Launches Comprehensive CMMC 2.0 Cybersecurity Framework”. Ali explains the three levels of CCMC 2.0 and goes further in depth on CUI classification. By the end of this episode, you'll have all the CMMC and CUI "Rocket Fuel" that you need to understand this latest certification. To read Ali's full articles - https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2022/volume-8/what-cyberprofessionals-should-know-about-cui https://www.isaca.org/resources/news-and-trends/industry-news/2022/us-dod-launches-comprehensive-cmmc-2-cybersecurity-framework Be sure to like, comment, and subscribe for more ISACA content.

A Security Awareness Program for PCI-DSS Compliance

People are considered the weakest link in any organization’s cybersecurity defenses. Hence, in most cases, the primary targets of cyber-attackers are the employees of the organization. In addition, people are easier to compromise and exploit unlike finding a single software to breach an organization or enterprise business. While a lot of efforts go into improving the existing security infrastructure, ignorance of human resources would leave a significant gap in the defense strategy. Join ISACA’s Research Advisor, Brian Fletcher, as he is joined by Dr. Yasmin Razack, author of “A Security Awareness Program for PCI DSS Compliance: Implementation and Legal and Ethical Issues to Be Considered”. In this episode, they will be addressing the challenges in implementing a security awareness program to fill this gap and the legal/ethical issues that needs to be considered during implementation. As per the Payment Card Industry – Data Security Standard (PCI-DSS) requirement 12.6, a Security Awareness Program is mandatory to be held at least once a year and for new hires. However, it is not an easy task and cannot be a one-time activity. But if implemented effectively, awareness programs can be the human firewall of the organization. It will make the organization compliant to regulations like PCI-DSS thereby protecting it from fines due to non-compliance, defamation, costs of data breaches and will help improve customer trust and loyalty. To read Dr. Razack’s full article click here - www.isaca.org/pci-dss-compliance Be sure to like, comment, and subscribe for more ISACA Production content!

Industry Spotlight - Jo Stewart-Rattray

Making a difference within the cyber industry is of paramount importance to Jo Stewart-Rattray. She is incredibly passionate about encouraging, teaching, and mentoring more women into tech and security fields. In this episode of Industry Spotlight, Robyn Franko, Manager of Event Operations and Services at ISACA, chats with Jo about her background and career path, hobbies, and some interesting challenges the industry faces. Jo has over 25 years of experience in the IT field, some of which were spent as CIO in the Utilities and as Group CIO in the Tourism space, and with significant experience in the Information Security arena, including as CISO in the healthcare sector. She underpins her information technology and security background with her qualifications in education and management. She specializes in consulting in risk and technology issues with a particular emphasis on governance and security in both the commercial and operational areas of businesses. Jo provides strategic advice to organizations across a number of industry sectors, including banking and finance, utilities, manufacturing, tertiary education, retail, healthcare, and government. She has chaired several of ISACA’s international committees, including the Board Audit & Risk Committee, Leadership Development, and Professional Influence & Advocacy. She served as an Elected Director on ISACA’s International Board of Directors for seven years and was the founder of its global women’s leadership initiative, SheLeadsTech. Because of her involvement with ISACA and the SheLeadsTech program and her rural background Jo was selected from a large number of candidates to be one of only two non-government delegates and was invited to join the official Australian Government delegation to the 62nd Session of the United Nations Commission on the Status of Women (CSW62) held in New York in March 2018. She returned to the UN in 2019 and again spoke at two UN events this year. She has spoken on Capitol Hill during a Day of Advocacy designed to bring tech leaders together in one place to discuss issues related to women in technology and then to meet with congressional representatives and Senator’s offices. Be sure to like, comment, and subscribe for more ISACA Content. For more information check out - www.isaca.org/podcasts

CMMI Tech Talk: The Performance Report

For more information, check out - https://www.isaca.org/enterprise/cmmi-cybermaturity-platform?gclid=Cj0KCQjw5-WRBhCKARIsAAId9Fm-gpm9jvXuMys6p0p6qqiEdUBhBz7VcAWY4FWbOyoHHSTrMfj2H3AaAou2EALw_wcB

CMMI Tech Talk: How to Appraise Small vs. Large Organizations

For more information, check out - https://www.isaca.org/enterprise/cmmi-cybermaturity-platform?gclid=Cj0KCQjw5-WRBhCKARIsAAId9Fm-gpm9jvXuMys6p0p6qqiEdUBhBz7VcAWY4FWbOyoHHSTrMfj2H3AaAou2EALw_wcB

The Transformative Power of Mobility

It's hard to believe the quarter century mark has almost arrived! Have you thought about what you would like your work world to be in 2025? Have you dreamed of more flexibility or better access to information so you can get work done faster? ISACA’s IT Professional Practices Lead, Kevin Keh, sits down with Cindy Baxter, Director of What's the Risk, LLC to talk about her recently released article “The Transformative Power of Mobility”. Cindy spoke with three professionals from three different industries and asked them how the promise of mobility could change their work lives. Hear about the work her interviewees do and the aspirations they have for themselves and their professions. Can IS risk and audit professionals make their mobility dreams come true? Tune in to the conversation and see what you think! To Read Cindy’s full ISACA Journal Article click here - www.isaca.org/power-of-mobility Please like, comment, and subscribe to the ISACA Media channels to keep up to date with all of ISACA’s new content.

Industry Spotlight with Raven David

"For me, it's all about working with people... at the end of the day, you want to work in a place where you can trust other individuals, you can get to know other individuals, and being personable with one another makes an organization great to work for," Raven David tells ISACA. In this Industry Spotlight episode, we meet Raven David, Cyber Risk and Governance Manager for The University of New South Wales (UNSW). Fascinated with technology at an early age, the native Australian recalls that he spent part of his childhood disassembling computers and putting them back together to understand better how they worked. This passion led him on a fantastic life journey and set him on a path to dominate the industry as a risk management, governance, compliance, assurance, and emerging technologies expert. Raven talks about his less traditional educational and career track. While working full-time, he managed a full-time class schedule simultaneously, to a career that allowed him to establish and manage a cyber risk and compliance team within a corporation of 5,000+ employees. Listen as Raven recaps the success of his cybersecurity awareness program, gives thoughtful advice to the next generation of young professionals, and discusses his current self-educating project, 3D printed chess set with Arduino-powered actuators and a Python chess engine.  As an active contributor to ISACA and the ISACA Sydney Chapter, Raven recently volunteered, mentored, and led the 2021 Oceania Conference Taskforce and is currently a CRISC Certification Working Group. In this ISACA Industry Spotlight episode, get to know the next-gen cybersecurity leader, Raven David. Connect with Raven David on LinkedIn: https://www.linkedin.com/in/ravendavid/  Press play now, and don’t forget to subscribe!

Diversity by Design

Why is the achievement of gender balance critical to the viability and trust of the industry? Jenai Marinkovic, Virtual CISO & CTO of Tiro Security, answers this question in a short clip from ISACA's latest live video, "Breaking the Bias for Women in Tech." Watch the full video at https://youtu.be/24n7K-pKTEU

Breaking the Bias for Women in Tech

On International Women's Day, ISACA Foundation hosted a conversation on breaking the bias for women in tech. What biases are still prevalent? How can male allies help? Why is intersectionality a crucial part of this conversation? Watch this episode of ISACA Live for these answers and more.

Privacy for Sale

Is Privacy a commodity? This episode explores the future direction of privacy and the demise of privacy in the digital age. Could privacy become something that people cannot afford, creating a two-tier system of internet users — those who can afford privacy and those who cannot? Join Safia Kazi, ISACA's Privacy Professional Practice Advisor, as she speaks with Steven Ross, Executive Principal of Risk Masters International, about his recently released ISACA article "Privacy for Sale.” Listen in as they chat about what privacy could be worth, and if this is a decision we must make soon? To read Steve’s full ISACA Journal article, please check out www.isaca.org/privacy-for-sale We would love to hear from you, please leave your comments below. If you enjoyed this episode, please click the like and subscribe buttons for more from ISACA!

Ensuring that Cybersecurity is Everyone’s Job

Join ISACA’s Performance Based Training Engineer, Collin Beder as he speaks with Tom Schneider, Senior Associate of Proactive Advisory for Cyber Defense Labs as they discuss Tom’s recently released article “Ensuring that Cybersecurity is Everyone’s Job”. Employees expect to focus on the responsibilities that are communicated to them, for example in their job descriptions. If cybersecurity and privacy responsibilities are not documented in job descriptions, then it is likely that staff will assume that cybersecurity is not a primary responsibility for them because management did not consider it significant enough to include. Collin and Tom will delve into these topics and why keeping cybersecurity on everyone’s mind will be better in the long run. To read Tom’s full article, please check out https://www.isaca.org/resources/isaca-journal/issues/2022/volume-2/ensuring-that-cybersecurity-is-everyones-job We would love to hear from you, please leave your comments below. If you enjoyed this episode, please click the like and subscribe buttons for more from ISACA!

CyberPros - Zero Trust: How to Beat Adversaries at Their Own Game featuring Dr. Zero Trust

ISACA’s Jon Brandt welcomes Dr. Chase Cunningham aka Dr. Zero Trust to the ISACA CyberPros podcast. You may know Chase from his own podcast, Dr. Zero Trust, or book series, Cynja. Chase dives deep into Zero Trust and Jon gets Chase's opinions on how legislation relates to ZT, and thoughts on attack trends, including how to outsmart bad actors. Listen now and don’t forget to subscribe and write in the comments! For more information check out https://www.isaca.org/credentialing/cybersecurity Interested in hearing more from DrZeroTrust - check out his podcast at: https://anchor.fm/chase-cunningham8

Rising Stakes for Protecting Critical Infrastructure Teaser

Watch the full video at https://www.youtube.com/watch?v=ov7f9EL8w50

Rising Stakes for Protecting Critical Infrastructure Teaser

Critical infrastructure expert and renowned cyberthreat investigator Alex Holden discusses the latest on critical infrastructure security as global tensions rise amid Russian attacks in Ukraine. For more information check out https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2022/tensions-shine-spotlight-on-protecting-critical-infrastructure

Breaking Down the ESET T3 2021 Threat Report

Tune in as ISACA’s Kevin Keh talks with the Chief Security Evangelist of ESET, Tony Anscombe about the latest released report from ESET. ESET, a global leader in cybersecurity, has released its T3 2021 Threat Report, which summarizes the most notable trends that shaped the threat landscape from September to December 2021. For more information, check out ESET’s award-winning blog: WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research. To read the full Report, please check out https://www.welivesecurity.com/2022/02/09/eset-threat-report-t32021/ We would love to hear from you, please leave your comments below. If you enjoyed this episode, please click the like and subscribe buttons for more from ISACA!

Building Digital Trust in a FinTech Start Up

Today's Page to Podcast features ISACA's Kevin Keh and Donald Tse, the Head of Cyber & Technology Risk at Mox Bank and author of "Cybersecurity and the Technology Risk in Virtual Banking", as they dive into the virtual banking scene in fintech. This will compare the differences between a digital-only virtual bank and a brick-and-mortar traditional bank and therefore the underlying challenges and risks they face. As a founding member of Mox Bank, Donald will also share his experience in building digital trust with customers and regulators in this whole new cloud-native bank. To read Donald's full article, please check out https://www.isaca.org/resources/isaca-journal/issues/2022/volume-1/cybersecurity-and-technology-risk-in-virtual-banking We would love to hear from you, please leave your comments below. If you enjoyed this episode, please click the like and subscribe buttons for more from ISACA!

Lessons Learned from a Year of Remote Work

Working from alternate work sites using unsecure networks may be here to stay, but there is much to learn from 2020 that can help improve cybersecurity capabilities for remote staff. Listen in with ISACA's Deputy Director of One in Tech, Hollee Mangrum-Willis as she talks with Tom Conkle, CEO of Optic Cyber Solutions, and Kelly Hood, EVP of Optic Cyber Solutions. They will discuss various technical solutions such as using VPNs, enabling MFA, encrypting mobile devices and laptops, and leveraging services such as a CASB, and how, ultimately, training and awareness are the most effective at protecting organizational data. To read the full article, be sure to check out https://www.isaca.org/resources/news-and-trends/industry-news/2021/lessons-learned-from-a-year-of-remote-work. We would love to hear from you, please leave your comments below. If you enjoyed this episode, please click the like and subscribe buttons for more from ISACA!

Unpacking Pakistan's Cybersecurity Policy 2021

Listen in as ISACA’s Director of Professional Practices & Innovation, Jon Brandt, is joined by Muneeb Imran Shaikh, author of "Pakistan’s Cybersecurity Policy in 2021: A Review". They will dig deeper into the report and discuss the policy changes that Pakistan and other Central Asian countries will see moving forward. To read the full report, be sure to check out https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2021/volume-39/pakistan-cybersecurity-policy-in-2021-a-review. We would love to hear from you, please leave your comments below. If you enjoyed this episode, please click the like and subscribe buttons for more from ISACA!

Using XDR and Zero Trust to Combat Ransomware

Both XDR and Zero Trust are useful security concepts, but they are sadly overhyped. Listen in as ISACA's Research Advisor, Brian Fletcher and Trend Micro's Bill Malik look into the realities behind ZDR and Zero Trust, how ransomware works, and how the both XDR and Zero Trust can help organizations minimize their vulnerabilities Interested in reading Bill's full ISACA Blog? Click the link and download a copy today! https://www.isaca.org/resources/news-and-trends/industry-news/2021/using-zero-trust-and-xdr-to-stop-ransomware We would love to hear from you, please leave your comments below. If you enjoyed this episode, please click the like and subscribe buttons for more from ISACA!

ISACA Journal Turns 50

Celebrating a Half-Century of Insights. For 50 years, the ISACA Journal has helped shape IT. Here’s to 50 more. For more information, don't forget to check out https://www.isaca.org/resources/isaca-journal

What is Environment, Social, and Governance (ESG)?

Mark Thomas (Founder, Escoute) and Caren Shiozaki (EVP & CIO, TMST, Inc.) join ISACA's Lisa Villanueva for a conversation about Environment, Social, Governance or ESG. Mark and Caren dive deep into why your organization will want to know about ESG. Mark & Caren agree “the ESG Train” has already left the station. Organizations need to jump on board now! Click play now to learn about ESG! For more information, don't forget to check out https://www.isaca.org/resources/insights-and-expertise/white-papers#sort=relevancy&layout=card and https://youtube.com/playlist?list=PLHaB3gI5mcQa0zjjXSyC3ZBlKmsct9H4g

The Impact of SOX on the Industry 20 Years Ago and Today with Cindy Baxter

The Sarbanes-Oxley (SOX) Act was passed by the United States Congress in 2002. 20 years later, ISACA's IT Audit Professional Practice Lead, Robin Lyons chats with Cindy Baxter, Director at What’s the Risk, LLC on all things SOX. Cindy goes in-depth on the scandals that caused SOX to be enacted, legislation's effect on corporate behavior, how SOX has affected the audit profession, and what trends she sees in the regulatory landscape in 2022 and beyond! Interested in reading Cindy’s full ISACA Journal article? Click the link and download a copy today! https://www.isaca.org/resources/isaca-journal/issues/2022/volume-1/the-impact-of-sox-on-the-industry-20-years-ago-and-today We would love to hear from you, please leave your comments below. If you enjoyed this episode, please click the like and subscribe buttons for more from ISACA!

Privacy in the Dark (Data)

Listen in as Safia Kazi, ISACA's Privacy Professional Practice Advisor, as she speaks with Steve Ross, Executive Principal of Risk Masters International, about his article "Privacy in the Dark (Data)". Organizations have a lot of “dark data”; information that they have collected, filed and forgotten. Some of it concerns people, so there is a privacy concern about how that data is secured. Both enterprising cyberattackers and litigants using eDiscovery tools have incentive to search through this dark data to see what they might make use of. The potential for misuse calls for greater attention to the security of this data. For more information, don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2022/volume-1/privacy-in-the-dark-data

CyberPros - 2022 Industry News Wrap

ISACA's CyberPro Jon Brant breaks down industry news stories so far in the new year: Log4j, Cyber Insurance, Augmented Reality/Virtual Reality, Metaverse, Deep Fakes, and even the legal discussion around vehicle car data. Tune in now to hear Jon's hot takes on all this and more. Happy listening! For more information, don't forget to check out https://www.isaca.org/resources/news-and-trends/isaca-podcast-library.

ISACA Cyber Pro Chats with Naomi Buckwalter

ISACA’s Cyber Pro, Jon Brandt, invites information security guru, Naomi Buckwalter, Director of Information Security and IT to the podcast to discuss hot and heavy topics within Cybersecurity and the IT industry. Listen in as they hash out the current and future trends. For More Information, Check Out https://www.isaca.org/training-and-events/cybersecurity

What Will it Take to Reach DevSecOps Maturity?

While our development teams have been busy running full speed ahead using the latest and greatest technology to build amazing products, security teams haven’t always been known to keep the same pace – and we have reached a point of “developer revolt.” Security teams are still too often viewed as producers of “design constraints” by development teams versus “reliable partners” in helping them build better software. The path to changing this is getting security more tightly integrated into the DevOps pipeline – and working to make security even more of everyone’s responsibility. In this podcast Shannon Lietz, Adobe’s VP of Vulnerability Labs, will discuss some of the opportunities for security teams to become trusted partners, providing a roadmap for how DevSecOps needs to evolve to reach necessary maturity, and discuss some of the efforts that can help the broader security industry get better at this essential security muscle. For more information, check out https://www.isaca.org/

The Log4Shell Vulnerability: Steps to Take Now and Good Practices for the Future

ISACA's Chris Dimitriadis and Scott Reynolds discuss the latest information regarding the Log4Shell vulnerability, including what organizations need to do in both the immediate and longer term. For more information on the Log4Shell Vulnerability, visit: https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2021/log4shell-vulnerability-highlights-critical-need-for-improved-detection-and-response

ISACA Foundation 2021 Year In Review

Our first year of programming has been a transformative time for ISACA Foundation, and we have much more to come. Thank you for your support and dedication to making cyber professions accessible to all.

Security Operations Challenges in 2021

ISACA’s Director, Channel Business Development, Chris DeMale is joined by ServiceNow’s Director of Product Marketing, Karl Klaessig in this follow up interview that takes a deeper look into his presentation during ISACA’s Virtual Summit session, Security Operations Challenges in 2021. The presentation discussed how opportunistic and tenacious cybercriminals can be. Klaessig takes explores how dissecting attackers' behavior and automating responses can better defend your attack surface. Don't forget to check out https://www.isaca.org/training-and-events/online-training/virtual-summits for more information!

Information Security Programs Need to be Ubiquitous, Proactive, and Vigilant

This ISACA TV interview is a discussion about information security concerns (and challenges), evolution, and the future. Topics covered include mobile computing devices, the Internet of Things (IoT), artificial intelligence (AI), cyber threat intelligence (CTI), software tools, and malware. Threats, risk, safeguards, and countermeasures will be reviewed along with some new ideas and approaches. Tune in as ISACA’s Information Security Professional Practices Lead, Jon Brandt chat with Larry Wlosinski, Senior Consultant at Coalfire Federal about his recently release article, Cyberthreat intelligence as a Proactive Extension to Incident Response. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-6/cyberthreat-intelligence-as-a-proactive-extension-to-incident-response for more information!

How Innovative Enterprises Win With Secure Machine Learning

Enterprises use machine learning to validate who they are doing business with and to find new opportunities. ISACA's IT Professional Practices Lead Kevin Keh discusses secure machine learning with Protegrity's Chief Security Strategist Ulf Mattsson. Ulf explains Trusted Execution Environment (TEE), synthetic data, and encryption keys. All these technologies can be sometimes misunderstood, but they are changing the digital landscape, so listen in now! Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-6/how-innovative-enterprises-win-with-secure-machine-learning for more information!

HCL State of Cybersecurity 2021

Jon Brandt (Information Security Professional Practices Lead at ISACA) and Renju Varghese (Fellow and Chief Architect at HCL Technologies) break down the State Of Cybersecurity 2021 —Part II report. Threat actors did not take advantage of clients more during the pandemic, but there have been higher instances of attacks or attempts of attacks during the past 18 months. This has brought attention to organization’s boards and executives to show Cybersecurity in a more serious light than it was pre-pandemic. Tune in now to hear what Renju says you can expect in 2022! Don't forget to check out https://www.isaca.org/why-isaca/about-us/newsroom/press-releases/2021/new-isaca-study-finds-cybersecurity-workforce-minimally-impacted-by-pandemic-but-still-grappling for more information!

ISACA’s New CyberPro – Jon Brandt

Listen in as ISACA’s Information Security Professional Practices Lead, Jon Brandt grabs the podcast microphone and takes over November’s Cyber Pros to discuss CISA’s Directive Breakdown. Don't forget to check out https://www.isaca.org/resources/news-and-trends/isaca-podcast-library for more information!

ISACA Conference Oceania 2021 - Threat Landscape Panel Discussion

Don't forget to check out https://www.isaca.org/training-and-events/conferences for more information

ISACA Stands for Something Bigger, short version 2

Find out what ISACA truly stands for to members of its global learning community. Learn more at www.isaca.org/go/stand-for-something-bigger.

ISACA Stands for Something Bigger, short version 1

Find out what ISACA truly stands for to members of its global learning community. Learn more at www.isaca.org/go/stand-for-something-bigger.

ISACA Stands for Something Bigger

Find out what ISACA truly stands for to members of its global learning community. Learn more at www.isaca.org/go/stand-for-something-bigger.

Career Progress During the Pandemic

Members of the ISACA community explain what they’ve been doing to keep their careers moving forward with more flexible schedules during the pandemic. Don't forget to check out https://www.isaca.org/ for more information

The Cybersecurity Workforce

Join ISACA’s Director of Communications, Kristen Kessinger as she interviews ISACA’s Information Security Professional Practices Lead, Jon Brandt about what is currently happening in the cybersecurity workforce. Listen in as Jon explains how the demand for cybersecurity resources is large, but the workforce pipeline is not keeping pace and how that makes hiring difficult for organizations. Jon and Kristen also discuss the “Great Resignation”, how the pandemic has helped make job hunters more selective, and if the NIST/NICE frameworks are still valued. Take a listen and enjoy! Don't forget to check out https://www.isaca.org/resources/infographics/state-of-cybersecurity-2021-infographic for more information!

Emerging Technology - Blockchain

In our third LinkedIn Live session on Emerging Technology, Director of Emerging Technology and Innovation at ISACA, Dustin Brewer, and Principal Consultant at Strategic Global Consulting LLC, Ronke Oyemade, discuss the topic of blockchain, its common uses, security concerns related to the technology, and what the future holds for blockchain as it continues to develop. Discover the highlights here! Don't forget to check out https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004Ko8bEAC for more information

ISACA Live - OneInTech

In this episode of ISACA Live, join Hollee Mangrum-Willis as she talks to Jo Stewart-Rattray (Vice President, Communities - Australian Computer Society) about the state of women in Cybersecurity in Oceania and worldwide and how we can bring awareness to the issue of gender balance in the Cybersecurity field. Jo and Hollee also discuss how they have worked to set work/life balance boundaries during the pandemic, changing the language within your sphere of influence, career pathing for women and what allies can do for all genders in Cybersecurity.

Digital Dunkirk: Using Cyber Skills to Save Lives

ISACA Pittsburgh Chapter board member Dan Desko and his Echelon Risk + Cyber team put their cybersecurity skills to good use in a humanitarian effort to help endangered people flee Afghanistan as part of the Digital Dunkirk project. Don't forget to check out https://engage.isaca.org/pittsburghchapter/home for more information!

Social Media Hacking Risk

How Do Organizations Control Their Use of Social Media Part III - What are the main risks that most enterprises need to consider when it comes to social media? If you don’t know, you and your organization are in danger of serious reputational risk! Watch as ISACA’s IT Governance Job Practice Lead, Lisa Villanueva discusses the risks of social media with Robert Findlay, Global Head of IT Audit at Glanbia. Social media is one of the easiest platforms to hack and it isn’t just from external threat actors. Oftentimes, the hack is coming from inside the organization from current and recently released employees. And remember, it doesn’t matter who hacks into your social platform, it is your enterprise that gets the blame and negative press. Robert and Lisa also discuss the current state of security on social media platforms and how organizations can benefit by bringing in auditors to show how to control the management of social media and avoid these pitfalls. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-4/how-do-organizations-control-their-use-of-social-media-part-1 for more information!

Dangers of Social Media

How Do Organizations Control Their Use of Social Media Part II - What are the main risks that most enterprises need to consider when it comes to social media? If you don’t know, you and your organization are in danger of serious reputational risk! Watch as ISACA’s IT Governance Job Practice Lead, Lisa Villanueva discusses the risks of social media with Robert Findlay, Global Head of IT Audit at Glanbia. Social media is one of the easiest platforms to hack and it isn’t just from external threat actors. Oftentimes, the hack is coming from inside the organization from current and recently released employees. And remember, it doesn’t matter who hacks into your social platform, it is your enterprise that gets the blame and negative press. Robert and Lisa also discuss the current state of security on social media platforms and how organizations can benefit by bringing in auditors to show how to control the management of social media and avoid these pitfalls. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-4/how-do-organizations-control-their-use-of-social-media-part-1 for more information!

How Do Organizations Control Their Use of Social Media

How Do Organizations Control Their Use of Social Media Part I - What are the main risks that most enterprises need to consider when it comes to social media? If you don’t know, you and your organization are in danger of serious reputational risk! Watch as ISACA’s IT Governance Job Practice Lead, Lisa Villanueva discusses the risks of social media with Robert Findlay, Global Head of IT Audit at Glanbia. Social media is one of the easiest platforms to hack and it isn’t just from external threat actors. Oftentimes, the hack is coming from inside the organization from current and recently released employees. And remember, it doesn’t matter who hacks into your social platform, it is your enterprise that gets the blame and negative press. Robert and Lisa also discuss the current state of security on social media platforms and how organizations can benefit by bringing in auditors to show how to control the management of social media and avoid these pitfalls. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-4/how-do-organizations-control-their-use-of-social-media-part-1 for more information!

Fake Business Vs Your Reputation

How Do Organizations Control Their Use of Social Media Part VIII - What are the main risks that most enterprises need to consider when it comes to social media? If you don’t know, you and your organization are in danger of serious reputational risk! Watch as ISACA’s IT Governance Job Practice Lead, Lisa Villanueva discusses the risks of social media with Robert Findlay, Global Head of IT Audit at Glanbia. Social media is one of the easiest platforms to hack and it isn’t just from external threat actors. Oftentimes, the hack is coming from inside the organization from current and recently released employees. And remember, it doesn’t matter who hacks into your social platform, it is your enterprise that gets the blame and negative press. Robert and Lisa also discuss the current state of security on social media platforms and how organizations can benefit by bringing in auditors to show how to control the management of social media and avoid these pitfalls. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-4/how-do-organizations-control-their-use-of-social-media-part-1 for more information!

Auditing Risk Benefit Analysis

How Do Organizations Control Their Use of Social Media Part VI - What are the main risks that most enterprises need to consider when it comes to social media? If you don’t know, you and your organization are in danger of serious reputational risk! Watch as ISACA’s IT Governance Job Practice Lead, Lisa Villanueva discusses the risks of social media with Robert Findlay, Global Head of IT Audit at Glanbia. Social media is one of the easiest platforms to hack and it isn’t just from external threat actors. Oftentimes, the hack is coming from inside the organization from current and recently released employees. And remember, it doesn’t matter who hacks into your social platform, it is your enterprise that gets the blame and negative press. Robert and Lisa also discuss the current state of security on social media platforms and how organizations can benefit by bringing in auditors to show how to control the management of social media and avoid these pitfalls. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-4/how-do-organizations-control-their-use-of-social-media-part-1 for more information!

Can You Manage Risk Without Measuring?

Cyber Risk and Communicating to a Board of Directors Part VII--Digital transformation has heightened due to the pandemic. We went from, “we can’t work from home” to “we can only work from home moving forward”. Because of this change, our cyber risk increases and organizations need to take new action when it comes to risk. Join ISACA’s Risk IT Risk Professional Practices Lead, Paul Philips as he talks with Dr. Jack Freund—Head of Cyber Risk Methodology at VisibleRisk —about how to effectively communicate Cyber Risk to a Board of Directors. Organizations need to understand the financial ramifications of all aspects of cyber risk. Along with risk quantification, organizations need to work with and inform the BOD about the risk appetite for certain projects, how much risk tolerance the organization can afford to deal with and more. Don't forget to check out https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004KoEHEA0 for more information!

Risk Appetite & Tolerance

Cyber Risk and Communicating to a Board of Directors Part VI--Digital transformation has heightened due to the pandemic. We went from, “we can’t work from home” to “we can only work from home moving forward”. Because of this change, our cyber risk increases and organizations need to take new action when it comes to risk. Join ISACA’s Risk IT Risk Professional Practices Lead, Paul Philips as he talks with Dr. Jack Freund—Head of Cyber Risk Methodology at VisibleRisk —about how to effectively communicate Cyber Risk to a Board of Directors. Organizations need to understand the financial ramifications of all aspects of cyber risk. Along with risk quantification, organizations need to work with and inform the BOD about the risk appetite for certain projects, how much risk tolerance the organization can afford to deal with and more. Don't forget to check out https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004KoEHEA0 for more information!

Law and Regulations

Cyber Risk and Communicating to a Board of Directors Part V--Digital transformation has heightened due to the pandemic. We went from, “we can’t work from home” to “we can only work from home moving forward”. Because of this change, our cyber risk increases and organizations need to take new action when it comes to risk. Join ISACA’s Risk IT Risk Professional Practices Lead, Paul Philips as he talks with Dr. Jack Freund—Head of Cyber Risk Methodology at VisibleRisk —about how to effectively communicate Cyber Risk to a Board of Directors. Organizations need to understand the financial ramifications of all aspects of cyber risk. Along with risk quantification, organizations need to work with and inform the BOD about the risk appetite for certain projects, how much risk tolerance the organization can afford to deal with and more. Don't forget to check out https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004KoEHEA0 for more information!

Risk Quantification

Cyber Risk and Communicating to a Board of Directors Part IV--Digital transformation has heightened due to the pandemic. We went from, “we can’t work from home” to “we can only work from home moving forward”. Because of this change, our cyber risk increases and organizations need to take new action when it comes to risk. Join ISACA’s Risk IT Risk Professional Practices Lead, Paul Philips as he talks with Dr. Jack Freund—Head of Cyber Risk Methodology at VisibleRisk —about how to effectively communicate Cyber Risk to a Board of Directors. Organizations need to understand the financial ramifications of all aspects of cyber risk. Along with risk quantification, organizations need to work with and inform the BOD about the risk appetite for certain projects, how much risk tolerance the organization can afford to deal with and more. Don't forget to check out https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004KoEHEA0 for more information!

Board Structure And Communication

Cyber Risk and Communicating to a Board of Directors Part III--Digital transformation has heightened due to the pandemic. We went from, “we can’t work from home” to “we can only work from home moving forward”. Because of this change, our cyber risk increases and organizations need to take new action when it comes to risk. Join ISACA’s Risk IT Risk Professional Practices Lead, Paul Philips as he talks with Dr. Jack Freund—Head of Cyber Risk Methodology at VisibleRisk —about how to effectively communicate Cyber Risk to a Board of Directors. Organizations need to understand the financial ramifications of all aspects of cyber risk. Along with risk quantification, organizations need to work with and inform the BOD about the risk appetite for certain projects, how much risk tolerance the organization can afford to deal with and more. Don't forget to check out https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004KoEHEA0 for more information!

Cyber Risk As A Strategic Risk

Cyber Risk and Communicating to a Board of Directors Part II--Digital transformation has heightened due to the pandemic. We went from, “we can’t work from home” to “we can only work from home moving forward”. Because of this change, our cyber risk increases and organizations need to take new action when it comes to risk. Join ISACA’s Risk IT Risk Professional Practices Lead, Paul Philips as he talks with Dr. Jack Freund—Head of Cyber Risk Methodology at VisibleRisk —about how to effectively communicate Cyber Risk to a Board of Directors. Organizations need to understand the financial ramifications of all aspects of cyber risk. Along with risk quantification, organizations need to work with and inform the BOD about the risk appetite for certain projects, how much risk tolerance the organization can afford to deal with and more. Don't forget to check out https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004KoEHEA0 for more information!

Communicating Cyber Risk To Boards

Cyber Risk and Communicating to a Board of Directors Part I--Digital transformation has heightened due to the pandemic. We went from, “we can’t work from home” to “we can only work from home moving forward”. Because of this change, our cyber risk increases and organizations need to take new action when it comes to risk. Join ISACA’s Risk IT Risk Professional Practices Lead, Paul Philips as he talks with Dr. Jack Freund—Head of Cybe rRisk Methodology at VisibleRisk —about how to effectively communicate Cyber Risk to a Board of Directors. Organizations need to understand the financial ramifications of all aspects of cyber risk. Along with risk quantification, organizations need to work with and inform the BOD about the risk appetite for certain projects, how much risk tolerance the organization can afford to deal with and more. Don't forget to check out https://store.isaca.org/s/store#/store/browse/detail/a2S4w000004KoEHEA0 for more information!

Gaining Executive Leadership Support for Security Changes

APTs Require Enhanced Cyberdefense Part VIII-- Advanced persistent threats (APTs) are introduced by adversaries that possess sophisticated levels of expertise and significant resources, which allow them to achieve their objectives by using multiple attack vectors (e.g., cyberattacks, physical attacks, deception). We must re-imagine cyberdefense. The threats are global, the impact is local—and every organization, regardless of industry, should examine strategic options to mitigate this risk to business. The old mantra “trust, but verify” has given way to the idea of a zero trust security model, which assumes the adversary is already inside the organization’s defenses. It is worthwhile to examine some options to reduce risk from APTs. With every business now a digital business, we must re-think, we must re-imagine cyber defense.” Don't forget to check out https://www.isaca.org/resources/news-and-trends/industry-news/2021/apts-require-enhanced-cyberdefense for more information!

Background On The CMMC Model

APTs Require Enhanced Cyberdefense Part VII--Advanced persistent threats (APTs) are introduced by adversaries that possess sophisticated levels of expertise and significant resources, which allow them to achieve their objectives by using multiple attack vectors (e.g., cyberattacks, physical attacks, deception). We must re-imagine cyberdefense. The threats are global, the impact is local—and every organization, regardless of industry, should examine strategic options to mitigate this risk to business. The old mantra “trust, but verify” has given way to the idea of a zero trust security model, which assumes the adversary is already inside the organization’s defenses. It is worthwhile to examine some options to reduce risk from APTs. With every business now a digital business, we must re-think, we must re-imagine cyber defense.” Don't forget to check out https://www.isaca.org/resources/news-and-trends/industry-news/2021/apts-require-enhanced-cyberdefense for more information!

Setting Up An SOC For Success

APTs Require Enhanced Cyberdefense Part VI--Advanced persistent threats (APTs) are introduced by adversaries that possess sophisticated levels of expertise and significant resources, which allow them to achieve their objectives by using multiple attack vectors (e.g., cyberattacks, physical attacks, deception). We must re-imagine cyberdefense. The threats are global, the impact is local—and every organization, regardless of industry, should examine strategic options to mitigate this risk to business. The old mantra “trust, but verify” has given way to the idea of a zero trust security model, which assumes the adversary is already inside the organization’s defenses. It is worthwhile to examine some options to reduce risk from APTs. With every business now a digital business, we must re-think, we must re-imagine cyber defense.” Don't forget to check out https://www.isaca.org/resources/news-and-trends/industry-news/2021/apts-require-enhanced-cyberdefense for more information!

The Transition From “Trust But Verify” to “Zero-trust”

APTs Require Enhanced Cyberdefense Part V—Advanced persistent threats (APTs) are introduced by adversaries that possess sophisticated levels of expertise and significant resources, which allow them to achieve their objectives by using multiple attack vectors (e.g., cyberattacks, physical attacks, deception). We must re-imagine cyberdefense. The threats are global, the impact is local—and every organization, regardless of industry, should examine strategic options to mitigate this risk to business. The old mantra “trust, but verify” has given way to the idea of a zero trust security model, which assumes the adversary is already inside the organization’s defenses. It is worthwhile to examine some options to reduce risk from APTs. With every business now a digital business, we must re-think, we must re-imagine cyber defense.” Don't forget to check out https://www.isaca.org/resources/news-and-trends/industry-news/2021/apts-require-enhanced-cyberdefense for more information!

Mitigating APT risk

APTs Require Enhanced Cyberdefense Part IV-- Advanced persistent threats (APTs) are introduced by adversaries that possess sophisticated levels of expertise and significant resources, which allow them to achieve their objectives by using multiple attack vectors (e.g., cyberattacks, physical attacks, deception). We must re-imagine cyberdefense. The threats are global, the impact is local—and every organization, regardless of industry, should examine strategic options to mitigate this risk to business. The old mantra “trust, but verify” has given way to the idea of a zero trust security model, which assumes the adversary is already inside the organization’s defenses. It is worthwhile to examine some options to reduce risk from APTs. With every business now a digital business, we must re-think, we must re-imagine cyber defense.” Don't forget to check out https://www.isaca.org/resources/news-and-trends/industry-news/2021/apts-require-enhanced-cyberdefense for more information!

Defense Against APT attacks

APTs Require Enhanced Cyberdefense Part III—Advanced persistent threats (APTs) are introduced by adversaries that possess sophisticated levels of expertise and significant resources, which allow them to achieve their objectives by using multiple attack vectors (e.g., cyberattacks, physical attacks, deception). We must re-imagine cyberdefense. The threats are global, the impact is local—and every organization, regardless of industry, should examine strategic options to mitigate this risk to business. The old mantra “trust, but verify” has given way to the idea of a zero trust security model, which assumes the adversary is already inside the organization’s defenses. It is worthwhile to examine some options to reduce risk from APTs. With every business now a digital business, we must re-think, we must re-imagine cyber defense.” Don't forget to check out https://www.isaca.org/resources/news-and-trends/industry-news/2021/apts-require-enhanced-cyberdefense for more information!

How Organizations Should Deal with APTs

APTs Require Enhanced Cyberdefense Part II — Advanced persistent threats (APTs) are introduced by adversaries that possess sophisticated levels of expertise and significant resources, which allow them to achieve their objectives by using multiple attack vectors (e.g., cyberattacks, physical attacks, deception). We must re-imagine cyberdefense. The threats are global, the impact is local—and every organization, regardless of industry, should examine strategic options to mitigate this risk to business. The old mantra “trust, but verify” has given way to the idea of a zero trust security model, which assumes the adversary is already inside the organization’s defenses. It is worthwhile to examine some options to reduce risk from APTs. With every business now a digital business, we must re-think, we must re-imagine cyber defense.” Don't forget to check out https://www.isaca.org/resources/news-and-trends/industry-news/2021/apts-require-enhanced-cyberdefense for more information!

Why Organizations Should Reimagine Their Cyberdefenses

APTs Require Enhanced Cyberdefense Part I-- Advanced persistent threats (APTs) are introduced by adversaries that possess sophisticated levels of expertise and significant resources, which allow them to achieve their objectives by using multiple attack vectors (e.g., cyberattacks, physical attacks, deception). We must re-imagine cyberdefense. The threats are global, the impact is local—and every organization, regardless of industry, should examine strategic options to mitigate this risk to business. The old mantra “trust, but verify” has given way to the idea of a zero trust security model, which assumes the adversary is already inside the organization’s defenses. It is worthwhile to examine some options to reduce risk from APTs. With every business now a digital business, we must re-think, we must re-imagine cyber defense.” Don't forget to check out https://www.isaca.org/resources/news-and-trends/industry-news/2021/apts-require-enhanced-cyberdefense for more information!

ISACA Awards Gala 2021: Congratulations and Invitation from David Samuelson

ISACA CEO David Samuelson sends our 2021 ISACA Award recipients his personal congratulations on their recognition and encourages everyone to celebrate their achievements at the 2021 ISACA Awards Virtual Gala. Don't forget to check out https://www.isaca.org/ for more information!

ISACA 2021 Hall of Fame

Congratulations to the 2021 ISACA Hall of Fame Inductees! Don't forget to check out https://www.isaca.org/ for more information!

ISACA Global Achievement Awards

Congratulations 2021 ISACA Global Achievement Award Recipients! Don't forget to check out https://www.isaca.org/ for more information!

2021 ISACA Chapter Awards

Congratulations 2021 ISACA Chapter Award Recipients! Don't forget to check out https://www.isaca.org/ for more information!

2021 ISACA Certification Exam Top Scorers

Congratulations to the 2021 ISACA Certification Exam Top Scorers! Don't forget to check out https://www.isaca.org/ for more information!

Behind the Scenes @ ISACA Conference North America

Watch this exclusive behind the scenes footage of the ISACA team working hard and playing hard while bringing the ISACA Conference North America to life! Don't forget to check out https://www.isaca.org/ for more information!

Gaining Digital Trust by Eliminating Privacy Dark Patterns

With the growing emphasis on consent for collecting and processing data, some enterprises have turned to tricking data subjects into giving their consent by using privacy dark patterns. Privacy dark patterns can manifest in numerous ways, from confusing user interface design to manipulative language. In this episode Jonathan Brandt, ISACA's Director of Professional Practices and Innovation, is joined by ISACA's Privacy Professional Practices Principal, Safia Kazi, who defines and provides examples of privacy dark patterns, their consequences, and how to avoid them. Jon and Safia also discuss how privacy dark patterns affect digital trust, which can ultimately hurt an enterprise's reputation and customers. To read the full article, Fostering Trust by Eliminating Dark Patterns click the link: https://www.isaca.org/fostering-trust-by-eliminating-dark-patterns. Be sure to comment, like, and subscribe for more ISACA Productions content!

ISACA Anthem – Mega Ran Custom Rap

Rapper Mega Ran drops straight fire bars about ISACA’s IT credentialing programs and community of experts, taking you on a journey “from a new member to the latest IT star”. ISACA! Video made on commission through Event Rap. Explore ISACA’s programs: https://www.isaca.org/ Follow Mega Ran: https://www.eventrap.com/artist/mega-ran/ Learn more about Event Rap and custom rap videos: https://www.eventrap.com

ISACA's Volunteer Appreciation Week 2021

Don't forget to check out https://www.isaca.org/ for more information!

Shorter Version 3 - Cybersecurity: A Perfect Fit for Rising Professionals

Stanford University student Kyla Guru says Gen Z members are especially well-equipped to thrive in cybersecurity. Don't forget to check out https://www.isaca.org/ for more information!

Shorter Version 2 - Cybersecurity: A Perfect Fit for Rising Professionals

Stanford University student Kyla Guru says the challenges posed when working in cybersecurity can seem like a surreal experience. Don't forget to check out https://www.isaca.org/ for more information!

Short Version 1 - Cybersecurity: A Perfect Fit for Rising Professionals

Stanford University student Kyla Guru explains the problem-solving mindset that helps rising professionals succeed in cybersecurity. Don't forget to check out https://www.isaca.org/ for more information!

Cybersecurity: A Perfect Fit for Rising Professionals

Stanford University student Kyla Guru makes the case that cybersecurity skills come naturally to members of Gen Z who want to impact the future. Don't forget to check out https://www.isaca.org/ for more information!

#IamISACA: Andrea Tang

In her #IamISACA story, Andrea Tang explains how her privacy expertise positions her to be to a bridge between China and the rest of the world. Don't forget to check out https://www.isaca.org/ for more information!

#IamISACA: Andrea Tang - Shorter Version

In her #IamISACA story, Andrea Tang explains how her privacy expertise positions her to be to a bridge between China and the rest of the world. Don't forget to check out https://www.isaca.org/ for more information!

Building Early Career Momentum with ISACA

Find out how starting early with ISACA can make a difference for young professionals and other newcomers to IT careers. Don't forget to check out https://www.isaca.org/ for more information!

Building Customer Trust Through Privacy

When organizations build privacy programs that are reflective of consumers’ best interests, it builds goodwill and creates added value for the enterprise, says ISACA privacy expert Matt Stamper. Don't forget to check out https://www.isaca.org/ for more information!

Protecting and Governing Personal Data

As more and more employees work from home, organizations will have to evolve their approaches to data privacy, including adding more credentialed privacy professionals. Don't forget to check out https://www.isaca.org/ for more information!

Bringing Technical and Legal Privacy Professionals Together

Collaborations between technical and legal privacy professionals focused on data governance and data privacy lead to stronger privacy solutions for organizations. Don't forget to check out https://www.isaca.org/ for more information!

Implementing the Needed Privacy Controls

Privacy credentials such as ISACA’s CDPSE certification can help practitioners ensure they are putting in place the needed technical privacy safeguards and controls. Don't forget to check out https://www.isaca.org/ for more information!

A Seat at the Table for Privacy

Privacy is increasingly driving organizational change. Professionals who proactively seek privacy knowledge and credentials are more likely to have a seat at the table for these important conversations. Don't forget to check out https://www.isaca.org/ for more information!

Privacy in Practice 2021 Report

Don't forget to check out https://www.isaca.org/ for more information!

Top Tech Risks for 2021

As organizations plan for the year ahead, the COVID-19 world has reshaped the landscape of technology risks. In September/October 2020, ISACA and Protiviti conducted a global survey of more than 7,400 IT audit leaders and professionals to obtain their perspectives on the top technology risks their organizations will face in 2021. Explore these in this video and the new report: https://www.isaca.org/go/2020-isaca-protiviti-global-it-audit-benchmarking-survey.

Join Privacy in Practice Emcee Safia Kazi online, 8 December 2020

Manage and Conquer Data and Privacy Issues with ISACA

Chief Product Officer, Nader Qaimari, talks about ISACA’s current and future plans to help IS/IT professionals overcome privacy issues that keep them up at night.

2020 ISACA Awards Presentation

Watch the presentation of the 2020 ISACA Global Achievement and Certification Exam Top Score Awards and celebrate the achievements of ISACA members around the world.

Technical Privacy Knowledge: In-Demand

CDPSE-holder Yunique Demann offers her perspective on why privacy has become one of the hottest areas of job growth for information and technology professionals.

Why Employers Value the CDPSE

CDPSE-holder Yunique Demann explains how the CDPSE certification demonstrates technical privacy skills to prospective employers.

Understanding Privacy at the Design Level

Mohammed J. Khan says that ISACA’s CDPSE certification enables professionals to understand how privacy works at the design level throughout the enterprise.

ISACA – Cyber Maturity: Improve Your Pandemic Preparedness by Frank Downs

2020 ISACA Best Chapter Awards

Congratulations to the 2020 recipients of the K. Wayne Snipes Best Chapter Award: Chicago Chapter (Very Large Chapter), Middle Tennessee Chapter (Large Chapter), Tallahassee Chapter (Medium Chapter), and Coimbatore Chapter (Small Chapter). Learn more at www.isaca.org/awards.

2020 ISACA Chair's Award

ISACA’s 2019-2020 Board Chair Brennan P. Baybeck dedicates the 2020 Chair’s Award to ISACA’s passionate members, chapters, chapter leaders, and volunteers. Learn more at www.isaca.org/awards.

ISACA CommunITy Day 2020 - Join Us!

2019 ISACA Annual Report Video

Find out how ISACA celebrated its 50th anniversary year by preparing for even greater impact in the next 50 years.

Welcome to the New ISACA!

For more information: https://www.isaca.org/

EuroCACS/CSX 2019 Highlights

Check out the conference highlights from EuroCACS 2019 in Geneva, Switzerland. EuroCACS 2020 will take place on 28-30 October 2020 in Helsinki, Finland.

Infosecurity ISACA North America Expo and Conference

Expand your network, deepen your knowledge, and sharpen your skills at Infosecurity ISACA North America Expo and Conference. Learn more http://bit.ly/2ng0TKe Earn up to 37 CPEs, experience customized learning, and engage with industry peers 20-21 November 2019 at the Javits Convention Center in New York, New York. Register Today http://bit.ly/2ng0TKe

ISACA CISM Certification Holders Give Advice to Professionals Considering Certification

Certified Information Security Manager (CISM) certification holders give advice to those considering becoming CISM certified. http://bit.ly/2jQA9fH The uniquely management-focused CISM certification affirms that the holders understand business information systems, know how to manage, and methods to adapt technology to their enterprise and industry. Since its inception in 2002, more than 30,000 of professionals worldwide have earned the industry-leading CISM designation, to affirm both their high level of technical competence and qualifications for top-caliber leadership in information security management roles. Learn more about the CISM certification: http://bit.ly/2jQA9fH

Join us for ISACA CommunITy Day!

ISACA CEO David Samuelson invites all ISACA members and chapters to give back to their local communities on ISACA CommunITy Day. Be part of this global day of service where we all have a positive impact on the world. Hosted on 5 October 2019, the inaugural event will kick off in ISACA’s 50th year and become an annual tradition on the first Saturday in October. Follow our global activities using #ISACACommunITyDay. https://engage.isaca.org/communityday/

Simon T. Bailey – Opening Keynote at 2019 GRC

Be inspired to Shift Your Brilliance with 2019 GRC Conference Keynote, Simon T. Bailey. Named by SUCCESS magazine as one of the top 25 people who will help you reach your business and life goals, Simon T. Bailey has used his talks to inspire change and success across thousands of organizations in dozens of countries. Bailey will address the failure of yesterday’s methods to keep pace with today’s rapid technological change, and inspire and empower attendees to new ways of thinking will create tomorrow’s solutions. Register now for 2019 GRC Conference, brought to you by ISACA and The IIA. http://bit.ly/329eQJR

North America CACS 2019 Highlights

Register for NACACS 2020 here: http://bit.ly/2FLz42L The North America CACS 2019 conference in Anaheim, CA just ended. Check out the conference highlights and register for North America CACS 2020, 12-14 May in Baltimore, Maryland here: http://bit.ly/2FLz42L

Right-Size Your Governance of Enterprise Information & Technology

If you are new to COBIT, there has never been a better time to reevaluate your enterprise governance program. Effective governance over information and technology is critical to business success, and this new release of COBIT® 2019 further cements COBIT’s continuing role as an important driver of innovation and business transformation. Learn more http://bit.ly/2HKhIF7

Current COBIT Users Gain Even More from COBIT® 2019

For current users of COBIT 5, the news couldn’t be better. COBIT 2019 is an evolution of COBIT 5, so this newly revised governance framework contains everything you value about COBIT 5, plus many exciting new features and focus areas. Learn more http://bit.ly/2HKiq5o

Introducing COBIT® 2019

The world-renowned COBIT framework has been updated—Introducing COBIT 2019. Four core publications provide the foundation for creating a customized governance program for information and technology, right-sized to the needs of your enterprise. Good governance is a vital element of strategy formulation and business transformation success, and COBIT 2019 can help chart that path forward. Learn more http://bit.ly/2HI8Y2l

What’s New in COBIT® 2019: Design Guide

Besides updating information in the Core COBIT model and incorporating refreshed standards, the new COBIT 2019 is more flexible in implementation and offers more design guidance. This new Design Guide publication fills an important need for COBIT users—how to put COBIT to practical use, offering prescriptive how-to information. Learn more http://bit.ly/2HI8Y2l

ISACA 2018 Annual Report: Navigating Change

ISACA spent 2018 equipping its global professional community to deal with the many changes impacting the enterprise technology landscape. To find out more, visit www.isaca.org/annualreport.

A History of COBIT

Learn how ISACA’s Control Objectives evolved into COBIT, a globally respected framework for the governance and management of enterprise information and technology, and how COBIT 2019 builds upon this rich history. Find out how you can be part of the ISACA50 celebration! http://bit.ly/2ETEU3p

CISAs Talk About CISA

Certified Information Systems Auditor (CISA) certification holders talk in their own words about the ways ISACA’s globally recognized IT credential has helped their careers. Learn more http://bit.ly/2vHa5aV

EuroCACS 2018 Highlights

Check out the conference highlights from EuroCACS 2018 in Edinburgh, Scotland. EuroCACS 2019 will take place on 16-18 October 2019 in Geneva, Switzerland. Check-in for updates here: http://bit.ly/2I55ROB See the EuroCACS 2018 photo album here: http://bit.ly/2sQjcpa

ISACA Annual Report 2017 Overview

ISACA advanced its Purpose and Promise throughout 2017 by moving forward numerous impactful programs and initiatives. See the full 2017 ISACA Annual Report here: http://bit.ly/2FpWl7c

2017 Annual Report: Volunteers

ISACA board director Leonard Ong notes how volunteering with ISACA provides a variety of professional and social rewards. See the full 2017 ISACA Annual Report here: http://bit.ly/2FpWl7c

North America CACS 2018 Highlights

Register for NACACS 2019 here: http://bit.ly/2ruNaO0 The North America CACS 2018 conference in Chicago just ended. Check out the conference highlights and register for North America CACS 2019, 13-15 May in Anaheim, CA here: http://bit.ly/2ruNaO0 See NACACS 2018 photo album here: http://bit.ly/2rx4UIv

ISACA Awards Program

ISACA Awards: http://bit.ly/2rtrpy1 Learn why ISACA values the opportunity to recognize outstanding thought leadership, volunteer service and professional achievements. We rely upon our members to submit nominations and volunteer to help select the incredible accomplishments we present with ISACA Global Achievement Awards and Chapter Awards. ISACA also recognizes the Certification Exam Top Scores for their exemplary abilities. Visit http://bit.ly/2rtrpy1 to learn more. Volunteer Opportunities: http://bit.ly/2rsFgVn ISACA Awards: http://bit.ly/2rtrpy1

CISA Virtual Instructor-Led Training Course - May 2018

Offering you intensive, cram-style online preparation for your CISA® exam, ISACA's 12-hour VILT prep course is spread across four 3-hour sessions with direct interaction with an expert instructor. To register for the CISA Virtual Instructor-Led Training course on 21-24 May, click here: http://bit.ly/2qCpWWs Course Description Join fellow CISA exam candidates along with a CISA-certified trainer for a unique exam prep experience. The CISA Exam Prep Course is an intensive, cram-style course that will cover some of the more challenging topics from the CISA job practice. Drill through sample exam items, ask your most pressing questions and get the answers to build your confidence as you prepare for exam day. Learning Objectives At the end of this course, you will: • Learn the specific requirements for passing the CISA Exam and attaining your certification • Review key concepts, tasks and knowledge related to the duties of an IS auditor, which serve as the foundation of the CISA Exam • Learn successful methods of evaluating exam questions and answers, including analysis and explanations • Review useful, proven information on study and exam time management Who Should Attend? • CISA Exam Candidates • Audit professionals with 3-5 years of experience

EuroCACS 2018 | COBIT 5 Foundation Workshop

Learn about the COBIT 5 Foundation workshop here: http://bit.ly/2pSrudX Bruno Horta Soares talks about his COBIT 5 Foundation workshop at EuroCACS 2018 in Edinburgh, Scotland. Learn the importance of an effective framework to enable business value. Delve into the elements of ISACA’s evolutionary framework to understand how COBIT 5 covers the business end-to-end and helps you effectively govern and manage enterprise IT. Developed for anyone interested in obtaining foundation-level knowledge of COBIT, the course explains the COBIT framework and supporting materials in a logical and example-driven approach. Earn the COBIT 5 Foundation Certificate! Attendees can take the Foundation Exam Monday, 28 May 2018 for an additional US $150! The exam will take place on Monday morning, before the opening keynote presentation. A study session will also be held on Sunday evening prior to the exam to prepare you as much as possible. In 2017, 100% of those who attended the COBIT 5 Foundation workshop and took the exam at the conference passed! Space is limited for the exam, so be sure to add it to your registration today to secure your spot! Learn about the COBIT 5 Foundation workshop here: http://bit.ly/2pSrudX Register for EuroCACS 2018 today: http://bit.ly/2pWTygr See the full program: http://bit.ly/2pRYaEd Learn more about our workshops: http://bit.ly/2pSrudX Check out our networking events: http://bit.ly/2pSr9YJ Explore Edinburgh with our interactive map: http://bit.ly/2pTNntf

Why You Should Attend North America CACS 2018

Register for North America CACS 2018: http://bit.ly/2q1Uelg Grow your expertise, skills and value to enterprises worldwide at North America CACS 2018. Join us on 30 April-2 May in Chicago, Illinois, and be a part of the top conference for IS audit and security professionals! Choose from dynamic, timely topics that help you address challenges and learn innovative solutions. There will be more than 100 sessions to customize for your goals and various in-depth options for advanced learning. Enjoy direct access to industry leaders, expert speakers and valuable resources. North America CACS will also provide enhanced networking opportunities for attendees. Hear what last year's attendees have to say about their North America CACS experience and register for the 2018 conference right here: http://bit.ly/2q1Uelg See the full program: http://bit.ly/2q0mRzk Learn more about our workshops: http://bit.ly/2q2cGdE Check out our networking events: http://bit.ly/2q1R1SR Explore Chicago with our interactive map: http://bit.ly/2q1ToF8

ISACA Purpose and Promise

Learn more about ISACA here: http://bit.ly/2EF84CQ ISACA's Purpose and Promise video showcases ISACA’s presence, work, and value on a global scale through leader, member and staff narratives. The ISACA community – members, volunteers and professional staff -- is guided by our Purpose and Promise, which define the essence of who we are and what we do. Our Purpose is the reason we exist – to help business technology professionals and their enterprises around the world realize the positive potential of technology. Our Promise is how we, as an organization and as individuals, deliver on our Purpose – the work we do every day to inspire confidence that enables innovation through technology. Our work, and the work of the more than 450,000 engaged business technology professionals we support, has never been more important. Learn more about ISACA here: http://bit.ly/2EF84CQ

Meltdown & Spectre - Identifying The Vulnerability & Mitigating The Risk

ISACA’s Frank Downs, Senior Manager of Cyber Information Security Practices, demonstrates how to identify if you have the vulnerability and how to mitigate the risk. To learn more, read the ISACA Now Blog, Understanding Meltdown and Spectre http://bit.ly/2CQRm3i

GDPR Overview in Four Minutes - CSX Europe

Experts on GDPR from ISACA, IAPP, and ENISA joined together to discuss the impending GDPR Regulation implementation 25 May 2018 at 2017 CSX Europe. The panel discussed what GDPR is, what is involved in preparing for it and the expectations of organizations. Links to more ISACA content about GDPR are below. GDPR Data Protection Impact Assessments (White Paper): http://bit.ly/2kQjWGa Adopting GDPR Using COBIT 5 (White Paper): http://bit.ly/2kQSTdy Using ISACA Privacy Principles for GDPR Compliance (Article): http://bit.ly/2kQkcVG Countdown to GDPR: 5 Tips to Accelerate GDPR Readiness (Archived Webinar): http://bit.ly/2kSiO4z For a full list of GDPR resources from ISACA, go here: http://bit.ly/2kQjVC8 To learn about CSX 2018 Europe, click here: http://bit.ly/2kRdWNh

CSX 2017 Europe Conference Highlights

Enjoy the very best of what CSX 2017 Europe had to offer in this highlight video. The attendees at the Intercontinental London - The O2 in London, UK, each engaging keynote and session speaker and more made this incredible cyber event a resounding success! Register for next year's conference here: http://bit.ly/2zC7PWd

EuroCACS 2018

Hear what last year's attendees have to say about their EuroCACS experience and register for the 2018 conference right here: http://bit.ly/2zCa4c6 Leaders in IS/IT Audit, Security, and Compliance gather at one exceptional event each year. Join them on 28-30 May 2018 in Edinburgh, Scotland. Gain fresh ideas and approaches while earning CPE hours at a variety of workshops and over 50 breakout sessions. You will be gaining new knowledge and perspectives alongside the industry’s brightest and most highly respected minds at this ISACA® industry-leading conference. Register today at http://bit.ly/2zCa4c6

Better Tech Governance is Better for Business

Highlights from CSX 2017 North America conference panel discussing the key takeaways from ISACA’s research on the importance of strong board oversight over areas such as cybersecurity and risk management. To see ISACA's corresponding report, click here: http://bit.ly/2z9U0hq

Africa CACS 2017 Highlights

Here are highlights from ISACA's Africa CACS 2017 conference. See a recap of the Africa CACS event in Accra, Ghana. Learn more about all of our conferences here: http://bit.ly/2gcf5kk

CSX 2017 North America Conference Highlights

Enjoy the very best of what CSX 2017 North America had to offer in this highlight video. The attendees at the Marriott Wardman Park in Washington D.C., each engaging keynote and session speaker, the interactive Cyber Challenge and more made this incredible cyber event a resounding success! We cannot wait to see everyone next year in Las Vegas, Nevada. http://bit.ly/2gbdxaa

CSX Training Platform

It’s Cyber Security Awareness Month. In cyber security, there’s no substitute for real-world experience. That’s why we created the Cybersecurity Nexus™ (CSX) Training Platform, the first on-demand, real-world training solution that builds real technical skills to help enterprises train their staff to combat real threats. Learn more. http://bit.ly/2xQNDwN

ISACA CRISC Online Review Course Overview

Purchase ISACA's CRISC Online Review Course here: http://bit.ly/2wgNLYc Online review courses are also available for purchase through our enterprise sales team for larger organizations. Learn more here: http://bit.ly/2whvv0C Course Description The CRISC Online Review Course is an online preparation course that will prepare you for the CRISC certification exam using proven instructional design techniques and interactive activities. The course covers all four of the CRISC domains. The course incorporates video, interactive eLearning modules, downloadable, interactive workbooks, downloadable job aids, case study activities, and pre- and post-course assessments. You will be able to navigate the course at your own pace, following a recommended structure, or target preferred job practice areas. You may also start and stop the course based on your study schedule, picking up exactly where you left off the next time you access. Trained by ISACA. Certified by ISACA. Learning Objectives At the end of this course, the learner will be able to: --Identify the IT risk management strategy in support of business objectives and alignment with the Enterprise Risk Management (ERM) strategy. --Analyze and evaluate IT risk to determine the likelihood and impact on business objectives to enable risk-based decision making. --Determine risk response options and evaluate their efficiency and effectiveness to manage risk in alignment with business objectives. --Continuously monitor and report on IT risk and controls to relevant stakeholders to ensure the continued efficiency and effectiveness of the IT risk management strategy and its alignment with business objectives. Course Outline CRISC Self-Assessment --50 questions --Results broken down per domain Introduction --Welcome video --Getting started Job Aid Domain 1 — Risk Management --Collect and review environmental risk data Identify potential vulnerabilities to people, processes and assets --Develop IT scenarios based on information and potential impact to the organization --Identify key stakeholders for risk scenarios --Establish risk register --Gain senior leadership and stakeholder approval of the risk plan --Collaborate to create a risk awareness program and conduct training Domain 2 – IT Risk Assessment --Analyze risk scenarios to determine likelihood and impact --Identify current state of risk controls and their effectiveness --Determine gaps between the current state of risk controls and the desired state --Ensure risk ownership is assigned at the appropriate level --Communicate risk assessment data to senior management and appropriate stakeholders --Update the risk register with risk assessment data Domain 3 – Risk Response and Mitigation --Align risk responses with business objectives --Develop consult with and assist risk owners with development risk action plans --Ensure risk mitigation controls are managed to acceptable levels --Ensure control ownership is appropriately assigned to establish accountability --Develop and document control procedures for effective control --Update the risk register --Validate that risk responses are executed according to risk action plans Domain 4 – Risk and Control Monitoring and Reporting --Risk and control monitoring and reporting --Define key risk indicators (KRIs) and identify key performance indicators (KPIs) to enable performance measurement key risk indicators (KRIs) and key performance indicators (KPIs) --Determine the effectiveness of control assessments --Identify and report trends/changes to KRIs/KPIs that affect control performance or the risk profile CRISC Sample Exam --75 questions

Asia Pacific CACS 2017 Overview

Mark your calendars for 29-30 November 2017 and join us in Dubai! Don’t miss the opportunity to earn up to 23 CPE hours and be a part of the top conference for Audit and Security professionals. Register today! http://bit.ly/2hhdXbm

ISACA CISM Online Review Course Overview

Purchase ISACA's CISM Online Review Course here: http://bit.ly/2wh1AWD Online review courses are also available for purchase through our enterprise sales team for larger organizations. Learn more here: http://bit.ly/2wgNbtu ________________________________________ CISM Online Review Course Description The CISM Online Review Course is an online preparation course that will prepare you for the CISM certification exam using proven instructional design techniques and interactive activities. The course covers all four of the CISM domains. The course incorporates video, interactive eLearning modules, downloadable, interactive workbooks, downloadable job aids, case study activities, and pre- and post-course assessments. You will be able to navigate the course at your own pace, following a recommended structure, or target preferred job practice areas. You may also start and stop the course based on your study schedule, picking up exactly where you left off the next time they access. Trained by ISACA. Certified by ISACA. Learning Objectives At the completion of this course the learner will be able to: --Establish and/or maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives. --Manage information risk to an acceptable level based on risk appetite to meet organizational goals and objectives. --Develop and maintain an information security program that identifies, manages and protects the organization’s assets while aligning to information security strategy and business goals, thereby supporting an effective security posture. --Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact. Course Outline CISM Self-Assessment --50 questions --Results are broken down per domain Introduction --Welcome video --Getting started Job Aid Domain 1 – Information Security Governance --Explain the need for and the desired outcomes of an effective information security strategy --Create an information security strategy aligned with organizational goals and objectives --Gain stakeholder support using business cases Identify key roles and responsibilities needed to execute an action plan --Establish metrics to measure and monitor the performance of security governance Domain 2 – Information Risk Management --Explain the importance of risk management as a tool to meet business needs and develop a security management program to support these needs --Identify, rank, and respond to a risk in a way that is appropriate as defined by organizational directives --Assess the appropriateness and effectiveness of information security controls --Report information security risk effectively Domain 3- Information Security Program Development and Management --Align information security program requirements with those of other business functions ​ --Manage the information security program resources --Design and implement information security controls ​ --Incorporate information security requirements into contracts, agreements and third-party management processes Domain 4 – Information Security Incident Management --Understand the concepts and practices of Incident Management --Identify the components of an Incident Response Plan and evaluate its effectiveness --Understand the key concepts of Business Continuity Planning, or BCP and Disaster Recovery Planning, or DRP --Be familiar with techniques commonly used to test incident response capabilities CISM Sample Exam --75 questions

Mark Thomas Explains His Upcoming Workshop at Asia Pacific CACS 2017 Conference

Mark Thomas explains how effectively managing IT risk helps drive better business performance by linking information and technology risk to the achievement of strategic enterprise objectives. This one day, instructor-led workshop will address COBIT 5 for Risk which defines IT risk as ‘’business risk, specifically, the business risk associated with the use, ownership, operation, involvement, influence, and adoption of IT within an enterprise.’’ Attendees will learn how to adopt COBIT 5 for Risk to ensure a broader coverage of business risk to the benefit their enterprise’s risk profile. Learn more at Asia Pacific CACS 2017 http://bit.ly/2vWXWhZ

Learn How CSX 2017 will Help You Improve Healthcare's Cyber Security

Learn how to defend your healthcare organization, patients and more against the growing cyber security threat. Make plans now to join the thought (and action) leaders in cyber security at CSX 2017: 2-4 October 2017 in Washington, DC, USA; or 30 October–1 November 2017 in London, UK. CSX 2017 North America: http://bit.ly/2w5tk00 CSX 2017 Europe: http://bit.ly/2w5klvS

Learn How CSX 2017 will Help You Improve Departmental Cyber Security

Learn more about the NIST Cybersecurity framework and cyber security’s impact on your agency, role and career, and the public’s trust. Make plans now to join the thought (and action) leaders in cyber security at CSX 2017: 2-4 October 2017 in Washington, DC, USA; or 30 October–1 November 2017 in London, UK CSX 2017 North America: http://bit.ly/2vMvW08 CSX 2017 Europe: http://bit.ly/2vLU9nn

Tichaona Zororo | COBIT 5 Foundation Workshop at Africa CACS 2017

Don’t miss out! Embrace fresh insights, tools, and solutions you can apply immediately in your organisation at your choice of more than 30 track sessions at Africa CACS 2017 in Accra, Ghana, 11-12 September 2017. Add to your expertise and earn an additional 14 Continuing Professional Education (CPE) credits for a conference total of 29 CPE—by starting your learning early. Join fellow business, government and information systems audit, security, risk and governance professionals for COBIT expert Tichaona Zororo’s invaluable pre-conference workshop—COBIT 5 Foundation—starting Saturday, 9 September 2017. Learn more about Africa CACS and register here: http://bit.ly/2uXyESQ

Internal Control Using COBIT 5

Download your copy of the free corresponding whitepaper here: http://bit.ly/2uTpS8s A free Internal and Mitigating Control Selection Worksheet is also available under "Related Items" here: http://bit.ly/2uTpS8s Synopsis: In any organization, uncertainty is everywhere. External factors such as industry outlooks and consumer sentiment can have substantial impact on an organization’s growth and strategy. Internal factors within the organization also arise, such as IT security, ethics, and financial compliance. These external and internal factors introduce risk to an organization’s ability to meet goals and objectives. Every organization must establish processes that ensure risk is managed. These policies are called ”internal controls.” Failing to mitigate these risk factors may result in regulatory issues, ethical misconduct, or security breaches—the consequences of which can be severe. Therefore, it is vital to establish a properly managed control environment to create assurance and confidence in the organization’s activities and outcomes. An effective way to achieve that goal is to use the COBIT 5 framework for governance of enterprise IT as an overarching framework for various standards, frameworks and best practices being used in that control environment. At the enterprise level, the separation of governance controls and internal controls in many organizations may lead to miscommunication, inefficiency, and an inability to effectively deliver value to stakeholders. Using the COBIT 5 governance framework for internal controls can streamline and eliminate these inefficiencies, by aligning controls with business objectives, and by creating a cohesive methodology across the governance, risk, and compliance (GRC) functions. This video explores this concept in detail. Learn more: http://bit.ly/2uTpS8s

CACS Conference Call for Speakers

Are you an industry expert, thought-leader or passionate professional willing to share your experiences, insights, and knowledge with colleagues and peers? ISACA is frequently accepting proposals for educational sessions at the globally recognized CACS Conferences. Increase your visibility throughout the ISACA international community by becoming an event speaker. ISACA issues Call for Speakers for its education events, and a volunteer task force vets speakers based on subject matter expertise and other criteria on this page. Learn more and submit your proposal today: http://bit.ly/2uEM1qG.

Ryan Hogarth - Africa CACS 2017 Opening Keynote

Be enriched and inspired by the perspective-altering address of Ryan Hogarth at ISACA’s prestigious Africa CACS 2017 Conference in Accra, Ghana, 11-12 September 2017. Kick off your two-days of knowledge growth with Ryan Hogarth’s opening keynote address. The social business strategist, and author offers invaluable insight on understanding what customers, prospects and other stakeholders are doing with and expecting from the transforming digital landscape. Gain new guidance on how to adapt and prepare your thinking to capitalize on the business impacts of shifting technology. Register today: http://bit.ly/2tgblzq

Mark Thomas Explains His Upcoming Workshop at CSX 2017 North America Conference

Mark Thomas gives insight on what his upcoming workshop will be about at the CSX 2017 North America Conference. As part of the knowledge, tools and guidance provided through the globally respected Cybersecurity Nexus (CSX) program, ISACA has developed a guide and course: Implementing NIST Cybersecurity Framework Using COBIT 5. This course presents deep insights on the Cybersecurity Framework (CSF), its goals, implementation steps and the ability to apply this information. The course is well-suited for individuals who have a basic understanding of both COBIT 5 and security concepts, and who are involved in improving the cyber security program for their enterprises. Students will learn to understand the goals of the CSF and what it means to align to it, understand the seven CSF implementation steps, and apply and evaluate the steps using COBIT 5. Register for CSX 2017 North America and/or workshops here: http://bit.ly/2sMnBY8 Learn more about about this workshop and Mark Thomas here: http://bit.ly/2sLC3Q9 Learn more about the overall CSX 2017 North America Program here: http://bit.ly/2sMbMRH

Sponsorship Opportunities

Connect with your target audience; 150,000 IS & IT Professionals in audit & assurance, cybersecurity, governance & risk and control. Jeff McNaughton of Vanguard Integrity Professionals and Chris Parkerson of Adobe talk about their experiences sponsoring ISACA events. For more information on ISACA sponsorship opportunities, visit our website: http://bit.ly/2sy1vsu

Network with others at CSX 2017 Asia Pacific

CSX 2017 Asia Pacific builds on the globally respected Cybersecurity Nexus™ (CSX) program. This immersive experience supports regional security practitioners, managers and teams in enhancing how to identify, analyze and plan for security breaches and cyber-attacks. You will do more than just listen to speakers. You will collaborate with peers to help solve today’s issues and better prepare for tomorrow’s challenges. http://bit.ly/2suxNo9

Ali Pabrai Invites You to Engage at CSX 2017 Cairo

Renowned cyber security and compliance expert Uday Ali Pabrai presents and moderates a day of collaborative discussion about cyber security vulnerability assessment at CSX 2017 Cairo. Ali is a member of Infragard, a public-private partnership between U.S. businesses and the U.S. Federal Bureau of Investigation. He also is chief executive of ecfirst, an Inc. Magazine 500 fastest-growing business. Register today and leave energized, better connected with peers and with new knowledge on how to improve your organization’s cyber security defenses. Sign up here: http://bit.ly/2stGUoR

CRISC Virtual Exam Prep with Mark Thomas

CRISC Exam Prep Course: 10-13 July 2017 | Online. Leverage the best of both worlds—personal interaction with highly-qualified and experienced instructors, and the convenience of online access to a virtual classroom. Grow your knowledge, enhance your skills and advance your career with Virtual Instructor-Led Training from ISACA. This easy-to-use web-based training connects you from anywhere to lectures, demonstrations and hand-on instruction that will develop your expertise in vital areas of information systems. http://bit.ly/2sT7Z8s

Ted Harrington Explains His Upcoming Workshop at CSX 2017 North America Conference

In his seminal work The Art of War, Sun Tzu advocated that we must “know thy enemy” in order to defeat that enemy. Utilizing a mixture of presentation and group exercise modules, this workshop leverages that mantra, adopting the attacker’s viewpoint in order to understand how to defend. Presented by the elite group of security researchers and consultants widely known as the first company to hack the iPhone, this session examines secure design principles, attack anatomies, and real world case studies from a variety of industries. Notably, this session extracts lessons from recently published security research by the presenters, including the seminal whitepaper Hacking Hospitals, in which it was investigated how hackers could cause patient harm or fatality. Attendees can expect to be challenged to consider a new defense paradigm, and will leave with actionable guidance that can be immediately implemented at their organizations. Register now: http://bit.ly/2sTnldo

EuroCACS 2017 Recap

There were 45+ speakers, 50+ sessions, 4 workshops and endless networking opportunities. See all of the fun that was had at EuroCACS 2017 in Munich, Germany this this year. Sign up for EuroCACS 2018 in Edinburgh, Scotland here: http://bit.ly/2sDF3kZ

CSX North America - Networking Testimonial

After attending 2015 CSX North America, attendees give testimonials about their experience. Click here to sign up for the 2016 conference in Las Vegas: http://bit.ly/2clARuC

CSX North America - Sessions Testimonial

In this video, CSX North America 2015 attendees give testimonials about their experience. Click here to sign up for the 2016 conference in Las Vegas: http://bit.ly/2cTR8w8

CSX Europe - Networking Testimonial

After attending 2015 CSX Europe, attendees give testimonials about their experience. Click here to sign up for the 2016 conference in London: http://bit.ly/2clEYah

CSX Europe - Sessions Testimonial

In this video, CSX Europe 2015 attendees give testimonials about their experience. Click here to sign up for the 2016 conference in London: http://bit.ly/2clFtkt

Overview of Digital Forensics

When a cyber incident occurs, IT’s best practice is to respond with a set of predetermined actions. Applying digital forensics to aid in the recovery and investigation of material on digital media and networks is one of these actions. Digital forensics is defined as the “process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable in any legal proceedings (i.e., a court of law).” To download the accompanying whitepaper, click here: http://bit.ly/2rerSCZ. For a suite of cyber security learning solutions for individuals and enterprises, check out Cybersecurity Nexus (CSX) from ISACA: http://bit.ly/2sxqAXx

ISACA Official CISA Online Review Course

Get the CISA training you need here: http://bit.ly/2qZK17D. Prepare to obtain the Certified Information Systems Auditor® (CISA) certification and be recognized among the world’s most-qualified information systems professionals. The CISA Online Review Course provides online, on-demand instruction and is ideal for preparing you and fellow audit, assurance, control, security and cyber security professionals for the CISA certification exam. The course covers all five of the CISA domains, and each section corresponds directly to the CISA job practice. It uses proven instructional design techniques, incorporating video, narrated interactive eLearning modules, downloadable, interactive workbooks, downloadable job aids, case study activities and pre- and-post-course assessments. You will be able to navigate the course at your own pace following a recommended structure or target preferred job practice areas. You may also start and stop the course based on your preferred study schedule, picking up exactly where you left off the next time you return. Trained by ISACA. Certified by ISACA. Purchase here: http://bit.ly/2qZK17D

Africa CACS 2017 Overview

Mark your calendars for 11-12 September 2017 and join us in Accra, Ghana! Don’t miss the opportunity to earn up to 29 CPE hours and be a part of the top conference for Audit and Security professionals. http://bit.ly/2pX2GAk

North America CACS 2017 Highlights

The North America CACS 2017 conference in Las Vegas just ended. Check out the conference highlights and register for NACACS 2018 in Chicago here: http://bit.ly/2pXnHO5

2016 Annual Report: A Year of Impact, Innovation and Growth

ISACA achieved many milestones in 2016 that allowed us to make substantial progress in our programs and pursue several new opportunities for our global community. The 2016 Annual Report highlights the year’s accomplishments, which were made possible through the commitment and support of ISACA members, volunteers and professional staff. See the full report here: http://bit.ly/2prGVLF

ISACA Volunteer Appreciation

It's National Volunteer Appreciation Week and ISACA wants to thank all of our dedicated volunteers. In a world where time is our most precious commodity, your willingness to give back inspires us all, especially knowing that you do so above and beyond your many other professional and personal responsibilities. Read what ISACA CEO, Matt Loeb has to say about volunteers: http://bit.ly/2oOb57W

IT Audit Leaders Forum at EuroCACS 2017

In an effort to provide IT Audit Leaders with a forum to discuss common needs and solutions, ISACA is organizing an “invitation only” complimentary one-day event held adjacent to ISACA’s 2017 EuroCACS. This one day forum offers an unrivaled opportunity to expand your network, build onto your knowledge and skills and to discuss common needs and solutions among peers. Learn more here: http://bit.ly/2nHO3mn.

EuroCACS 2017 Overview

Mark your calendar for 29 – 31 May 2017 and join us in Munich, Germany! Don’t miss the opportunity to earn up to 32 CPE hours and be a part of the top conference for IS audit and security professionals! http://bit.ly/2mzt0Pb

NACACS 2017 Workshop - COBIT 5 Foundation

Learn the importance of an effective framework to enable business value during the COBIT 5 Foundation workshop available at #NACACS 2017. Learn more here: http://bit.ly/2no2iJn

Earn 39 CPE hours at North America CACS 2017 Conference

Mark your calendar for 1 – 3 May 2017 and join us in Las Vegas, Nevada! Don’t miss the opportunity to earn up to 39 CPE hours and be a part of the top conference for IS audit and IT security professionals!In addition to the 39 CPE hours for attending the North America CACS conference, take advantage of the four pre-conference workshops and four post-conference workshops. To learn more: http://bit.ly/2mGYyGc

Why I Work at ISACA

ISACA employees explain how they demonstrate ISACA's values and why they enjoy working at ISACA. To learn more about open job positions at ISACA, click here: http://bit.ly/2mOl8dc

EuroCACS 2017 Workshop - COBIT 5 Foundation

EuroCACS 2017 in Munich has 1 and 2 day workshops available before the conference. Click here to learn more and sign up for the COBIT 5 Foundation workshop: http://bit.ly/2l0WKUp

ISACA Sponsorship Opportunities - Lloyd's Register

Lloyd's Register explains why they sponsored ISACA's CSX Europe conference. To learn more about how you can experience the power of partnership with ISACA, visit our website: http://bit.ly/2kGRFji

ISACA Sponsorship Opportunities - Turn Key Consulting

Turn Key Consulting explains what made them decide to become a sponsor for ISACA's CSX Europe conference. To learn more about how you can experience the power of partnership with ISACA, visit our website: http://bit.ly/2kH4utT

Get Involved in ISACA

People share what motivated them to volunteer for ISACA and the benefits they have received from getting involved. Learn more about becoming a volunteer here: http://bit.ly/2kyEoJo

CSX North America Overall Experience Testimonial

2015 attendees give testimonials about their experience at CSX North America. Don't miss out on the 2016 conference in Las Vegas. Sign up here: http://bit.ly/2cTRu5S

CSX Europe - Overall Experience Testimonial

2015 attendees give testimonials about their experience at CSX Europe. Don't miss out on the 2016 conference in London. Sign up here: http://bit.ly/2clEJfn

CSX Asia - Overall Experience Testimonial

2015 attendees give testimonials about their experience at CSX Asia Pacific. Don't miss out on the 2016 conference in Singapore. Sign up here: http://bit.ly/2clFy7I

CSX Asia Pacific - Sessions Testimonial

In this video, CSX Asia Pacific 2015 attendees give testimonials about their experience. Click here to sign up for the 2016 conference in Singapore: http://bit.ly/2clFiFS

6th Annual IT Audit Benchmarking Survey

ISACA, in partnership with Protiviti, has released the 6th Annual IT Audit Benchmarking Survey results. View the full survey results, infographic, and more at http://bit.ly/2l1mFer.

Why should you get a Cybersecurity Nexus Practitioner Certification (CSXP)?

Are you contemplating getting a Cybersecurity Nexus Practitioner Certification (CSXP)? Watch this video to see what motivated Adam Khan to pursue it. Learn more about the CSXP certification here: http://bit.ly/2k9ox5g

CRISC Certification Holders Express What Motivated Them to Get Certified

Certified in Risk and Information Systems Control (CRISC) certification holders discuss how what motivated them to pursue the CRISC. Learn more about the CRISC certification here: http://bit.ly/2jHZWX9

CSX Asia - Networking Testimonial

After attending 2015 CSX Asia Pacific, attendees give testimonials about their experience. Click here to sign up for the 2016 conference in Singapore: http://bit.ly/2clFAMK

EuroCACS 2017 Promo

Mark your calendar for 29–31 May 2017 and join us in Munich, Germany! Don’t miss the opportunity to earn up to 32 CPE hours and be a part of the top conference for Audit and Security professionals! http://bit.ly/2hb0YJO

Christos K. Dimitriadis | Opening Remarks at CSX Asia Pacific Conference

Christos K. Dimitriadis, Ph.D., CISA, CISM, CRISC, is chair of ISACA’s Board of Directors and group director of information security for INTRALOT, a multinational supplier of integrated gaming and transaction processing systems. Dimitriadis has built INTRALOT’s Global Information Security operations and is responsible for the alignment of the Group’s security strategy with the business needs. He also designed INTRALOT’s innovation program in 2013 and heads the office of the CTO, managing business transformation.

ISACA CGEIT Certification Holders Explain How They Put Credentials to Use

Individuals with Certified in the Governance of Enterprise IT (CGEIT) classifications discuss the professional benefits of CGEIT. http://bit.ly/2gh8pgK The uniquely governance-focused CGEIT certification ensures holders are capable of bringing IT governance into an organization, can grasp the complex subject holistically, and enhance the value that the enterprise obtains from its IT solutions. Since its inception in 2007, thousands of professionals around the world have earned the industry-leading CGEIT designation as a means to affirm that they have the broad knowledge and the wide-ranging experience necessary to support and advance the IT governance of an enterprise; ensuring that business IT systems align with optimum effectiveness and efficiency. Learn more about the CGEIT certification: http://bit.ly/2gh8pgK

ISACA CISA Certification Holders Describe Career Benefits

Certified Information Systems Auditor (CISA) certification holders discuss the professional benefits of earning and maintaining their CISA certification. http://bit.ly/2gh4QHd For some business and government agencies, CISA certifications have become a prerequisite for information systems and information technology roles. CISA certifications are world-renowned as the standard of achievement for those who assess an organization’s information technology and business systems and provide assurance on their availability and sustainability. Since its inception in 1978, more than 129,000 people have become CISA certified to validate their expertise. Learn more about the CISA certification: http://bit.ly/2gh4QHd

CSX 2016 Asia Pacific Conference Highlights Insights

Don't miss out on highlights and insights from the CSX 2016 Asia Pacific Conference in Singapore! The inaugural conference brought together globally respected experts and professionals at the Marina Bay Sands hotel to share expertise and make new connections. Thank you to all the attendees, volunteers and staff for making this event a success! http://bit.ly/2f7ZlLF

CSX 2016 Asia Pacific Conference Slideshow

Check out the CSX 2016 Asia Pacific Conference Slideshow! Attendees at the Marina Bay Sands hotel in Singapore took part in engaging keynote presentations, high-impact break out sessions and more. Thank you to all the attendees, volunteers and staff for making this event a success! http://bit.ly/2fZcft1

ISACA’s IT Risk/Reward Barometer: Augmented Reality

CSX 2016 Europe Conference Highlights

See the highlights from CSX 2016 Europe Conference that was held in London. Attendees took part in engaging keynote presentations. As well as high-impact break out sessions that provided the unique opportunity to learn from top experts in the field in this inaugural conference. Thank you to all the attendees, volunteers and staff. http://bit.ly/2enygDQ

CSX 2016 North America Conference Highlights

Enjoy the very best of what CSX 2016 North America had to offer in this highlight video. The attendees at the Cosmopolitan Hotel in Las Vegas, each engaging keynote and session speaker, the interactive Cyber Challenge and more made this history-making cyber event a resounding success! We cannot wait to see everyone next year in Washington D.C.

CSX 2016 North America Conference Photo Highlights

Take a look at photos from the CSX 2016 North America conference . The attendees at the Cosmopolitan Hotel in Las Vegas, each engaging keynote and session speaker, the interactive Cyber Challenge and more made this history-making cyber event a resounding success! We cannot wait to see everyone next year in Washington D.C.

CSX Conference Testimonials

Here is what last years attendees had to say about the inaugural CSX Conferences. Click here to register for the 2016 conferences in Las Vegas, London and Singapore: http://bit.ly/2cTUzmw

Latin CACS 2016 - Puerto Rico

Latin CACS ofrece el chance de ampliar tus redes de contactos y profundizar conocimientos/habilidades. Inscríbete en: http://bit.ly/2clzo7D

How Can Auditors Use COBIT 5 to Benefit the Business?

Shaun Kirby emphasizes COBIT’s value in allowing organizations to audit in line with industry standards. For more information, visit http://bit.ly/2bgXa3Q.

How Do You Explain COBIT to Your Dad – Or Your CEO?

Mark Pardee says that COBIT helps convey complicated concepts in simple business terms. For more information, visit http://bit.ly/2bgYlAc.

How Does COBIT 5 Help With Knowledge Management and Innovation?

Marjorie Hechavarria explains how COBIT helps organizations work across departments to achieve business goals. For more information, visit http://bit.ly/2bfVNYE.

Why Switch to COBIT 5?

James Lloyd addresses the benefits of switching to COBIT 5 from previous versions. For more information, visit http://bit.ly/2bfDjaW.

How Can You Customize COBIT?

Gwen Clopton lauds COBIT for its flexibility. For more information, visit http://bit.ly/2bfCq20.

How Can COBIT 5 Provide a Common Language for Business and IT?

Bernard K. Akowuah describes how COBIT 5 helps business and IT better understand one another. For more information, visit http://bit.ly/2bftMR4.

ISACA North America CACS 2016 Highlights

ISACA North America CACS 2016 Highlights - See a recap of the NACACS event in New Orleans, LA.

Christos Dimitriadis Invites You to AfricaCACS

ISACA Board of Directors Chair, Christos Dimitriadis, invites you to the inaugural AfricaCACS conference in Nairobi, Kenya 8-9 August. Sign up today! http://bit.ly/2aoswu4

Introduction to COBIT Video Series

This self-paced video series offers an easy and convenient way for employees, practitioners, managers and executives to learn about the basics of COBIT 5 and the value of governance of enterprise IT (GEIT). Click here for full series: http://bit.ly/2aoyUS4 The videos provide a baseline of knowledge for COBIT and governance programs. If a lack of COBIT training resources is a problem in your geographical region, this on demand video series can help fill that need. Sign up and watch on your schedule. Enterprise/group learning packages are also available.

ISACA 2015 Annual Report

The 2015 Annual Report spotlights ISACA’s accomplishments last year and emphasizes that we can achieve great things. #WeAreOne

ISACA EuroCACS 2016

ISACA EuroCACS 2016 Conference - Dublin, Ireland

Simon T. Bailey - North America CACS 2016

Don't miss your chance to see Keynote Speaker, Simon T. Bailey, at ISACA's North America CACS Conference on May 4, 2016. Register now: http://bit.ly/21RcsPO

North America COBIT Conference - Promo

Register for North America COBIT Conference today!

North America CACS 2016 - Promo

Register for North America CACS today!

Simon T. Bailey Promotes North America CACS 2016

Register for the North America CACS 2016 Conference to see keynote speaker Simon T. Bailey http://bit.ly/1T4cDaA

EuroCACS Conference 2015 - Super Spy Me Event

ISACA's 2015 EuroCACS conference was in Copenhagen, Denmark. The special event, Super Spy Me, was a hit with attendees.

Cybersecurity Nexus (CSX) Training & Certifications

ISACA International President Christos Dimitriadis discusses new cybersecurity career resources.

CSX 2015: ISACA's Inaugural Cyber Security Conference

ISACA International President Christos Dimitriadis Invites You to CSX North America 2015.

ISACA Overview

2014 ISACA Annual Report Overview

ISACA marked a milestone year in 2014 by reaching its 45th anniversary. While we are extremely proud of our history and accomplishments, we took this notable year as an opportunity to look forward and position our organization for future growth. We live in a world where change is an everyday event. We need to adapt, innovate, lead with vision and create an impact. And most important, we need to assure trust in everything we do and in every tool and piece of knowledge we create. Take a look back at 2014.

Resources for Privacy Professionals

Learn more about the resources available from ISACA to help privacy professionals.

COBIT 5, The Edge You Have Been Waiting For

North America CACS 2015 | Highlights

ISACA members, IS audit, assurance, security and risk management and governance professionals came together for North America CACS 2015. See video highlights from the conference.

Join us for COBIT Conference in March 2015

IT audit, assurance, security and risk management and governance professionals join together to expand networks and build onto their COBIT knowledge and skills. Join them in March 2015 in Orlando, Florida.

Update from ISACA’s Cybersecurity Nexus (CSX)

ISACA International President Robert Stroud shares a cybersecurity update from ISACA’s Cybersecurity Nexus (CSX).

ISACA's 2014 IT Risk/Reward Barometer

ISACA International President Robert Stroud shares global survey findings on the Internet of Things, wearable tech in the workplace, and other key business/IT trends.

Cybersecurity Awareness Month

Robert E Stroud, CGEIT, CRISC, 2014-2015 ISACA International President talks about cybersecurity awareness month.

Cobit 5 Benefits

Robert E Stroud, CGEIT, CRISC, 2014-2015 ISACA International President talks about the benefits of COBIT 5.

COBIT Online Benefits

Robert E Stroud, CGEIT, CRISC, 2014-2015 ISACA International President talks about COBIT 5 online - a brand new way to access and use the COBIT guidance.

ISACA 2014 EuroCACS/ISRM Conference

Robert E Stroud, CGEIT, CRISC, 2014-2015 ISACA International President, invites you to the ISACA 2014 EuroCACS ISRM Conference.

Bhavesh Bhagat: Communicating Tech Trends to Boards

Bhavesh Bhagat, CEO/founder of Confident Governance and member of ISACA's Emerging Business and Technology Committee, discusses how critical it is to communicate to boards about emerging trends and technologies that can benefit enterprises.

Introducing: COBIT 5 Online

COBIT 5 online makes COBIT even more practical and easier to use, and provides industry and COBIT news and insights. While the full capabilities of COBIT online will be released in August (including customizable goals cascade and RACI tools), today's version immediately simplifies the process of navigating, searching and exporting the principles, practices, analytical tools and models that make COBIT 5 a key resource for the governance and management of enterprise IT. Learn more and begin using COBIT online here: http://ow.ly/wQkuR

Looking Back at ISACA's North America CACS 2014 Conference

More than 90 presenters and 1,000 attendees gathered in Las Vegas for ISACA's 2014 North America CACS Conference last month. Topics ranging from BYOD and audit analytics to career management and cybersecurity guidance helped attendees prepare for the latest issues affecting our field. During the conference, ISACA launched its new Cybersecurity Nexus program and previewed the upcoming online version of COBIT 5. ISACA's Young Professionals were given VIP treatment at a Spazmatics concert at the House of Blues, and photographers snapped free headshots so attendees could update their ISACA and social media profile pictures. Keynotes Harry Markopolos (Bernie Madoff whistle-blower) and Mike Mullane (NASA shuttle astronaut) provided attendees with key insights on fraud prevention and leadership. "To me, North America CACS is one of the best conferences available," surmised Ferry Harris. "The energy level is high and throughout three days I learned a great deal from experts and by networking with other participants."

Introducing: Cybersecurity Nexus

In enterprise IT, there is a single point where everything that matters in information, technology and business converges: Cybersecurity Nexus (CSX), a new security knowledge platform and professional program from ISACA. CSX is helping shape the future of cybersecurity through cutting-edge thought leadership, as well as training and certification programs for the professionals who are leading it there. Building on the strength of ISACA's globally-recognized expertise, it gives cybersecurity professionals a smarter way to keep organizations and their information more secure. With CSX, business leaders and cyber professionals can obtain the knowledge, tools, guidance and connections to be at the forefront of a vital and rapidly changing industry. Because Cybersecurity Nexus is at the center of everything that's coming next. http://www.isaca.org/cyber

Cybersecurity Nexus Group Photo Timelapse

Want to see how ISACA captured that CSX group photo? Take a look...

ISACA Slovensko Chapter Anniversary Message

ISACA Slovensko Chapter President Peter Borak shares his thoughts on the 15th anniversary of the group. Congratulations on this milestone, Slovensko!

The Benefits of CRISC: Troy Stairwalt

Troy Stairwalt explains why he obtained ISACA's CRISC certification and details the benefits he receives from it.

Why Do You Use ISACA's Knowledge Center?

ISACA members explain why they use the Knowledge Center.

Tichaona Zororo on the Value of ISACA Membership

ISACA volunteer Tichaona Zororo describes the benefits he receives as an association member.

Captain Richard Phillips at ISACA's ISRM

Captain Phillips previews his presentation at ISACA's North America ISRM Conference.

Jack Callaghan on Big Data at ISACA's North America ISRM Conference

Live from ISACA's North America ISRM Conference, Jack Callaghan provides a preview of his presentation.

Renee Murphy Previews NA ISRM Presentation

Bhavesh Bhagat on Emerging Technologies

Confident Governance Founder/CEO Bhavesh Bagat, a member of ISACA's Emerging Business and Technology Committee, discusses emerging technologies,

ISACA EuroCACS/ISRM 2013 Conference Review

Take a look back at ISACA's EuroCACS/ISRM 2013 conference in London, England. Then view the invite to EuroCACS/ISRM 2014 in Barcelona, Spain.

ISACA/The IIA's Governance, Risk and Control Conference 2013 Recap

Take a look back at the Governance, Risk and Control 2013 conference, cohosted by ISACA and The IIA in Phoenix, Arizona.

ISACA's COBIT and CISA in the Mauritius Government

ISACA Mauritius Chapter President Kris Seeburn explains how his government is using COBIT and CISA.

Eddie Schwartz Invites You to ISACA's North America ISRM

Eddie Schwartz, chief information security officer for RSA, will deliver the opening keynote address at ISACA's North America Information Security and Risk Management conference this November in Las Vegas. Here, he invites you to join him.

Invitation to 2013 Governance, Risk and Control Conference

Nelson Gibbs invites you to join him at the 2013 Governance, Risk and Control 2013 conference in Phoenix, Arizona, co-hosted by ISACA and The IIA.

Preview: COBIT 5 for Risk

Elza Adams describes his work with COBIT 5 for Risk and previews the framework.

INSIGHTS 2013 Slideshow

INSIGHTS 2013 was a great success. Here, we take a look back.

ISACA Student Academic Subcommittee

Dr. Hubert Glover, ISACA Student Academic Subcommittee chair, details the group's mission to welcome more students to the association.

Live From INSIGHTS 2013

ISACA volunteer and CA Technologies Vice President Robert Stroud shares highlights of ISACA's INSIGHTS 2013 conference in Berlin.

ISACA's North America CACS 2013 Slideshow

ISACA's North America CACS 2013 conference in Dallas, Texas was a great success. Here we take a look back in pictures. To learn more about all of ISACA's conferences, visit www.isaca.org.

We Are ISACA

For more than 40 years, ISACA has been a pace-setting global organization for information governance, control, security and audit professionals. View this video to get to know ISACA and visit us at www.isaca.org.

North America CACS 2013 Recap

ISACA's North America CACS 2013 conference welcomed more than 750 professionals for three days of inspiration, education, networking and some Texas-sized fun. Take a look...

North America CACS Testimonial

Nelson Gibbs provides a highlight of today's sessions at ISACA's North America CACS conference.

From INSIGHTS 2012, Rob Stroud Looks Ahead to INSIGHTS 2013

While in San Francisco during ISACA's INSIGHTS 2012 conference, Rob Stroud looked ahead to INSIGHTS 2013, taking place this June in Berlin, Germany. Learn more about INSIGHTS 2013 here: http://www.isaca.org/Education/Conferences/Pages/INSIGHTS-2013.aspx

IT Challenges and Opportunities in 2013

At a recent ISACA conference, we asked attendees about the key business/tech issues, challenges and opportunities facing them in 2013. Take a look. www.isaca.org

Looking Back at ISRM, Looking Ahead to North America CACS

Take a look back at ISACA's ISRM/IT GRC conference, held in Las Vegas, Nevada in November. And consider joining ISACA at North America CACS, this April in Dallas, Texas. http://ht.ly/gRTrB

ISACA and ENISA Discuss Security Challenges and Opportunities

The Value of Smart IT Governance

ISACA Membership

With 100,000+ constituents in 180 countries, ISACA is internationally recognized as a high-performing nonprofit, independent membership association, that addresses global, national and local information systems and business issues related to IT Governance, IT Audit, IT Security and IT Risk.

CRISC is the Certification for Risk Professionals

CRISC is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.

El Vicepresidente de ISACA le invita a la Conferencia CACS/ISRM 2012 en Latinoamérica

Luis Carselle, Vicepresidente de ISACA, le invita a la Conferencia CACS/ISRM 2012 en Latinoamérica.

CISM Security Management Certification Opens Doors

Garry Barnes, managing consultant at stratsec, discusses how the CISM certification helps open doors to gain new career and business opportunities.

CRISC: Positioning Risk and Control Professionals for Growth

Shawna Flanders, Productivity Specialist at PSCU Financial Services, discusses how the CRISC certification from ISACA can help Risk and Control professionals advance their careers.

Introducing COBIT 5

IT is complicated. IT Governance doesn't have to be. COBIT 5 for Business Management and Governance of Enterprise IT.

COBIT 5 - Govern and Manage Enterprise IT

ISACA International President Ken Vander Wal discusses the 5 Principles of COBIT 5 and how the framework helps Govern and Manage Enterprise IT.

ISACA China Hong Kong Chapter Celebrates 30 Years

ISACA International President, Ken Vander Wal, congratulates the ISACA China Hong Kong Chapter on its 30 year anniversary.

The Business Benefits of COBIT 5

Derek Oliver, Member of the ISACA Framework Committee and Director at Ravenswood Consultants UK, discusses the business benefits of using COBIT 5.

U.S. Employees Reveal Security Concerns over Online Shopping Habits

Ken Vander Wal, ISACA International President, discloses security concerns from U.S. employees over online shopping habits uncovered in the 2011 ISACA Shopping on the Job Survey.

Insights From ISACA's Risk Reward Barometer

Brian Barnier, Principal of ValueBridge Advisors discusses the insights from ISACA's Risk Reward Barometer.

COBIT 5: An Introduction

John Lainhart, Partner IBM Global Business Solutions and Co-chair ISACA's COBIT 5 Task Force, discusses the upcoming release of COBIT 5.

Get Involved

Todd Weinman, President of The Weinman Group, discusses how his involvement with ISACA has benefitted both his professional career and personal life.

Three Reasons to Volunteer for ISACA

Matt Snider, Manager IT Assurance Services, discusses the benefits he received by volunteering for ISACA.

The Value of BMIS

Ramses Gallego, General Manager of Entel Security and Risk Management at Entel IT Consulting discusses the value of the BMIS framework. The Business Model for Information Security is a framework available from ISACA.

The Value of ISACA Networking

ISACA members discuss the value of networking with other members and IT professionals both locally and around the world.

The Value of ISACA Credentials

ISACA certification holders discuss the value of CISA, CISM, CGEIT and CRISC certifications.

The Value of CRISC

Bruce Wilkins, CEO and President of TWM Associates Inc., talks about the value of the CRISC certification.

IT Knowledge Center

Marc Vael discusses the value of the ISACA Knowledge Center, which offers forums, discussions, blogs, research and white papers for IT Professionals in the fields of IT Governance, IT Auditing, IT Security and IT Risk.

Mobile Device Risks and Benefits

Mark Lobel, Partner at PricewaterhouseCoopers, discusses the Risks and Benefits of Mobile Devices and what companies can do to educate their employees about internet safety.

Online Shopping Risks

John Pironti, President of IP Architects, discusses Online Shopping Risks and what measures companies can take to educate their employees on internet safety.

IT Professional Development

ISACA provides professional development to IT professionals engaged in IT audit, security, governance and risk.

IT Community and Leadership

ISACA provides a community and leadership for IT professionals engaged in IT audit, security, governance, assurance and risk.

IT Research and Knowledge

ISACA provides IT research and knowledge related to IT audit, security, governance and risk.

Connect Business Processes to IT Governance for Better Service Delivery

I am a CISM - Certified Information Security Manager

Testimonials on the benefits of being a CISM. Certified Information Security Manager.

I am a CGEIT - Certified in the Governance of Enterprise IT

Testimonials on the benefits of being a CGEIT. Certified in the Governance of Enterprise IT.

ISACA CPE - IT Continuing Professional Education

ISACA offers Continuing Professional Education credits for CISA, CISM, CGEIT and CRISC certifications.

I am a CISA - Certified Information Systems Auditor

Testimonials on the benefits of being a CISA. Certified Information Systems Auditor.

2020 ISACA Chapter Awards Presentation at Virtual GLS

Congratulations to the 2020 recipients of ISACA’s Chapter Awards! Learn more about their accomplishments and watch the acceptance speeches in this recorded awards presentation from the 2020 Global Leadership Summit. Outstanding Chapter Leader Award: Cai Walters (Small Chapter), Peter Morin (Medium Chapter), and Daniela Susanna Gschwend (Very Large Chapter) Innovative Chapter Program Award: China Hong Kong Chapter (Very Large Chapter), Vancouver Chapter (Large Chapter), and Amman Chapter (Medium Chapter) K. Wayne Snipes Best Chapter Award: Chicago Chapter (Very Large Chapter), Middle Tennessee Chapter (Large Chapter), Tallahassee Chapter (Medium Chapter), and Coimbatore Chapter (Small Chapter) ISACA Chair’s Award: ISACA’s members, chapters, chapter leaders, and volunteers Learn more at www.isaca.org/awards.

2020 ISACA Innovative Chapter Program Awards

Congratulations to the 2020 recipients of the Innovative Chapter Program Award: China Hong Kong Chapter (Very Large Chapter), Vancouver Chapter (Large Chapter), and Amman Chapter (Medium Chapter). Learn more at www.isaca.org/awards.

2020 ISACA Outstanding Chapter Leader Award

Congratulations to the 2020 recipients of the Outstanding Chapter Leader Award: Cai Walters (Small Chapter), Peter Morin (Medium Chapter), and Daniela Susanna Gschwend (Very Large Chapter). Learn more at www.isaca.org/awards.

Navigating the Challenges of a Pandemic

ISACA CEO David Samuelson discusses how flexibility and new approaches allowed ISACA to work through the challenges presented by the pandemic in 2020. Find out more by downloading ISACA’s 2020 Annual Report at www.isaca.org/annual-report.

#IamISACA - David Samuelson

#IamISACA: James Paul Kakembo

James Paul Kakembo talks about how emerging tech is changing the landscape of his career in Uganda. For more #IamISACA stories, visit www.isaca.org/iamisaca.

IamISACA: Ravaka Rakotozafy

ISACA Quebec City Chapter member Ravaka Rakotozafy shares her #IamISACA story about gaining early momentum in her career after relocating from Madagascar to Canada. Don't forget to check out https://www.isaca.org/ for more information!

IamISACA: Ravaka Rakotozafy - Short Version

ISACA Quebec City Chapter member Ravaka Rakotozafy shares her #IamISACA story about gaining early momentum in her career after relocating from Madagascar to Canada. Don't forget to check out https://www.isaca.org/ for more information!

We are ISACA

ISACA members from around the world weigh in on why the association matters and the impact it has had—from certifications and career advancement, to enterprise training, tools and transformation. Don't forget to check out https://www.isaca.org/ for more information!

Introducing ISACA's Strategic Plan

ISACA CEO David Samuelson and ISACA Board Chair Greg Touhill share insights on ISACA's new strategic plan, including digital trust, global impact, and reaching early-career professionals.

ISACA Journal Turns 50!

Two long-time ISACA Journal contributors, Michael Cangemi and Steven Ross, will talk about the evolution of the industry--from what the pressing topics were back when they started contributing to the Journal to the hot topics of today. For more information, please check out - https://www.isaca.org/resources/isaca-journal

ISACA Live: Critical Infrastructure Security

ISACA's Chris Dimitriadis and the US GAO's Nick Marinos discuss the current state of critical infrastructure security, escalating threats and how to better prepare. For more information check out www.isaca.org/heightened-threats Subscribe for more ISACA content!

ISACA Live: Emerging Tech - Cloud (Short Version)

Is cloud still considered an emerging technology in 2021? Will tablets replace laptops in the remote office workforce and is cloud changing zero trust? ISACA’s Dustin Brewer asks Julia Hermann (Head of Security Architecture and Cyber Defense at Giesecke + Devrient) these questions and more in this episode of ISACA Live! Don't forget to check out https://www.isaca.org/resources/news-and-trends/isaca-podcast-library for more information

ISACA Live: Emerging Tech - Cloud

Why is the cloud still considered an emerging technology in 2021? Why is the cloud both an enabler and catalyst for all other technologies? How has the cloud changed our organizational eco-systems? What is the future of cloud services? Join ISACA’s Chief Futurist, Dustin Brewer as he and Julia Hermann— Head of Security Architecture and Cyber Defense at Giesecke + Devrient answer these questions and more regarding our oldest emerging technology, the cloud! Don't forget to check out https://www.isaca.org/resources/news-and-trends/isaca-podcast-library for more information!

ISACA Live Emerging Tech Session - AI

In our second LinkedIn Live stream on Emerging Tech, Dustin Brewer, Senior Director of Emerging Technology and Innovation at ISACA, and guest, Frank Downs, Senior Director of Proactive Series at BlueVoyant, discuss the ins and outs of Artificial Intelligence including why it’s considered emerging technology, how it’s used in cybersecurity and IT audit, the many different forms of AI cyberattacks, and more. Check out the highlights here! Don't forget to check out https://www.isaca.org/credentialing/cet/artificial-intelligence-fundamentals-certificate for more information!

ISACA Live: Global Strategy

Join ISACA’s CEO David Samuelson as he discusses ISACA’s Global Strategy with ISACA’s Chief Global Strategy officer Chris Dimitriadis. Chris shares his career path to ISACA, industry trends, advice to the next generation and how ISACA will continue to innovate in the future! Don't forget to check out https://www.isaca.org/ for more information!

ISACA Live: Risk Scenarios

Paul Philips and Lisa Young will discuss how risk scenarios help decision-makers understand how certain events can impact organizational strategy and objectives. Good risk scenario building is a skill and can take some time to truly master. Paul and Lisa will provide actionable advice on building the best possible scenarios to help your organization better manage risk For more information check out https://www.isaca.org/resources/it-risk

ISACA Live: State of Cybersecurity Pt. 2

In honor of Cybersecurity month, ISACA’s Director of Communications, Kristen Kessinger, and Information Security Practices Lead, Jon Brandt, discuss the findings of this year’s ISACA State of Cybersecurity research study and what they may mean for you as both members and leaders of your IT organization. Don't forget to check out https://www.isaca.org/resources/infographics/state-of-cybersecurity-2021-part-2 for more information

ISACA Live: The Privacy Landscape in 2022

On Data Privacy Day, join ISACA's Safia Kazi and the "Privacy Professor," Rebecca Herold, as they discuss data privacy priorities for 2022, including: Addressing Continuing Challenges from the Privacy Past, including fax and email breaches Addressing Challenges from the Privacy Present, including IoT risk and remote work risk Addressing Privacy Challenges Yet to Come, including AI/ML and cryptocurrency For more information, be sure to check out: https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2021/three-key-priorities-for-privacy-practitioners-in-2022

ISACA Live: Ultra Emerging Tech (Full Version)

Join ISACA's Kevin Keh, and guest, Ramses Gallego [ISACA Emerging Tech Committee Member], in the latest session of our ISACA Live series on Emerging Technology as they discuss four of the most prominent forms of ultra-emerging technologies including Quantum Computing, Nanotechnology, Internet of Behavior (IoB) and XR/VR. For each technology, they’ll dive deep into what the technology is, why it’s considered emerging and ultimately, why it’s something your organization should keep an eye on as it continues to evolve. Happy viewing! Don't forget to check out ISACA’s Certified in Emerging Technology Certification: https://www.isaca.org/credentialing/cet for more information

ISACA Live: Ultra Emerging Tech Part I–What is Quantum Computing?

Join ISACA's Kevin Keh, and guest, Ramses Gallego [ISACA Emerging Tech Committee Member], in the latest session of our ISACA Live series on Emerging Technology as they discuss four of the most prominent forms of ultra-emerging technologies including Quantum Computing, Nanotechnology, Internet of Behavior (IoB) and XR/VR. For each technology, they’ll dive deep into what the technology is, why it’s considered emerging and ultimately, why it’s something your organization should keep an eye on as it continues to evolve. Happy viewing! Don't forget to check out ISACA’s Certified in Emerging Technology Certification: https://www.isaca.org/credentialing/cet for more information

ISACA Live: Ultra Emerging Tech Part II–Why should Quantum Computing matter to our viewers?

Join ISACA's Kevin Keh, and guest, Ramses Gallego [ISACA Emerging Tech Committee Member], in the latest session of our ISACA Live series on Emerging Technology as they discuss four of the most prominent forms of ultra-emerging technologies including Quantum Computing, Nanotechnology, Internet of Behavior (IoB) and XR/VR. For each technology, they’ll dive deep into what the technology is, why it’s considered emerging and ultimately, why it’s something your organization should keep an eye on as it continues to evolve. Happy viewing! Don't forget to check out ISACA’s Certified in Emerging Technology Certification: https://www.isaca.org/credentialing/cet for more information

ISACA Live: Ultra Emerging Tech Part III–What is nano-technology?

Join ISACA's Kevin Keh, and guest, Ramses Gallego [ISACA Emerging Tech Committee Member], in the latest session of our ISACA Live series on Emerging Technology as they discuss four of the most prominent forms of ultra-emerging technologies including Quantum Computing, Nanotechnology, Internet of Behavior (IoB) and XR/VR. For each technology, they’ll dive deep into what the technology is, why it’s considered emerging and ultimately, why it’s something your organization should keep an eye on as it continues to evolve. Happy viewing! Don't forget to check out ISACA’s Certified in Emerging Technology Certification: https://www.isaca.org/credentialing/cet for more information

ISACA Live: Ultra Emerging Tech Part IV–Why should Nano-technology matter to our viewers?

Join ISACA's Kevin Keh, and guest, Ramses Gallego [ISACA Emerging Tech Committee Member], in the latest session of our ISACA Live series on Emerging Technology as they discuss four of the most prominent forms of ultra-emerging technologies including Quantum Computing, Nanotechnology, Internet of Behavior (IoB) and XR/VR. For each technology, they’ll dive deep into what the technology is, why it’s considered emerging and ultimately, why it’s something your organization should keep an eye on as it continues to evolve. Happy viewing! Don't forget to check out ISACA’s Certified in Emerging Technology Certification: https://www.isaca.org/credentialing/cet for more information

ISACA Live: Ultra Emerging Tech Part IX–What is next with Emerging Technology and QA

Join ISACA's Kevin Keh, and guest, Ramses Gallego [ISACA Emerging Tech Committee Member], in the latest session of our ISACA Live series on Emerging Technology as they discuss four of the most prominent forms of ultra-emerging technologies including Quantum Computing, Nanotechnology, Internet of Behavior (IoB) and XR/VR. For each technology, they’ll dive deep into what the technology is, why it’s considered emerging and ultimately, why it’s something your organization should keep an eye on as it continues to evolve. Happy viewing! Don't forget to check out ISACA’s Certified in Emerging Technology Certification: https://www.isaca.org/credentialing/cet for more information

ISACA Live: Ultra Emerging Tech Part V–What is internet of behaviors?

Join ISACA's Kevin Keh, and guest, Ramses Gallego [ISACA Emerging Tech Committee Member], in the latest session of our ISACA Live series on Emerging Technology as they discuss four of the most prominent forms of ultra-emerging technologies including Quantum Computing, Nanotechnology, Internet of Behavior (IoB) and XR/VR. For each technology, they’ll dive deep into what the technology is, why it’s considered emerging and ultimately, why it’s something your organization should keep an eye on as it continues to evolve. Happy viewing! Don't forget to check out ISACA’s Certified in Emerging Technology Certification: https://www.isaca.org/credentialing/cet for more information

ISACA Live: Ultra Emerging Tech Part VI–Why should “internet of behaviors” matter to our viewers?

Join ISACA's Kevin Keh, and guest, Ramses Gallego [ISACA Emerging Tech Committee Member], in the latest session of our ISACA Live series on Emerging Technology as they discuss four of the most prominent forms of ultra-emerging technologies including Quantum Computing, Nanotechnology, Internet of Behavior (IoB) and XR/VR. For each technology, they’ll dive deep into what the technology is, why it’s considered emerging and ultimately, why it’s something your organization should keep an eye on as it continues to evolve. Happy viewing! Don't forget to check out ISACA’s Certified in Emerging Technology Certification: https://www.isaca.org/credentialing/cet for more information

ISACA Live: Ultra Emerging Tech Part VII–What is XR and VR?

Join ISACA's Kevin Keh, and guest, Ramses Gallego [ISACA Emerging Tech Committee Member], in the latest session of our ISACA Live series on Emerging Technology as they discuss four of the most prominent forms of ultra-emerging technologies including Quantum Computing, Nanotechnology, Internet of Behavior (IoB) and XR/VR. For each technology, they’ll dive deep into what the technology is, why it’s considered emerging and ultimately, why it’s something your organization should keep an eye on as it continues to evolve. Happy viewing! Don't forget to check out ISACA’s Certified in Emerging Technology Certification: https://www.isaca.org/credentialing/cet for more information

ISACA Live: Ultra Emerging Tech Part VIII–Why should XR/VR matter to our viewers?

Join ISACA's Kevin Keh, and guest, Ramses Gallego [ISACA Emerging Tech Committee Member], in the latest session of our ISACA Live series on Emerging Technology as they discuss four of the most prominent forms of ultra-emerging technologies including Quantum Computing, Nanotechnology, Internet of Behavior (IoB) and XR/VR. For each technology, they’ll dive deep into what the technology is, why it’s considered emerging and ultimately, why it’s something your organization should keep an eye on as it continues to evolve. Happy viewing! Don't forget to check out ISACA’s Certified in Emerging Technology Certification: https://www.isaca.org/credentialing/cet for more information

ISACA Live with Dustin Brewer and Kristen Kessinger

Watch ISACA's Dustin Brewer tell you what you need to know about IoT now--why is it still considered an emerging tech? What are the biggest cybersecurity threats, and what opportunities will the Internet of Things bring in the next five years? Watch to find out. Don't forget to check out https://www.isaca.org/resources/news-and-trends/isaca-podcast-library for more information!

ISACA’s Digital Transformation Part I —Positive Potential of Technology

Join ISACA’s CEO David Samuelson as he discusses the positive potential of technology with ISACA’s Chief Product Officer, Nader Qaimari. Listen in as Nader explains how ISACA’s newest certifications (Emerging Technology and Information Technology) were built with performance based testing and gamification to help beginners and young professionals get started in the IT field. Providing this new learning will help hiring managers who are struggling to find the right candidates due to these missing skills gaps. David and Nader also discuss ISACA’s new unified learning platforms that are scalable and supports the needs of our global members. Don't forget to check out https://www.isaca.org/ for more information!

ISACA’s Digital Transformation Part II — People, Process, and Technology

David Samuelson is back and continuing his discussion of ISACA’s Digital transformation. This time David interviews members of ISACA’s IT team — CTO, Simona Rollinson; Sr. Director, Application Development, Sean Ways; and Sr. Director of Enterprise Project Management, Amy Witkowski. Listen in as they discuss ISACA’s new, customer-centric CMS and how we have and will rely on technology through the pandemic and beyond. The team also explains how ISACA has recruited the right talent to staff up for the programs of the future through the power of “people, process, and technology”. Don't forget to check out https://www.isaca.org/ for more information!

ISACA’s Digital Transformation Part III — The Digital Member Experience

David Samuelson and ISACA’s Chief Membership Officer, Julia Kanouse discuss the positive impact of technology on our members and the ways in which our global community has grown even closer despite the pandemic. Watch as Julia shares some takeaways from the past year, including how the success of ISACA’s virtual conferences led to the decision to make future events hybrid, showing ISACA’s commitment to being digital first and allowing the opportunity for more people to attend who may have not been able to before. David and Julia also talk about how building digital trust between ISACA and our members will play a role in areas such as future improvements to our website and its user experience. Don't forget to check out https://www.isaca.org/ for more information!

Industry Spotlight: Mark Thomas

In 2019, Mark Thomas was on the road 40 weeks in 18 US states and 13 countries. In 2020, he pivoted to a workstyle of 1 location, 1 state and 1 country. He tells ISACA's Jessica Barnett that he was actually prepared for a pandemic-type of event that stopped travel in his business plan. Mark and Jessica dive deep into his career journey and their shared history of developing ISACA training content. He also was the CIO of a telecommunications startup that was all remote pre-pandemic. Mark is an accredited ISACA trainer and shares his advice on what credential you should get and how to grow your career. Tune in now to hear Mark's exciting story! Visit markthomasonline.com for more information on Mark. Visit isaca.org/podcasts for my ISACA podcasts. Be sure to like, comment, and subscribe for more ISACA Productions content!

ISACA: Introduction to Digital Trust Online Course_38

What is Digital Trust? How can you use it for an organization, or use it in your professional career? As an enabler for Digital Trust, ISACA can help you find the answers. Check out the Introduction to Digital Trust Online course for more information. https://www.isaca.org/go/online-course

Digital Trust: The Bigger Picture

Imagine a digital world that's more transparent, that's more secure, that's more honest. Where everyone can thrive. For more information, check out https://isaca.org/digital-trust

ISACA: Introduction to Digital Trust Online Course_25

What is Digital Trust? How can you use it for an organization, or use it in your professional career? As an enabler for Digital Trust, ISACA can help you find the answers. Check out the Introduction to Digital Trust Online course for more information. https://www.isaca.org/go/online-course

Digital Trust - Many Ways

For more information, check out http://isaca.org/digital-trust

What does Digital Trust Mean to You?

What does Digital Trust mean to you? Hear from ISACA volunteers, members, and contributors to get their thoughts on what Digital Trust means to them. For more information, check out http://isaca.org/digital-trust

Digital Trust Requires All Hands on Deck—But the ROI Is Worth It

Everyone has some responsibility for digital trust within an enterprise—from IT to HR and marketing, and beyond. But the benefits are many, says ISACA Digital Trust Task Force Member Mark Thomas. Watch this conversation with Thomas and ISACA’s Karen Heslop to better understand what digital trust encompasses, how all employees can advance the pursuit of digital trust, and the ROI companies see as a result. For more information, check out - http://isaca.org/digital-trust

ISACA: Introduction to Digital Trust Online Course_70

What is Digital Trust? How can you use it for an organization, or use it in your professional career? As an enabler for Digital Trust, ISACA can help you find the answers. Check out the Introduction to Digital Trust Online course for more information. https://www.isaca.org/go/online-course

What does Digital Trust Mean to ISACA?

What does Digital Trust mean to ISACA? Join ISACA's CEO, David Samuelson as he talks about what Digital Trust means for ISACA. David is also joined by Chief Global Strategy Office, Chris Dimitriadis, and Chief Marketing & Membership Officer, Julia Kanouse to discuss their views on what Digital Trust means for ISACA. For more information, check out http://isaca.org/digital-trust

Celebrating Women in Tech

ISACA women leaders in tech give their best career advice to women who are looking to enter the field! Learn more about ISACA and ISACA Foundation’s SheLeadsTech program, which empowers women to enhance their professional skills and advocate for their career advancement.

ISACA’S Certified in Emerging Technology Certification

Build on your IT knowledge and skills in four leading-edge, in-demand emerging technology domains. Obtain four knowledge- and performance-enhancing certificates that stack up to earn you the career-accelerating ISACA® Certified in Emerging Technology™ (CET) Certification. ISACA’s CET affirms you have what it takes to apply in-demand emerging tech expertise to your current or future role in IT audit, risk, security, cybersecurity, governance, privacy or business growth. CET hands-on performance learning techniques build and reinforces vital practical skills required to leverage emerging technology in your daily job. As the next best thing to real-world experience, CET validates that you’re ready to advise, assess and implement today’s leading-edge emerging technologies and deliver their rewards to your enterprise or clients. For more information, check out https://www.isaca.org/credentialing/cet

ISACA’S Certified in Emerging Technology Certification

Build on your IT knowledge and skills in four leading-edge, in-demand emerging technology domains. Obtain four knowledge- and performance-enhancing certificates that stack up to earn you the career-accelerating ISACA® Certified in Emerging Technology™ (CET) Certification. ISACA’s CET affirms you have what it takes to apply in-demand emerging tech expertise to your current or future role in IT audit, risk, security, cybersecurity, governance, privacy or business growth. CET hands-on performance learning techniques build and reinforces vital practical skills required to leverage emerging technology in your daily job. As the next best thing to real-world experience, CET validates that you’re ready to advise, assess and implement today’s leading-edge emerging technologies and deliver their rewards to your enterprise or clients. For more information, check out https://www.isaca.org/credentialing/cet

US DoD’s CMMC Guidelines — What You Need to Know

Cybersecurity Maturity Model Certification or CMMC is a new security program being released by the US DoD. If you are a DoD contractor, your livelihood could be at stake as contract requirements and contractors will need to be certified or a contract won’t be awarded. Listen in as TelaTek's Director of Operations, Johann Dettweiler breaks down these new requirements published in his latest journal article with ISACA's CMMI Professional Practice Lead, Kileen Harrison. Johann discusses the importance of all organizations —big or small—going through the different levels of security in the CMMC guidelines, starting at Level 1 and working their way up. What is the most important thing an organization needs to get started? The ability to read, familiarize and understand the different levels of CMMC otherwise, they won’t know how to implement it in their organization and will have to hire a third party. These CMMC requirements are here to stay and will only continue to get more stringent the more hacks and attacks keep increasing. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-4/what-government-contractors-should-know-about-the-us-dods-cmmc-guidelines for more information!

Security As A Service

What is security as a service and when is it needed? Tune in as ISACA’s Cyber Pros explain how the increase in hacks and attacks are forcing companies to take cyber security more seriously. The bad news is, there is a lack of cyber security professionals in the field and those who do have the necessary skillset to manage a company’s security are becoming more and more costly. Academia is trying to help get the security workforce up to speed quickly, but they are failing. Until we see an influx of new and skilled cyber security professionals, security as a service is an option that can save your company both time and money and help assure that your company’s data and information is safe and secure. For more information, check out ISACA’s State of Cybersecurity 2021: https://www.isaca.org/go/state-of-cybersecurity-2021

IT Audit in Practice: Survival When You are Small-business Continuity and Resilience

Everyone needs a resilient operating model, and the pandemic has been the reality check showing how necessary it is to have a plan. Was your small-business or corporation prepared for the shift to remote work in early 2020? If not, you probably realized that business continuity is more than having the right systems and applications in place. The most important factor is people! Although both large and small enterprises have accommodated and adapted, the smaller organizations with fewer resources and time have faced equal or greater hurdles when it comes to this type of planning. Join ISACA’s IT Professional Practices Lead, Kevin Keh, as he interviews Cindy Baxter, Director, What’s the Risk, LLC and discusses the importance of having a business continuity and resilience plan for your business. Cindy discusses consistently updating your crisis team and notification systems, the importance of allowing an auditor to fully understand your business, accepting critical feedback throughout the entire audit process vs. waiting for the final report and more! Cindy also mentions how small business owners and employees shouldn’t get defensive or take the findings personally. Remember, the value comes not in the result, but in the adoption of the results and recommendations. For more information on this topic, download ISACA’s IT Business Continuity/Disaster Recover Audit Program here: shorturl.at/uLZ16

Privacy-Preserving Analytics and Secure Multiparty Computation

Organizations are increasingly concerned about data security in several scenarios, including collecting and retaining sensitive personal information; processing personal information in external cloud environments, and information sharing. Commonly implemented solutions do not provide strong protection from data theft and privacy disclosures. Privacy and risk management professionals are particularly concerned about the privacy and security of data analytics that are shared externally. Compliance of privacy regulations such as the US State of California Consumer Privacy Act (CCPA), the EU General Data Protection Regulation (GDPR) and other emerging regulations around the world require techniques for secure processing of sensitive data. Listen in as ISACA’s Safia Kazi interviews Chief Security Strategist and data protection expert, Ulf Mattsson on the latest on privacy-preserving techniques. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-2/privacy-preserving-analytics-and-secure-multiparty-computation for more information!

Why should I listen to you?

Why should you listen to ISACA’s CyberPros? Find out as Dustin Brewer and Frank Downs explain how they got started in the cybersecurity field and grew their knowledge and experience to become the cyber professionals they are today. Dustin and Frank discuss their traditional and non-traditional paths to learning, their experience working in the US government and the importance of earning a certification and continuing your education. Want to know how to get started in Cybersecurity? Start here by listening to this podcast. Don't forget to check out https://www.isaca.org/resources/news-and-trends/isaca-podcast-library for more information!

ISACA Live with Dustin Brewer and Kristen Kessinger (short version)

Watch ISACA's Dustin Brewer tell you what you need to know about IoT now--why is it still considered an emerging tech?

Cybersecurity Isn’t Real, Right? Wrong!

Every day, the risk of cyber and ransomware attacks regularly increases in frequency and danger. But despite the proof in numbers, many organizations still don’t recognize the need to fortify their fortress and improve the strength of their Cybersecurity practices. This is because the leadership of many organizations don’t understand cybersecurity or even want to understand it. That is —until it is too late. In this episode, ISACA’s Cyber Pros, Dustin Brewer and Frank Downs explain the importance of cybersecurity and provide real world examples of why it pays to be proactive, not reactive when it comes to your company’s security. In the end, it will not only save your company a ton of time and money, but may even save your company! Interested in learning more on this topic Check out ISACA’s State of Cybersecurity 2021 report at https://www.isaca.org/go/state-of-cybersecurity-2021 .

Just the Fax on Cybersecurity

Is your home printer or fax machine an IOT device? You bet it is! Dubbed ‘Faxploit’, research has shown how cyber criminals can infiltrate any home or corporate network by exploiting wireless printers and fax machines. A fax numbers is all it takes to launch this type of attack. Listen in as Cyber Pros, Dustin Brewer and Frank Downs discuss the need for these home devices, how—they too—are at risk of being hacked and their best suggestions on how to mitigate this vulnerability. So fill your paper tray, test your fax connection and press play…it’s time for a Cyber Pros breakdown! Don't forget to check out https://www.isaca.org/resources/news-and-trends/isaca-podcast-library for more information!

Advanced Security for secret information

Listen in as ISACA Journal columnist, Steven Ross, CISA, CDPSE, AFBCI, CISSP, MBCP, delves deeper into his latest article, “Advanced Security for Secret Information.” As a follow up to his two previously published journals, “Keeping Secrets,” and “Secrets and Privacy,” Ross continues to make the case that the protection of secret information is becoming a significant issue in cybersecurity. All companies —no matter how small— need some form of a security program to protect their secret information. However, the security that is currently in place to protect those secrets are oftentimes insufficient. Steven discusses the use of encryption and extended monitoring to keep the “bad guys” at bay from stealing your important information. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-3/advanced-security-for-secret-information for more information!

ISACA's 50th Anniversary Celebration Highlights

ISACA celebrated its 50th anniversary throughout 2019 while looking ahead to an even more promising future.

ISACA in the 1970s

Take a look back at ISACA during the 1970s, a time when the association established its roots in the IT community and marked many milestones, including the hire of its first employee, the launch of its first national conference, the opening of its first international chapter and the introduction of the CISA certification. Learn how you can be part of the celebration! http://bit.ly/2EV5oRZ

ISACA in the 1980s

Revisit the 1980s, when the association, then known as EDPAA, continued to expand, increasing its number of conferences and chapters, as well as marking the milestone of its first CISA certification exam. Find out how you can be part of the ISACA50 celebration! http://bit.ly/2EU2xsC

ISACA in the 2000s

As ISACA entered into the new millennium, it successfully navigated Y2K, provided impactful guidance around Sarbanes-Oxley, and introduced its CISM and CGEIT certifications, while growing its membership to 186 chapters in 77 countries. Find out how you can be part of the ISACA50 celebration! http://bit.ly/2EV2A7t

ISACA in the 1990s

During the 1990s, the association celebrated its 25th anniversary and changed its name from EDPAA to ISACA. ISACA also introduced COBIT to help professionals govern and manage enterprise IT. Learn how you can be part of the celebration! http://bit.ly/2ERwmKp

ISACA in the 2010s

In a decade marked by increased cyber threats, ISACA introduced its CRISC certification and launched Cybersecurity Nexus (CSX) for cybersecurity professionals. The association has continued to expand with its acquisition of CMMI Institute, new international office in Beijing, and a new headquarters in Schaumburg, Illinois, as well as to reach its members in new ways, including through the introduction of the SheLeadsTech program. Learn how you can be part of the celebration! http://bit.ly/2EUkLtS

Certification Through the Years

Take a look back at the history of ISACA’s certifications for IT audit, security, governance and risk professionals—CISA, CISM, CGEIT, CRISC and CSXP— and listen to ISACA members reflect on the impact the certifications have had on their careers. Find out how you can be part of the ISACA50 celebration! http://bit.ly/2EW3AYK

Cybersecurity

ISACA has provided an array of resources to help its professional community adapt to the challenging cybersecurity landscape, including through its launch of the Cybersecurity Nexus (CSX) and the introduction of its CSXP credential. Learn how you can be part of the celebration! http://bit.ly/2EX9eKc

Introducing COBIT 2019—A Sneak Peek

The globally recognized COBIT framework, leader in ensuring effective and strategic enterprise governance of information and technology (EGIT), has been updated with new information and guidance—facilitating easier, tailored implementation. COBIT 2019 debuts on 12 November 2019—but here’s a Sneak Peek of this new release. Go to http://www.isaca.org/COBIT