The Benefits and Risk of Blockchain Technology
Blockchain technology, which rose to prominence in 2008 with the publication of the fascinating white paper Bitcoin: A Peer-to-Peer Electronic Cash System, is widely predicted to drastically transform several sectors.
All Talk, Little Action: AI and Digital Ethics in People Technology
As we continue the end-of-the year review on all things tech, digital ethics and the progress of artificial intelligence (AI) in people-related technologies springs to mind.
Offshoring: Getting it Right Through a Security and Privacy Lens
The offshoring industry is at a turning point. There is a growing demand to further saturate offshoring hubs with a view to increase profits.
How to Drive Home the Importance of Data Security with Company Stakeholders
For the modern business, there are few topics more important than data security. Without a proper appreciation for data security and all that it entails, you’ll find your business falling behind. But getting all of your employees and company stakeholders on board can prove to be a major challenge.
Exploring the Latest Version of Transport Layer Security
Transport Layer Security (TLS) is a cryptographic protocol for protecting privacy and data integrity of information (logins, passwords, credit card numbers, personal correspondence etc.,) between two communicating applications.
CEO Search Puts Focus on ISACA’s Promising Future
Just as there are no limits to the technological advancements that our professions, and society, will embrace, the impact ISACA’s professional community can make in the coming years has boundless potential.
Bound to Happen
In the wake of the high-profile information security breaches that have made headlines over the past few years, leaders in the security field have been coaching organizations to make 2 fundamental changes in the way they have traditionally handled breaches.
GDPR Progress Paves Way for Deeper Look at Role of Data in 2019
The European Union’s General Data Protection Regulation (GDPR) commanded the attention of the business community throughout 2018. Thought leadership gatherings such as ISACA conferences and webinars attempted to answer questions like, “What does it take to comply?” and “What will enforcement look like?”
Advocating for a Strong Cybersecurity Workforce, IT Audit Standards and NIST Reauthorization Act on Capitol Hill
Members of ISACA’s US Public Policy Working Group recently gathered on Capitol Hill in Washington, D.C., to listen to inspiring speakers and to advocate for issues important to ISACA constituents, drawing from their personal experiences and professional backgrounds.
Tightening Cybersecurity Assurance in Supply Chains: Three Essentials
In October 2018, Bloomberg Businessweek sent shivers through the business and intelligence community when it published an astonishing report that claimed that Chinese spies had exploited vulnerabilities in the US technology supply chain, infiltrating computer networks of almost 30 prominent US companies, including Apple, Amazon.com Inc., a major bank, and government contractors.
What is Driving Growth for AR/VR?
Gartner’s recent list of top tech trends for 2019 included immersive experiences, which they described as follows:
COBIT 2019 is Our Framework and a Framework for Us
I love COBIT. Why? To begin with, COBIT is useful and usable. Secondly, the newly updated framework combines community knowledge and flexibility.
Ryan Envisions ‘Very Positive’ Future for Women in Cybersecurity
Pat Ryan’s wide-ranging career included serving as an analyst in the British intelligence community, partnering with her husband on an oil exploration consultancy specializing in underwater seismic operations and satellite imaging, setting up and running a non-profit that installed IT equipment and educational software into UK hospitals where children were being treated, and founding Cyber Girls First, which encourages girls in the UK to take up coding and cybersecurity. Ryan, who spoke last month at ISACA’s UK Chapters conference, recently visited with ISACA Now to share about her past experiences and current efforts to inspire girls in cybersecurity. The following is a transcript of the interview, edited for length and clarity:
Envisioning the 2019 Cybersecurity Landscape
Now that we are nearing the end of the year, I thought I would revisit my own write-up on 2018 cybersecurity predictions and see how I can best update them for 2019.
Cybersecurity Due Diligence: Inherited Risk
One of the world’s largest hotel chains, Marriott International, recently reported that its Starwood Guest Reservation database was breached – meaning names, mailing addresses, phone numbers, email addresses, passport details and a variety of other personally identifiable information (PII) were leaked, all the way through to member credit card details.
The New Normal: The Learning Organization
The cyberworkforce gap is well documented. When we look at it from a macro level, it seems straightforward. Studies show between 1-3 million job openings over the next few years, unfilled due to a lack of talent.
Marriott Breach Places Dwell Time Back Under Microscope
Many of you may be wondering how can a major, multi-billion dollar organization not have sufficient cybersecurity in place to detect the theft of hundreds of millions of customer details?
Faces of ISACA: Patricia Watson
The ISACA Now series titled “Faces of ISACA” highlights the contributions of ISACA members to our global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Patricia Watson, director of cybersecurity, risk & compliance for Kitu Systems, Inc. Interested in joining ISACA and networking with colleagues like Watson? Learn more here.
Is There Value in Unstructured Data?
One of the biggest challenges for modern businesses isn’t being able to collect data, but finding a way to organize it systematically and using the data that piles up. Learning how to interpret random data points and unstructured information often proves to be more than some companies can handle, but it doesn’t have to be.
A Healthy Way to Think of Metrics
Healthcare has many parallels with information security since both are based on prevention, monitoring, diagnosis and correction to avoid negative results.
Climbing the Ladder of Success With CISA
Anyone can succeed with the right information and tools. One of the best ways for information systems professionals to ensure career success with all its attendant benefits is to earn ISACA's CISA certification.
Generations of Malicious Attacks
Attacks and security solutions have evolved rapidly over time. Different generations of attacks are identified and related security solutions are put forward. Currently, the attack evolution has overtaken the security level that the industry has deployed.
Takeaways from SheLeadsTech Event in Shanghai
ISACA successfully organized a SheLeadsTech event focusing on career development of female IT auditors in Shanghai earlier this month. This was a milestone event in China, believed to be the first female-themed event of this scale among IT auditors in China.
The Impact of GDPR on Cybersecurity Managers
Around six months have passed since the General Data Protection Regulation (GDPR) took effect. Among many unclear implication of GDPR, the vaguest might be how to ensure compliance with the security requirements, including data protection by design and by default.
Optimism and the Audit Profession
I have been fortunate in my career to have attended many excellent ISACA conferences where the keynote speakers have excelled in delivering their message in very clear and pragmatic ways.
Empowering A Safer Tomorrow
It was a dreary Thursday morning. Harriett, an up-and-coming banker, gets on her train at her usual spot and gets ready for the ride into London. She’s a mother of two with a good job in finance and a strong marriage. There is nothing unusual about this morning. All the riders are sleepy. They look at their phones or just stare at the floor of the train.
Is HIPAA Compliance Enough to Keep Your Organization Safe?
The Health Insurance Portability and Accountability Act (HIPAA) has evolved considerably to keep up with the demands of our modern society. Now that protected health information (PHI) is kept via electronic records, healthcare organizations need to comply with the HIPAA Security Rule if they want to keep their patients’ data private (and avoid a hefty fine).
Before You Commit to a Vendor, Consider Your Exit Strategy
Vendor lock-in. What is it? Vendor lock-in occurs when you adopt a product or service for your business, and then find yourself locked in, unable to easily transition to a competitor's product or service. Vendor lock-in is becoming more prevalent as we migrate from legacy IT models to the plethora of sophisticated cloud services offering rapid scalability and elasticity, while fueling creativity and minimizing costs.
Leveraging Employee Resource Groups to Build Diverse IT Audit Teams
The business case for diversity is well-established. Research studies clearly indicate that diverse and inclusive organizations benefit from increased productivity, enhanced problem solving and heightened levels of employee engagement over their more homogenous peers.
COBIT 2019 Makes Framework Easier to Understand, Customize
Practitioners charged with effective governance of information and technology have a tremendous new resource to draw upon with a significant refresh to the COBIT framework.
A Career in Artificial Intelligence
The amount of data accumulated by 2020 worldwide is predicted to exceed 44 zettabytes (or 44 trillion gigabytes), and the data growth rate is about 1.7 megabytes per second for every human being.
Building Cyber Resilience Through a Risk-Based Approach
For many organizations to have an effective cyber culture, they must also have a mature cyber culture. A recent cybersecurity culture study conducted by ISACA and CMMI Institute found that only 5 percent of organizations believe no gap exists between their current and desired cybersecurity culture.
Tim Mason, ISACA Chief Experience Officer and SVP, Operations, and a six-year member of ISACA’s executive leadership, passed away unexpectedly on 31 October. As members of ISACA’s professional community, we extend our condolences to Tim’s family. Tim’s leadership and his commitment to incredible member and customer
Faces of ISACA: Kyla Guru
The ISACA Now series titled “Faces of ISACA” highlights the contributions of members of ISACA’s global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Kyla Guru, a leader in spreading cybersecurity awareness among young people and an active proponent of ISACA’s SheLeadsTech program.
Data Security and Access to Voters’ Personal Data by Political Parties: An EU Case Study
Brexit and the 2016 US presidential election showed that microtargeting voters to deliver them certain political messages may gradually alter voters’ decisions. While less publicized, concerns related to election data integrity also exist throughout the EU.
Remembrances Pour in for Tim Mason
The loss of Tim Mason, ISACA Chief Experience Officer and SVP, Operations, who unexpectedly passed away this week at age 59, has prompted an outpouring of love, respect and admiration for Tim from staff colleagues and throughout the professional community.
Understanding Big Data and Machine Learning Projects
Big data and machine learning have rocketed to the top of the corporate agenda. Executives look with admiration at how Google, Amazon and others have eclipsed competitors with powerful new business models derived from an ability to exploit data.
The Outlook for Auditors and Infosec Professionals in the Fourth Industrial Revolution
The Future of Jobs Report 2018, published by the World Economic Forum, presents a well-researched reading with a thorough and comprehensive coverage of global industries and regions. The essence of the report can be captured in the preface by Klaus Schwab, founder and executive chairman, World Economic Forum, which states “Catalysing positive outcomes and a future of good work for all will require bold leadership and an entrepreneurial spirit from businesses and governments, as well as an agile mindset of lifelong learning from employees.”
Transparent Use of Personal Data Critical to Election Integrity in UK
The ISACA Now blog is featuring a series of posts on the topic of election data integrity. ISACA Now previously published a US perspective on the topic. Today, we publish a post from Mike Hughes, providing a UK perspective.
Key Considerations for Assessing GDPR Compliance
The European Union General Data Protection Regulation (GDPR), which took full effect in May this year, solidifies the protection of data subjects’ “personal data,” harmonizes the data privacy laws across Europe and protects and empowers EU citizens’ data privacy, in addition to changing the way data is managed and handled by organizations.
Concerted Effort Needed to Assure Data Integrity in Electoral Process
The motivations of cybercriminals are as diverse as their forms of attacks. Many cybercriminals are after money, naturally, but plenty of other incentives exist, including the allure of exerting power and influence. Unfortunately, one of the most impactful ways to do so involves tampering with the integrity of elections, a rising concern in the United States and around the world.
The Path to Improved Cybersecurity Culture
The recent ISACA-CMMI Institute cybersecurity culture research illustrates the accomplishments and gaps that are seen in organizations’ cybersecurity culture. The survey-driven research focuses on culture and continuous improvement, both essential components to a successful cyber risk management program.
The Beginnings of a New Privacy Framework Through NIST
NIST conducted a workshop on 16 October in Austin, Texas, USA, to discuss plans for a voluntary privacy framework, and attendees had the opportunity to have a robust discussion about what such a framework should entail. The workshop was attended by individuals from industry, academia, and government.
My Organization’s HIPAA Data Got Hacked: Now What?
You’ve been hacked, and electronic protected health information (ePHI) has been exposed. You have certain compliance requirements, and there are also (intertwined with the needs of compliance) reasonable steps to take to halt the compromise and protect your patients.
Board Involvement in Digital Strategy and Oversight
In light of digital transformation, boards of directors (BoD) often recognize the need for more engagement in digital strategy and oversight.
ISACA’s Inaugural SheLeadsTech™ Day of Advocacy in DC: Congressional Visits Highlight Cyber Education and Workforce Issues
Dozens of women in the SheLeadsTech program attended ISACA’s first fly-in advocacy event in Washington, DC, just a week ago with a plan to bring their voices and views to US Congressional leaders on a host of relevant legislation.
ISACA SheLeadsTech™ Day of Advocacy: Inspiring Speakers, Relatable Journeys
“My career journey wasn’t through luck; it was hard work and putting myself in situations where I wasn’t always comfortable,” said SheLeadsTech Advocacy Day keynote speaker DeAndra Jean-Louis, Vice President, Global Services Operations at Workday. Providing insights from positions at IBM, Aon-Hewitt and Arthur Andersen, among others, Jean-Louis said her start as a model, after attaining a mathematics degree from Louisiana State University, spurred her to become a technology leader.
Deployment of Emerging Technology in FinTech
Fighting poverty and achieving a high economic growth rate are two key priorities for developing countries.
Action Plan for HIPAA-Compliant Cloud
HIPAA compliance involves treating your data with extreme sensitivity, so you should view any related technology with extreme care.
The Potential Impacts of Blockchain on the Auditing Profession
Blockchain is a distributed transactional database in which transactions and related details are recorded and verified through consensus algorithms. Once a transaction is recorded, it cannot be changed or canceled.
Peter Weill: Avoid the ‘Big Bang’ in Digital Transformation
Peter Weill, senior research scientist and chair of the Center for Information Systems Research (CISR) at the MIT Sloan School of Management, is an award-winning author who focuses on the role, value and governance of digitization in enterprises. Weill, who co-authored What’s Your Digital Business Model? with Stephanie L. Woerner, recently discussed enterprise digital transformation themes with ISACA Now after addressing chapter leaders at ISACA’s Global Leadership Summit in Chicago. The following is a transcript of the interview, edited for length and clarity:
Using COBIT to Manage Shadow IT
Shadow IT is an (in)famous phenomenon in today’s business environments. Business departments source, develop and maintain systems on their own to support their processes.
Facebook Hack: Enterprise Lessons Learned
Given the volume of media coverage, there has been no missing the recent Facebook hack that impacted the accounts of 50 million Facebook users.
Shedding Light on the Dark Web
The Dark Web is the part of the internet that is inaccessible by conventional search engines and requires special anonymizing software to access.
If Digital Transformation Is Hard, Your Board May Be Lacking Key Skills and Experiences
Digital innovation and transformation is difficult when there is little in the way of clear and decisive senior leadership direction for it.
Key Takeaways from the NotPetya Malware Infection
When we talk about risk management, we are often fixated on protecting data confidentiality and mitigating related risks, but there are other equally compelling concerns, such as data availability. Consider the case of the NotPetya malware, which last year attacked the shipping giant Maersk among other companies.
Breaking Down Silos: Why Auditors and GRC Professionals Need to Grow Their Information Security Knowledge
An SVP of Enterprise Risk Management (ERM) at a highly influential financial services company recently told me that succeeding in ERM is all about “breaking down the silos.” It’s a good mantra – one that IT audit and GRC professionals should take to heart and execute on daily.
The Business Benefits of a Strong Cybersecurity Culture
I recently discovered a fascinating C-suite report that used an apt metaphor to capture why culture is so challenging for businesses: Organizational culture is like an iceberg.
Remembering My Friend and Mentor: 1984-1985 ISACA Board Chair John Lainhart
In my presentations on leadership, I always cite one example of an incredible leader who has touched my life and hundreds—probably thousands—of others: John Lainhart. John, an ISACA volunteer for nearly 40 years, introduced me to ISACA and the value of professional associations. He was my champion and my friend.
Three Keys to a Cybersecurity Culture That Will Stick
Everyone doing business today shares an unfortunate truth: no matter how strong your cybersecurity program, your employees are your biggest potential source of failure.
Application Security: A Three-Phase Action Plan
If you are like any of the security leaders with whom I typically speak, you face (at least) the following burning problems:
Privileged Access Management and Implementing It Smartly
At this period of time where IT driving “business transformation” is the order of the day, ensuring IT security is not in conflict with business is a very critical concern.
Demystifying Cybersecurity Terminology
Do you struggle to keep up to date on the latest cybersecurity terminology? Fear not, you are not alone.
The Growing Scope of the IoT
British science fiction writer Arthur C. Clark famously said, "Any sufficiently advanced technology is indistinguishable from magic.” This seems to apply today like never before, especially with the rise of the Internet of Things (IoT).
Clouds, Codebases and Contracts – How the New Era of Privacy is Changing Third-Party Risk
The last two years have taught us that conventional wisdom and knowledge around privacy and security needs a makeover, in particular as it relates to the EU’s GDPR and the California Consumer Privacy Act.
New Strategic Vision Needed to Thrive As a Digital Enterprise
Stakes are increasing when it comes to leveraging technology to define and deliver new value. The CEO and the executive team leaders are reeling with the challenges of identifying and implementing new digital business models while also wrestling with making smart capital investments to develop and mature organizational capabilities that enable agility and rapid response to new market opportunities.
Five Takeaways from the 2018 Governance, Risk and Control Conference
Governance, risk and compliance professionals shared ideas and gathered insights on how their roles are evolving in light of enterprises’ digital transformation efforts, evolving trends in innovation, and growing regulatory and security risks recently at the sold-out 2018 GRC Conference in Nashville, Tennessee, USA.
What is the Path to Self-Securing Software?
As digital business hastens the speed of application development and gives way to complex, interconnected software systems (think Internet of Things, microservices and APIs), we need to address that penetration testing, although thorough, is slow and expensive.
Adding Audit Value
One of my favorite, if not my favorite, novels is Let the Great World Spin by Colum McCann. The book is centered around Philippe Petit's 1974 high-wire walk between the Twin Towers of the World Trade Center.
Shining a Light on the Biggest Healthcare IT Challenges
Healthcare has experienced significant modernization and is now closely intertwined with IT. But as the industry changes and marketplace demands evolve, new challenges emerge. Understanding how to address these challenges is paramount to the future success of healthcare organizations and their stakeholders.
GDPR – How Organizations Are Adjusting to the New Era
On 25 May 2018, the world did not stop simply because the General Data Protection Regulation (GDPR) became enforceable. For many organizations, however, the enforcement date became a distraction, an unofficial deadline. In reality, there was no finish line.
Remembering Robert E Stroud
This weekend, all ISACA lost a dedicated leader, an engaged board member, a passionate colleague and, most notably, a dear friend. Robert E Stroud, CGEIT, CRISC, 2014-2015 ISACA Board Chair, and Board Director 2015-2018, will be deeply missed.
How to Implement MFT for Data Protection
The EU General Data Protection Regulation (GDPR) outlines measures required to protect personal data and how an enterprise moves, uses and stores that data.
Global Knowledge: ISACA Certifications Command High Salaries
Of all the certifications represented annually in the Global Knowledge IT Skills and Salary Report, ISACA is more prominent in our top-paying certifications list than any others. This year, ISACA occupies five spots in the top 20, including three in the top six worldwide.
Addressing GDPR Challenges in Poland
GDPR: An acronym and a buzzword that has set many of us into “alert mode.” Since it was set in motion more than two years ago, thousands of people worked hard to ensure their organizations were prepared by the set enforcement deadline of 25 May, 2018, and continue doing so
Decision Analysis of Ransomware Incidents
Cyberincidents involving ransomware are a common occurrence lately. Hardly a week goes by without hearing about an incident in the news.
Can Blockchain Help Fight Digital Ad Fraud?
If you are a netizen, you must have already noticed how certain ads pop up while you are surfing videos on YouTube. Most of the times, these advertisements have close connections to the products and brands you have been searching recently.
Key Steps in a Risk Management Metrics Program
Performance evaluation of an organization’s risk management system ensures that the risk management process remains continually relevant to the organization’s business strategies and objectives.
Empowering Executives with Security Effectiveness Evidence
After decades of presentations and prayers, security has finally become a business imperative for executives and boards alike.
Digital Transformation Brings More Opportunities to Financial Sector
Emerging technologies and the pace of innovation are reshaping the banking/financial industry and operating models, while influencing the shape and dynamics of the broader financial services ecosystem.
AI Factors Heavily into Future of Digital Transformation
The second installment of ISACA’s Digital Transformation Barometer research underscores the ascent of artificial intelligence as a technology with growing potential – and how urgently enterprises must rise to the occasion of addressing the related risk and security implications.
FedRAMP: Friend or Foe for Cloud Security?
Cloud security is on everyone’s minds these days. You can’t go a day without reading about an organization either planning its move to the cloud or actively deploying a cloud-based architecture. A great example is the latest news about the US Department of Defense and its ongoing move to the cloud.
CSX Europe Keynoter James Lyne Takes Great Joy in ‘Geeky Pursuits’
James Lyne, a cybersecurity expert and global head of security research at Sophos, will deliver the opening keynote address at the 2018 CSX Europe conference, to take place 29-31 October in London, UK. Lyne visited with ISACA Now to discuss major challenges faced by the cybersecurity industry as well as which characteristics best position cybersecurity practitioners for success. The following is a transcript of the interview, edited for length and clarity.
Traits of a Successful Threat Hunter
Threat hunting is all about being proactive and looking for signs of compromise that other systems may have missed. As defenders, we want to cut down the time it takes to detect attackers. To accomplish this, we assume the bad guys have penetrated our defenses, and then proceed to look for traces that their activities have left behind.
Cybersecurity is a Proactive Journey, Not a Destination
Cybersecurity continues to grab spotlight and mindshare as it pertains to computing and social trends.
Knowing What to Protect
With so many compromises leading to data breaches, one common concern is even after so much investment going into technology, people and processes, why are breaches occurring?
The AI Calculus – Where Do Ethics Factor In?
While artificial intelligence and machine learning deployment are on the rise – and generating plenty of buzz along the way – organizations face difficult decisions about how, where and when to introduce AI.
Five Keys for Adaptive IT Compliance
The fluid technology and regulatory landscape calls on IT compliance professionals to be more flexible and proactive than in the past to remain effective, according to Ralph Villanueva’s session on “How to Design and Implement an Adaptive IT Compliance Function,” Monday at the 2018 GRC Conference in Nashville, Tennessee, USA.
SWIFT Infrastructure Needs to Be Secured in a Structured Manner
In the last few years, SWIFT has become a favorite target for hackers across the globe. The frequency of SWIFT-targeted cyberattacks is a good indicator of the same.
A Prominent Place at the Table for Rural Technological Advancements
When the general public thinks about today’s exciting technological breakthroughs, the imagery that springs to mind is unlikely to be a crowded pigpen in China or yam fields in the farmland of Nigeria. Yet, rural areas are the frontlines for some of the most important gains technology is enabling in modern society.
An Overlooked Upside to Cybersecurity Roles – They’re Fun!
Recent surveys and studies have emerged that show interest in cybersecurity as a potential career field at uncomfortable lows. In fact, a recent ProtectWise report showed that only 9 percent of millennials indicate cybersecurity is a career they are interested in pursuing at some point in their lives. This disturbing finding has far-reaching potential consequences in a field that desperately needs a stronger workforce.
Lessons from the Reddit Breach
An attacker gained access in June to Reddit users’ data, including usernames, passwords, email addresses and private messages from 2005-2007. The attacker also gained access to more recent data, including current usernames and emails.
Persuasion: A Core Competency for GRC Professionals
Imagine this as a GRC professional. It’s April 2016. The European Parliament passes the General Data Protection Regulation (GDPR) with an enforcement date of May 2018. Your organization is impacted. You are going to own this.
This is Me and My (Private) Identity
Do we really need regulators to come and tell us that each person’s data is, well, private? A few years before the GDPR regulation came into effect in Europe, the Law for Protection of Personal Data Held by Private Parties (LFPDPPP) in Mexico stated basically the same principles with which many companies are now struggling to comply:
Love Them or Loathe Them, Good IT Business Cases Are of Inestimable Value to Good IT Portfolio Managers
Many struggle to pull credible business cases together. Business case mechanics aside, the hard work not only involves identifying the required data, collecting them and ensuring that they are of the right quality, it also involves receiving buy-in for the business case from stakeholders, hopefully without too much fudging.
Is it Time for a Cyber National Guard?
With more emerging risks and more data breaches, we continue to hear about the shortage of cybersecurity professionals with the necessary skills, knowledge and experience to protect our information technology infrastructure, especially in the government and public sector.With more emerging risks and more data breaches, we continue to hear about the shortage of cybersecurity professionals with the necessary skills, knowledge and experience to protect our information technology infrastructure, especially in the government and public sector.
Cultural Considerations of Adopting Application Container Technology
The benefits of application containers have been shared across a variety of forums and to a diverse audience.
Preventing the Next Digital Black Swan: The Auditor, The CISO and The C-Suite
Their brand names are notorious in cybersecurity circles: Equifax, Uber, Maersk and Saudi Aramco. Each of these businesses suffered a big breach – cyber incidents that, together, affected many millions of customers. But it wasn’t only consumer data that was compromised; these companies took huge reputational hits as well
Privacy Matters Matter
Due to scheduling and timing constraints, articles and columns that appear in the ISACA Journal are often written weeks or even months before they appear online or become available on the Journal app.
The Multiple Options for Multi-Factor Authentication
How do you prove you are you? In the physical world, we have birth certificates and driver’s licenses to prove we are who we say we are. Yet this question becomes more difficult when you are trying prove yourself to a computer system. Thankfully, Multi-Factor Authentication (MFA) can help in a variety of ways.
GDPR Means It Is Time To Revisit Your Email Marketing Strategies
Data security always has meant different things to different people. Most have agreed on the importance of using firewalls, but for decades, businesses have been able to choose the level of data encryption they employ.
Understanding Risks to Data Drives Controls Efficiencies
As we reflect on recent regulatory changes and trends, we notice a heavy focus on privacy and cybersecurity across the globe. The European Union has recently passed the General Data Protection Regulation (GDPR) and the Payment Services Directive 2. Taking it a step further, in July 2018, the EU proposed a new Cybersecurity Act (9350/18) mandating cybersecurity certification for critical infrastructure industries.
First Things First: Know Your Data
It’s been three years since the U.S. Office of Personnel Management’s (OPM) two data breaches shocked the country and spawned immediate cyber initiatives in response to the theft of millions of highly sensitive records –possibly now resulting in identity fraud, as reported by the Wall Street Journal. In the months that followed, the nation’s agencies were required to make an honest accounting of vital systems and the state of their security.
Harnessing the Hacker Mindset
Keren Elazari, cybersecurity analyst, author and researcher, will give the closing keynote address at CSX Europe 2018, to take place 29-31 October in London, UK. Elazari recently visited with ISACA Now to discuss the hacking “ethos,” whether data privacy should be considered a right or a privilege, and more. The following is a transcript, edited for length and clarity.
Blockchain Initiatives and Realistic Implementation
These days, when we turn on the television or listen to the news, we are likely to hear about the latest hot topic in technology: blockchain.
For Whom the Web Trolls: Social Media Risk in your Organization
There is no doubt that social media has penetrated the daily lives of billions of people. According to Statista, the number of monthly users of social media is slated to reach 3.02 billion people by 2021, which is around one-third of the world’s population. With social media becoming second nature to so many people in every corner of the world, the risk associated with its use is staggering.
Why Problem-Solving Can Detract from Innovation
Luke Williams, author, professor of marketing at the NYU Stern School of Business and founder of the W.R. Berkley Innovation Labs, will give the closing keynote address at the GRC Conference 2018, to take place 13-15 August in Nashville, Tennessee, USA. Williams recently visited with ISACA Now to discuss how enterprises can spark more innovation, the concept of disruptive hypotheses and more. The following is a transcript of the interview, edited for length and clarity:
Transport Layer Security Bolsters Secure Remote Data Transmission
It is an amazing time to be alive for many reasons, one of which is the ability to communicate almost seamlessly and securely with people from all over the world. Technology allows us to connect with individuals with whom we most likely never would have before.
ISACA Awards: Celebrating 2018 Recipients and Looking Forward to 2019 Nominations
Recognition of service and of outstanding achievements has long been an ISACA tradition, and it has been my pleasure to volunteer on the ISACA Awards Working Group, which was charged with enhancing the prestige and increasing global participation in the ISACA Awards Program.
CISM Top Scorer Provides Exam Insights
Last year, I passed the Certified Information Security Manager (CISM) exam and, surprisingly to me, earned the top global score.
Deep & Darknet: The Origins of Threats
The deep web and darknet comprise a sort of parallel world compared to the public internet we’re used to.
The Socially Responsible Society I Want for my Granddaughter
There is nothing quite like the birth of a child to redirect our thinking from our daily patterns and prompt us to consider the big-picture view of where our world is heading.
California Goes Beyond GDPR With New Data Privacy Law
This week, in my home state of California, the state legislature passed, and the governor signed, AB 375, officially known as the California Consumer Privacy Act of 2018.
Automated Systems and Security: Threats and Advantages
Automation is the biggest driving factor for change in most modern industries. By 2030, it’s estimated that automation could fully replace more than 800 million jobs, and in the meantime, automation is changing how we work, how we plan our businesses, and how we engage with others.
Five Tips to Make a More Secure Internet of Things
The Internet of Things (IoT) has positively exploded into our daily lives. We see IoT devices everywhere, from our workplace to our homes. It is inevitable that a new technology will become ubiquitous after it hits the headlines, and thanks to the IoT, many have done just that--repeatedly—even if the headlines aren’t always positive.
Lower IT Department Expenses Without Compromising on Security
The IT department has risen to prominence as one of the more integral components of successful, modernized organizations. However, in the midst of this growth, IT has also become increasingly expensive for many of these companies. Discovering what it looks like to manage a cost-effective IT department could be the difference between running a profitable business and straining to make ends meet.
The Assessment Will Help Your Organization Tackle Any Security Obstacle
When faced with an obstacle, how do you take the first step? I have found it helps to follow the steps outlined in Lisa Avellan’s article “Five Simple Steps When You Don’t Know Where to Start."
AI: the Challenge and the Solution
P.W. Singer, strategist and senior fellow at the New America Foundation, will deliver the closing keynote address at ISACA’s 2018 CSX North America conference, to take place 15-17 October in Las Vegas, Nevada, USA. Singer recently visited with ISACA Now to discuss pressing cybersecurity considerations that governments much grapple with, the multi-faceted impact of artificial intelligence and more. The following is a transcript of the interview, edited for length and clarity:
IT Audit Co-sourcing Requires a Strategic Touch
The 7th annual IT Audit Benchmarking Survey shed light on several IT challenges that are at the top of the agenda for executive management and will have a direct impact on IT audit plans for many enterprises in 2018.
CISA Payoff: Immediate and Enduring Throughout My Career
The Certified Information Systems Auditor (CISA) certification has truly benefited my professional aspirations.
Is the NIST Cybersecurity Framework Enough to Protect Your Organization?
The National Institute of Standards and Technology (NIST) Cybersecurity Framework, also known as the Framework for Improving Critical Infrastructure Cybersecurity and commonly referred to as CSF, is top of mind for many organizations.
Panel: More Automated Services Needed to Support GDPR Requirements
Where calls to “get ready for GDPR” permeated last year’s InfoSecurity Europe conference in London, keynote speakers at this year’s event—conducted just 10 days after the European Union’s regulatory enforcement deadline—put a stronger spotlight on GDPR compliance and sunk more serious messaging teeth into their talks.
The ISACA Journal’s Digital Transformation
The ISACA Journal has been at the heart of ISACA’s knowledge community for more than 40 years, a tradition we are proud to carry forward into the future.
Formalizing the Cybersecurity Role in MDM
While some cybersecurity teams may be anxious to get involved with master data management (MDM), there are prerequisites that we strongly recommend be in place prior to starting down the implementation path.
Auditing and Knowledge Management
Have you ever wondered what happens to all of that data, information and knowledge collected and created by internal auditors? Have you ever thought about audits you performed in the past; all that research, information gathering, development of findings, the useful collection of methods, questionnaires, test plans, etc.? Wouldn’t it be useful to share your learnings with your colleagues?
A Remarkable Time to Provide Leadership for a Remarkable Organization
Serving as board chair at any time in ISACA’s history would be incredible. To be able to serve in that capacity right now – as ISACA nears its 50th anniversary and with so much riding on the work of ISACA’s professional community – makes the opportunity ahead even more of an honor.
Data Is the New Air
In the infancy of any technology, there are going to be teachable moments. Prehistoric man’s mastery of fire didn’t come without a few scorched fingers and the occasional multi-acre conflagration. As a species, our taming of fire and combustion enabled innovations in everything from cooking to metallurgy to transportation, to an array of other endeavors. Those innovations, however, required a continuous process for humans to learn and establish capabilities to control fire, to use it appropriately, and to make it work for humanity’s benefit.
SheLeadsTech EuroCACS Seminar Recap
Sometimes, in a professional conference, especially one that begins early afternoon, mid-work-week, it can take a while for things to get going.
Understanding the Threat Landscape
Privacy and security are issues society struggles with on a daily basis, both in our private lives and in our work. We all strive to be happy, and safety is an important but an uncertain factor in our lives.
When it Comes to ERP, Cybersecurity is a Chief Concern
For businesses that have a lot of resources tied up in logistics and inventory, enterprise resource planning (ERP) systems can be a lifesaver. However, you should never invest in an ERP system blindly. With so much valuable data filtering through such a system, you must pay attention to cybersecurity.
IoT Audits Loom Large in a Connected World
The proliferation of Internet of Things devices is well-documented, with the potential for more than 20 billion connected things by 2020. Installations of connected devices are spanning virtually all industries and cover just about any use case that can be imagined.
Panel Shares Guidance in Immediate Aftermath of GDPR Deadline
Despite the many nuances about the new General Data Protection Regulation (GDPR) and questions about how it will be enforced, panelists at Tuesday’s GDPR panel during ISACA’s EuroCACS conference provided some straightforward guidance to organizations – if you don’t need the data, don’t collect it.
Payment Security and PSD2
This year has welcomed the Revised Payment Services Directive (PSD2), but what is the core reasoning behind writing the new security regulation? “There is a revolution in commerce,” Jorke Kamstra stated in his session Monday at ISACA’s 2018 EuroCACS conference in Edinburgh, Scotland.
Cyber Threat Landscape: The More Things Change …
Many analyses of cybersecurity include consideration of the field’s constant state of flux and change. As the battlefield of the internet evolves, typically, so do the attack strategies, weapons, defense mechanisms and actors. However, according to ISACA’s 2018 State of Cybersecurity research, two elements that remain relatively constant are the types of attackers and the type of attack leveraged.
GDPR Deadline Day: Not Compliant Yet?
There are lies, darned lies, and then there are GDPR poll statistics. So, when ISACA recently approached me to help analyze a new poll on GDPR readiness, I was initially apprehensive.
Securing 3D Printing
3D printing is fast becoming a disruptive technology in production and manufacturing. It grew to be a $5.1‐billion‐dollar industry by 2015 with an average growth rate of about 30%, and 5.8 million 3D printers are expected to be shipped annually by 2019.
Establishing a Triumvirate—Understanding the Interests for Enhancing Collaboration Between the CISO, the CIO and the CRO
In one of my recently published ISACA Journal articles, “Clash of the Titans: How to Win the ‘Battle’ Between Information Security and IT Without Losing Anyone,” I pointed out some of the challenges the chief information security officer (CISO) faces when it comes to prioritizing information security interests over IT interests.
Key Takeaways from a Recent Cloud Training
I recently began taking my first crack at auditing an Amazon cloud platform that comprises over a dozen managed services.
Shortage of Communication, Analytical Skills Part of Widening Cybersecurity Talent Gap
A few days ago, in between catching flights and dozing off in an airport terminal, I read an article about the recently published findings from the 2017 Global Information Security Workforce Study.
Leveraging SOC Use Cases
The majority of modern organizations have embarked on the path security operations centers (SOCs) are building. Today, the SOC is not a modern trend; it is a forced restructuring and reorganizing of existing information security or cybersecurity departments.
Security of Biomedical Devices Presents Unique Challenges
Compliance and security professionals are regularly challenged with unique security situations. However, the harder the challenge, the more rewarding it is for those who successfully solve the problem—part of what makes the profession so fulfilling.
Hot Industry Topics in the Spotlight at RSA
I was recently very fortunate to attend the biggest cybersecurity conference of its kind, the 27th annual RSA Conference (RSAC) in San Francisco, USA.
The Impact of Net Neutrality on Cloud Computing
The US Federal Communications Commission (FCC) recently repealed the net neutrality guidelines that it implemented less than three years ago.
Smart Cities: How Data and Visibility are Key
ISACA recently conducted a smart cities research survey in which it asked approximately 2,000 security and risk professionals questions focused on smart cities and their management, risks, and future technology initiatives.
How Blockchain Technology Will Revolutionize the Global Workforce and Education System
By 2020, about 40% of the US workforce will be temporary workers. The median tenure of workers age 25 to 34 is 2.8 years. The average working American changes their job 10 to 15 times during the lifetime of their career.
Five Ways Firewalls Keep Getting Better
Firewalls have been a mainstay for cybersecurity for many years, but they aren’t perfect tools. Despite advances in internet and device technology, basic firewalls haven’t changed much since their inception.
Data Mapping: A Key Challenge in Achieving GDPR Compliance
GDPR compliance projects around the world are dependent on knowing what personal information data organizations are collecting or processing.
A Governance Perspective of Audit Policy Settings
The task of establishing and configuring audit policies is usually left to security experts and/or system administrators who are in charge of implementing security configurations, particularly in small-to-medium enterprises with a lean IT structure.
Technology Must Be Part of Solution for Empowering Rural Women and Girls
Given my upbringing in the Australian bush, I have long been mindful of the many challenges faced by rural women and girls. Nonetheless, the 62nd United Nations Commission on the Status of Women provided a comprehensive and jarring view of just how many systemic challenges demand the world’s collective commitment to address.
How Data Visualization Can Reshape Your Enterprise
Data visualization is being hailed as the next great revolution in data analytics. But besides the fancy name and the slick-looking graphs produced by the technology, how can this new addition improve your already-efficient organization?
The Importance of Securing Your Cloud
One of the biggest misconceptions regarding the cloud is that you can rely on the cloud provider service to protect your business, your data and everything else your firm holds dear.
Security of Currencies
Recently, the world has seen more leaders win elections based on promises to fight against corruption in their countries . This shows how eager people are to weed out corruption, terror funding, illegal transactions and to bring transparency to every sphere of human life.
Faces of ISACA: Kimberley St. Pierre
The ISACA Now series titled “Faces of ISACA” highlights the contributions of ISACA members to our global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Kimberley St. Pierre, territory manager with Check Point Software Technologies, Ltd., and a leader in ISACA’s Vancouver, Canada chapter. Interested in joining ISACA and networking with colleagues like St. Pierre? Learn more here.
Networking Advice from an Introvert
I’m a classic introvert. Early in my IT career, I had no interest in networking with others. I did not see the tangible benefits or understand how networking could be useful to advancing my career interests.
Develop Your Information Security/Privacy Career
Information security and privacy careers are expanding. There is more need for such professionals than ever before, as more technologies emerge and are used by businesses, government, healthcare and other types of organizations; as more personal data is constantly being collected through the technologies; and as more laws and legal requirements are enacted to protect that exponentially growing digital ocean of personal data.
Happy ISACA Volunteer Appreciation Week!
Happy ISACA Volunteer Appreciation Week! While my colleagues and I agree that we should celebrate our volunteer partners at the chapter and international levels every day, we are thrilled to participate in a week of highlighting some of the ways volunteer support is essential.
Performing Cyberinsurance “CPR”
Cyberinsurance and data privacy will garner more focus for the remainder of 2018 and beyond. The impending “Equifax effect,” which most of us anticipated, was put forth in late February 2018 by the US Securities and Exchange Commission (SEC) in the form of guidance that states that public companies should inform investors about cybersecurity risk even if they have never succumbed to a cyberattack.
SQL Databases and Data Privacy
If anyone had any doubts, data privacy is still kind of a big deal. Beyond being at the core of regulations ranging from the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in the United States to the global, far-reaching General Data Protection Regulation (GDPR), data privacy has its own annual day of recognition – 28 January.
An Agile Approach to Internal Auditing
As internal auditors, we’ve seen an uptick in usage of the term “Agile” in reference to how more and more companies are developing software. Agile software development has grown increasingly popular as both software and non-software companies transition from traditional development methodologies, such as the waterfall model, to a value-driven Agile approach.
What the Skills Shortage Means for Existing Cybersecurity Practitioners
By now, most practitioners have heard (probably from a few different sources) that organizations struggle when it comes to finding, hiring and retaining the right resources for information security and/or cybersecurity professionals.
Data Breach Preparation and Response in Accordance With GDPR
Many may be familiar with guidelines on personal data breach notification from Article 29 Working Party (WP29) prepared in October 2017 under Regulation 2016/679. In addition, the General Data Protection Regulation (GDPR) introduces the requirement for a personal data breach (henceforth “breach”) to be notified to the competent national supervisory authority.
A Conversation with Mike Walsh: Big Data and Beyond
Mike Walsh, CEO of Tomorrow and futurist, innovation and technology speaker and authority on emerging markets and IoT, will bring his experience and perspective on Big Data to his closing keynote for ISACA’s 2018 EuroCACS Conference. The event will gather information systems audit, assurance, control, governance and security professionals, from 28-30 May 2018 in Edinburgh, Scotland.
IT Innovation Governance: From International Policy to Company Oversight
“Governance” and “innovation” are terms of such global importance today that an innovation governance event billed as “the first global leadership roundtable centered on issues at the intersection of [artificial intelligence] innovation and governance” was hosted in Belgium in March.
GDPR Can't Fix Stupid
GDPR, the much-discussed General Data Privacy Regulation from the European Union, will not be a cure-all for the world’s data privacy problems simply because the GDPR, like every law, is subject to the bureaucracy out of which it was born.
3 IT Tips for Modern Healthcare Organizations
The healthcare industry has been revolutionized as the result of new technologies, advanced data collection methods, and the growth of cloud solutions. It’s equal parts exciting and intimidating. The only question is, are you staying up to date?
Working With Access Certification Data
I want to take this opportunity to dive a little more into the metrics that come out of an access certification program. One of the greatest joys in life is when you have enough data that you can identify patterns and trends in your certification program to monitor the health of your access controls.
Cambridge Analytica and Facebook: Lessons for Enterprise
There have been many developments for policymakers, privacy advocates, corporate execs and, in fact, the public at large to contemplate considering recent news about Cambridge Analytica and the information collected by Facebook.
Should CISOs Expand Their Portfolios?
CISOs have traditionally focused on the triad of “Confidentiality, Integrity and Availability.” Recently, emphasis has been placed on confidentiality, hackers and zero-day attacks. However, industry trends now require that focus to broaden to all business information risks within organizations.
Here’s How Leading Organizations Keep Remote Workers Safe and Secure
For all of the benefits remote working offers businesses, it’s hard to ignore the security risks and threats.
A Platinum Hit: My ISACA Membership
As January 2018 rolled around, I went platinum. No, this had nothing to do with a New Year’s resolution, nor did I become a platinum blond, though that does bring up some interesting and hilarious possibilities (I can imagine the double-takes every time I would enter an airport or some other location requiring a photo ID). I did not become a platinum album-selling artist (though this would have trimmed one item off my to-do list!). Instead, January 2018 meant that I had entered my 15th year of ISACA membership!
Top 3 Security Governance Practices Not to Miss During Blockchain Implementation
Everyone is talking about blockchain and is curious to know more. In addition to blockchain conversations among cybersecurity and IT professionals, TV programs are discussing the topic, investors are clamoring about it and many people are asking just what the heck it is. Blockchain is the trending topic in seemingly every technology conference, journal and summit.
How, Not What
During my time as an IT auditor, I have been privileged to attend many excellent and inspiring presentations at ISACA Ireland conferences and seminars, ISACA webinars and, of course, EuroCACS.
Final Gavel at UN Yields Roadmap Forward and Feeling of Fulfillment
ISACA board director Jo Stewart-Rattray has provided updates from her participation in the UN Commission on the Status of Women, which took place from 12-23 March at UN headquarters in New York.
GDPR Assessment Provides Customized Guidance
Although we are less than two months from the European Union’s General Data Protection Regulation (GDPR) compliance deadline of 25 May, many organizations are not yet confident in their level of preparedness for this landmark new data privacy regulation.
What is Standalone Virtual Reality, and Why Are Enterprises Betting On It?
If you are interested in virtual reality, you surely know that the buzzword of 2018 is “standalone.” All the major VR companies are betting on standalone VR devices: HTC Vive China president Alvin Wang Graylin announced in a recent interview that his goal for 2018 is to see standalone devices becoming successful and Oculus’ Hugo Barra has expressed a similar opinion.
The Age of the DPO
Articles 37 and 38 of the General Data Protection Regulation (GDPR) provide information on the principles and impartiality of the critical data protection officer (DPO) role, specifying the high-level rules on what can and can’t be done. But like most of the GDPR, it leaves wide open the interpretation of the how and when it is appropriate to have a DPO.
What Role Will IoT Play in Edge Computing?
While no one doubts the power that cloud computing has on our present and future digital needs, it still has basic flaws that are cause for alarm: notably concerns over privacy of data and its ability to handle large-scale, constant computations.
Dialogue Gaining Steam at UN Session on Empowering Rural Women and Girls Through Technology
Negotiations on the second reading of the roadmap document ran long into the night late last week. In fact, I didn't get back to my hotel, which is a five-minute walk from the UN, until 2 a.m. Saturday. The second version was completed with additions and deletions marked, as the facilitator of the sessions has to take all views and offerings into consideration in the most neutral way possible.
Innovating Innovation Governance
Almost every enterprise aspires to use technology for integrating information, achieving process efficiencies and transforming service delivery into a paragon of effectiveness.
UN Member-States Focused on Empowering Rural Women and Girls
ISACA board director Jo Stewart-Rattray is providing onsite updates from her participation in the UN Commission on the Status of Women, which is taking place from 12-23 March at UN headquarters in New York.
Audit Consideration for Microsoft Exchange
Microsoft Exchange is one of the primary solutions organizations use to provide email services for medium and large organizations.
Security, Audit Professionals Need New Approach to Software
I’m here to let you know about a new Perspective that I’ve created for the ISACA audience.
GDPR’s Impact in Hospitality, Incorporating NIST Cybersecurity Framework Concepts
We should all know by now what GDPR is and be aware of its implications and fines, so the goal here is not to repeat what others have covered in depth. Rather, I would like to share some learnings from the field (an international perspective).
An Empowering Start at the UN
On Day 1 of the UN Commission on the Status of Women (CSW62), as I took my place on the floor of the UN General Assembly, the dream of a 7-year-old kid from the Australian bush was realized. So humbling, so exciting, so empowering.
Collaboration Essential in Contending with Malicious Uses of Artificial Intelligence
To propel that thought process, a great report titled The Malicious Use of Artificial Intelligence: Forecasting, Prevention and Mitigation was written by a group of distinguished authors from prestigious institutions such as Future of Humanity Institute, University of Oxford and University of Cambridge, to name a few.
Live from New York: Ready to Make Progress with UN Delegation
When I left Adelaide on QF 738 with a lump in my throat, knowing how significant this journey is in my life, I was blown away to observe that there was an all-female tech crew on the flight deck. What an auspicious start!
The Time is Now for a Comprehensive, Risk-Based Approach to Build Cyber Resilience
As one who attends a number of industry conferences, it’s almost a guarantee that you will hear the cliché question “What issue keeps you up at night?” posed to enterprise security executives on stage.
Make Your Risk Management Processes Proactive, Not Reactive
Some form of risk management occurs on a daily basis in any organization currently in business. In many enterprises, risk management activities are ad-hoc, compliance-based, focused on the latest threat in the news, uncoordinated, and use arbitrary means for analyzing whether the risks warrant any action.
Faces of ISACA: Bhavani Suresh, CISA, CISM, CGEIT
This week, ISACA Now’s “Faces of ISACA” series is highlighting female members who have made outstanding contributions to the technology workforce leading up to International Women’s Day on 8 March. Today, we highlight Bhavani Suresh, CEO of Nbiz Infosol (UAE).
How to Prioritize Security Controls Implementation
When developing an information security architecture framework in a new organization, there are a few steps that normally have to be taken to identify the business requirements, the right framework and the controls needed to mitigate/minimize business risk.
First Steps for Automating Your IOC Provision Sources
The first step is always the hardest. If your organization lacks adequate cybersecurity intelligence processes and you are looking for a quick win solution, we are here to assist.
Cryptographically Protecting Databases Against Data Breaches
Information security professionals should start considering cryptographic approaches to protect enterprise data and mitigate database breaches.
Faces of ISACA: Karen Frank, CISM, CPP
This week, ISACA Now’s “Faces of ISACA” series is highlighting female members who have made outstanding contributions to the technology workforce leading up to International Women’s Day on 8 March. Today, we highlight Karen Frank, leader of enterprise IT services delivery for Caterpillar, Inc. (USA), and a former law enforcement professional.
Faces of ISACA: Gabriela Reynaga, CISA, CRISC
This week, ISACA Now’s “Faces of ISACA” series is highlighting female members who have made outstanding contributions to the technology workforce leading up to International Women’s Day on 8 March. Today, we highlight Gabriela Reynaga, CEO of Holistics GRC and president of ISACA’s Guadalajara, Mexico chapter.
Assessing the Impact of the China Cybersecurity Law
The China Cybersecurity Law demonstrates China’s determination to take a more effective and coordinated approach to safeguard cyberspace as part of China’s National Security Initiative. The law applies to the construction, operation, maintenance and use of information networks, and the supervision and administration of cybersecurity in China.
Faces of ISACA: Satoko Nagaoka, CISA
This week, ISACA Now’s “Faces of ISACA” series is highlighting female members who have made outstanding contributions to the technology workforce leading up to International Women’s Day on 8 March. Today, we highlight Satoko Nagaoka, senior consultant with IIJ Global Solutions Inc. (Japan).
Faces of ISACA: Susan Snedaker, CISM
This week, ISACA Now’s “Faces of ISACA” series is highlighting female members who have made outstanding contributions to the technology workforce leading up to International Women’s Day on 8 March. Today, we highlight Susan Snedaker, director of infrastructure and operations at Tucson Medical Center (USA) and the author of this year’s HIMSS Book of the Year.
Growing Global Spotlight on Privacy, GDPR, Resonating in India
India is a country at the cross-roads of transformation. As one of the fastest-growing economies, it is expected to be the most populous country in the world in a few years, potentially home to about 20 percent of the world population. Therefore, events in India are becoming increasingly relevant from an economic as well as geopolitical perspective.
The Case for a KYC/AML Blockchain
Early in my career, I had the opportunity to work with big retailers and non-profit organizations around the promised land of EDI protocol (Electronic Data Interchange, for those too young to have seen this acronym).
Developing a DLP Program
We live in an age where a tremendous amount of information is shared freely on the Internet, and, in many cases, with little regard for the consequences.
Exchange Server Security Can Keep Email from Becoming ‘Attractive Nuisance’
Anyone who has a swimming pool – or a neighbor with a pool – is probably familiar with the term “attractive nuisance” under US tort law. In layman’s terms, an attractive nuisance is something that may attract children but could potentially harm them.
Combating the Rising Threat of Malicious AI Uses: A Strategic Imperative
A group of academics and researchers from leading universities and thinktanks – including Oxford, Yale, Cambridge and Open AI – recently published a chilling report titled, The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation.
Perimeters Aren’t Dead – They’re Valuable
Since I first began building internet firewalls in the late 1980s, I have periodically encountered claims that “the perimeter is dead” or “firewalls don’t work.” These claims are rather obviously wrong: your firewall or perimeter are simply a way of separating things so you can organize them better.
Five Questions on Board-Level Cybersecurity Considerations with Dottie Schindlinger
Dottie Schindlinger, VP/Governance Technology Evangelist with Diligent and a panelist on the importance of tech-savvy leadership at ISACA’s CSX North America conference last October, recently told Forbes that cybercriminals target organizations perceived to be low-hanging fruit. Schindlinger visited with ISACA Now to discuss how organizations can avoid falling into that category and other key board-level cybersecurity considerations.
Leveraging Artificial Intelligence
ISACA has provided guidance on the definition and use of threat intelligence and the sources of threat intelligence. These sources range from ISACA feeds, consulting firms, open source threat information and existing tools.
Look Back at ISACA’s First Half-Century – and Into the Future
Consider the year 1969. The Beatles played their last concert. The Godfather was a best-seller. Astronaut Neil Armstrong became the first human to set foot on the moon. The microprocessor was invented – although it would be another two years before the Intel 4004 processor helped launch the personal computer revolution.
Representing Australia, SheLeadsTech and ISACA at United Nations a Dream Come True
Growing up as a girl from the Australian bush, the United Nations was a long distance away, physically speaking, but not as far from my thoughts as one might think.
Working With Big Data
The institutions we all serve are inevitably going to utilize big data, if not now, soon. This is because of the power of extracting value from big data for the benefit of the products we make and the customers we serve.
Organizations Outside the EU Must Not Overlook GDPR Requirements
With less than 100 days to 25 May, many organizations outside the European Union have the same question: “Does the General Data Protection Regulation (GDPR) apply to my organization?”
The 6 Most Important Qualities of a SAP Implementation Partner
If you’re not seeing the results you want, you may need to switch SAP implementation partners. SAP implementation is becoming more important than ever, with revenues from enterprise resource planning (ERP) software expected to reach $84.1 billion by 2020, according to Apps Run the World.
Big Data in Organizations
Big data is a huge volume of data that cannot be treated by traditional data-handling techniques because it is mostly unstructured and complex.
When it Comes to Cyber Risk, Execute or Be Executed!
Nestled in William Craig’s book Enemy at the Gates, which recounts World War II’s epic Battle of Stalingrad, is the story about a Soviet division that was plagued by failure in the face of the enemy. Desertions were rising, officers’ orders were not being followed, and the invading enemy was making gains.
Five Questions with Technology Futurist and North America CACS Keynoter Shara Evans
Technology futurist Shara Evans, founder and CEO of Market Clarity, will deliver the closing keynote address at North America CACS 2018, which will take place 30 April-2 May in Chicago, Illinois, USA. Evans recently visited with ISACA Now to discuss topics ranging from the future of travel to why many executives struggle to take a long view of technology. The following is an edited transcript:
Updating the COBIT Process Assessment Model
Determining the level of process maturity for a given set of IT-related processes allows organizations to determine which processes are essentially under control and which represent potential “pain points.”
Putting Machine Learning in Perspective
Machine learning is bantered around in the media often these days, many times erroneously. The key question that concerns auditors is not how to build machine learning algorithms or how to debate on the relative merits between L1 and L2 regularization, but rather, in what context is the algorithm operating within the business?
IoT Security in Healthcare is Imperative in Life and Death
We go into the hospital with a great deal of trust. We trust that doctors will help us and potentially even save our lives. Beyond hospitals, there are not many places in the world where we are willing to do anything we are asked: take off our clothes, talk about our sex lives, etc.
Beyond GDPR Compliance – How IT Audit Can Move from Watchdog to Strategic Partner
IT auditors can act as strategic but independent partners to businesses currently working toward compliance with the European Union General Data Protection Regulation (GDPR), scheduled to come into enforcement on 25 May 2018.
Cloudifying Malware: Understanding Cloud App Threats
The adoption of cloud applications (apps) and services is accelerating unabated as organizations increasingly look to take advantage of the business, collaboration and productivity benefits these apps provide.
CIS Audit/Assurance Program Helps Enterprises Navigate Risk
We live in a world full of risk, and nowhere is risk more prevalent than in technology.
Why (and How) I Passed ISACA’s CISM Exam
After I passed the CISM exam late last year, ISACA offered to let me share my experience of how (and why) I chose to become a CISM, and what I did to accomplish my goal. I hope this article provides some useful ideas to help you go after your professional development goals, as well.
Introducing ISACA’s GDPR Implementation Guide
The purpose of the General Data Privacy Regulation (GDPR) is to harmonize the data privacy regulations that each European Union member state implemented to comply with GDPR’s predecessor. GDPR provides a single, comprehensive regulation that is compulsory for all organizations processing the personal data of individuals living within the European Union.
World Economic Forum Report Reinforces Rising Prominence of Cybersecurity
The recent Global Risks Report by the World Economic Forum offers the latest evidence that cybersecurity is rising among the top global risks. Cyberattacks are now the global risk of highest concern to business leaders in advanced economies. This reflects the inability of enterprises to keep pace with today’s challenging threat landscape, and points to an urgent need for increased prioritization of and investment in cybersecurity by executive leadership.
Auditing Data Security
As auditors and security professionals, much of our focus is spent on the network perimeter. However, with the trifecta of porous perimeters, misconfigured cloud environments, and the enormous amount of compromised and exposed data due to breaches, we must rethink how we scope our audits.
Meltdown/Spectre: Not Patching is Not an Option
The most prominent data security events of 2017, such as WannaCry and Equifax, were direct results of poor patching practices. Now, 2018 is off to a menacing start with disclosure of two hardware vulnerabilities affecting most modern microprocessors and requiring a number of patches on several levels of defenses.
Make 2018 the Year for Securing the Internet of Medical Things
News of medical device security flaws are increasingly in the news. Consider the announcement from the U.S. Food & Drug Administration last year about a flaw in one model of a St. Jude Medical implantable pacemaker.
Talking Poker – and Risk – with EuroCACS Keynoter Caspar Berry
Motivational business speaker Caspar Berry will bring his unique poker player’s perspective on risk to his opening keynote address at EuroCACS 2018, which will take place 28-30 May in Edinburgh, Scotland. Berry recently visited with ISACA Now to discuss topics such as overcoming the fear of failure and the dynamics of risk-aversion. The following is an edited transcript:
Enterprise AR is Going to ‘Get Real,’ and More Predictions for 2018
Google, Amazon, Facebook, Apple, Samsung and Microsoft all want a piece of the VR/AR pie – not to mention Magic Leap, whose first consumer product is “coming soon.” VR/AR is about extension, engagement and monetization. Not since the 1980s have all the big tech players been battling for consumer attention and dollars. So, what is on deck in 2018, and why should we care?
Cryptocurrency and Its Future
These days, everyone is trying to understand cryptocurrency. Cryptocurrency is digital money that is designed to be secure and anonymous.
Prepare Your Substitutes
According to Merriam-Webster, the first known use of the word backup was in 1910, and it has 3 distinct definitions. Not surprisingly, the last of these is the one that an ISACA audience will be most familiar with: “A copy of computer data (such as a file or the contents of a hard drive.)”
Encouraging Women in Tech is About a Better Future for All of Us
Why is ISACA’s SheLeadsTech program needed? Why does the 2030 Agenda for Sustainable Development consider the technology gender gap to be an important topic to address, and who must be involved in the solutions?
Faces of ISACA: Bent Poulsen, CISA, CISM, CGEIT, CRISC
The ISACA Now series titled “Faces of ISACA” highlights the contributions of ISACA members to our global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Bent Poulsen, a longtime officer with the ISACA Denmark Chapter. Interested in joining ISACA and networking with colleagues like Poulsen? Learn more here.
Evolving Appreciation for Data Privacy
My work as a systems integrator has allowed me to meet a large number of customers in various industries. It has given me the privilege of seeing various aspects of their businesses.
PowerShell: A Powerful Tool for Auditors
Some auditors may not know it, but a useful audit tool has been sitting right at your fingertips all along
In the Age of Cybersecurity, Are Data Centers Ignoring Physical Security?
Maintaining a data center is a huge responsibility. While you certainly have systems in place for dealing with cyberthreats, are you giving enough attention to physical security? This is still a very important aspect of the security equation.
Experts Share Their Insights on GDPR
The implications of GDPR have become a popular topic of conversation in the information security and privacy communities. Now that we have arrived in 2018, expect those discussions to become all the more prevalent in advance of the May enforcement deadline.
Simple, Structured Approach Needed to Leverage Threat Patterns
IT risks come from various sources that are not always easy to identify in advance, making prevention and mitigation really challenging.
Meltdown/Spectre: Moving Forward
Yesterday, we provided some background information on Meltdown and Spectre, the two issues that are taking the security world (and in fact users of technology in general) by storm.
Understanding Meltdown and Spectre
There’s a tempest in progress – and, no, I’m not talking about the “bomb cyclone” currently hitting the US eastern seaboard. Instead, I’m referring what’s going on in the technology and security communities in the wake of the newly published Meltdown and Spectre issues.
New Year, New Technology Energizing ISACA’s Professional Community
Technology advances at a remarkable pace, connecting enterprises with customers in new ways and positioning organizations to achieve greater success through digital transformation. As ISACA’s professional community is acutely aware, those advancements are accompanied by new security threats, new legal and regulatory challenges, and questions about what all of this will mean for the business technology workforce.
Risk Professionals Pave the Way for Transformational Smart Contracts
In 1999, Harvard Law professor Lawrence Lessig wrote in Code and Other Laws of Cyberspace that code is law.