Building an Audit Program for AWS
When I produced my auditing Amazon Web Services (AWS) Journal article for volume 3, I was just wrapping up my very first audit against an AWS environment.
Didnt You Read My Email and Other Security Awareness Fallacies
I live in Austin, Texas, USA, where the bumper sticker quotient is fairly high, although diminishing with every vehicle that comes here from places like Dallas (no offense, Dallas — I don’t have any bumper stickers on my car either). One of my favorites is, “If you’re not appalled, you’re not paying attention.” I’m sure it was written with politics in mind, but it’s absolutely relevant for cybersecurity, too.
Innovating Yourself as an IS Auditor
As new technologies are developed, we have to stay up to date with them. More so than almost any other practitioner interfacing with information technology, auditors have to work hard at continual education.
Five Revealing Security Incidents of 2019 and What We Can Learn from Them
Every year has its share of security gaffes, breaches, and hacker “shenanigans.” As we enter into the new year, it is inevitable that we will see articles in the mainstream and trade press recapping the worst of them.
Connecting COBIT 2019 to the NIST Cybersecurity Framework
Among the most exciting projects I’ve worked on has been the integration of NIST’s Cybersecurity Framework with COBIT.
Leveraging Emerging Technology for Better Audits
My first role post-graduation was working as a financial statement auditor. We used tick mark pencils on printed workpapers, and we manually footed (recalculated) balances.
Government Officials Must Become Better Attuned to Data Privacy Regulations
Data privacy and security is more important than ever before. Despite existing policies, the number of data breaches is on the rise and unencrypted personal information is getting into the wrong hands.
Addressing the Challenges of New Privacy Laws
US State of California Senate Bill 327 Information Privacy: Connected Devices (SB 327) goes into effect January 2020.
Artificial Intelligence A Damocles Sword
In Greek mythology, the courtier Damocles was forced to sit beneath a sword suspended by a single hair to emphasize the instability of kings’ fortunes. Thus, the expression “the sword of Damocles” to mean an ever-present danger.
Who Am I CRISC Equips Professionals and Organizations with a Valuable Identity
As a risk practitioner, have you ever tried to describe what you do for a living to a family member or a friend?
AI Practitioners Our Future Is in Your Hands
Imagine it is sometime in the 22nd century and that the future you is preparing for a complex surgical procedure at the local robot-run hospital, where it has become commonplace for robots to perform sophisticated, repeatable tasks, such as heart surgery, on human patients.
When Everything Old is New Again How to Audit Artificial Intelligence for Racial Bias
You may not know it, but artificial intelligence (AI) has already touched you in some meaningful way.
AI and Healthcare A Life-Saving Combination
Artificial intelligence (AI) and machine learning are common terms in the world of emerging technology. Although still sounding futuristic to some people, AI is already being deployed everywhere from fantasy football weekly recap emails, to retail environments, to advanced, state-sponsored surveillance systems.
Overcoming Legacy Thinking a Key Strategy for Actively Shaping The Future
The rapidly increasing pace of technology change and digital disruption leads to an unprecedented pace at which organizations must address opportunities and risks that could make or break their success. In the new decade of the 2020s, technology-driven exponential change will accelerate even more sharply. Unfortunately, most organizations are ill-prepared for what is to come, and will remain so unless they replace their reactionary approach to the technology landscape with an anticipatory one.
How Big Data Aids Cybersecurity
The increasing reliance on big data and the interconnection of devices through the Internet of Things (IoT) has created a broader scope for hackers to exploit.
Ignorance is Not Bliss When It Comes to Defending Against the Dark Web
The dark web ecosystem continues to evolve as a place where cybercriminals can sell and access stolen data, purchase black-market items such as guns, drugs and hacking software, and connect with like-minded individuals.
Infosecurity ISACA Conference Highlights
Theresa Payton set the tone for the first day of last week’s Infosecurity ISACA North America Expo & Conference in New York City, delving into the multifaceted landscape of emerging technologies with the audience of information security professionals, and also sharing anecdotes from one of her most high-profile jobs, as White House CIO under the George W. Bush administration—including a story of negotiating with a cyber criminal on the dark web at her kitchen table over three nights.
Information Governance You Have to Start Somewhere
Deborah Juhnke, senior consultant with Information Governance Group LLC, cited a definition of information governance as “an organization’s coordinated, interdisciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information.”
What Do You Expect in the Next Decade of Tech
What are some of the major changes you expect to see in the technology landscape in the next decade?
How Blockchain is Revolutionizing the Travel and Hospitality Industry
The potential of blockchain technology has inspired hype and buzz for years.
Feeling Like A Fraud Imposter Syndrome
“Imposter Syndrome can be defined as a collection of feelings of inadequacy that persist despite evident success.
Value Professional Networking Early in Your Career
Depending on your personal interests, social skills and professional goals, professional networking may or may not be your favorite activity. Whether or not you enjoy networking, it should be a priority in your professional life – especially earlier in your career as you are building your professional network.
What I Wish I Knew When I Started in IT Audit
Who among us does not sometimes reflect on our journey and certain days that remain nailed to our memory, either because they were too tough to forget or too good to be true?
Information Security for Biomedical Devices
Though device manufacturers have worked to improve the cybersecurity of their medical devices, there is still a long way to go. Improvements aside, there are distinct steps the IT information security department can take to reduce risk and improve cybersecurity for medical devices.
AI or GDPR
Consider an organization adopting artificial intelligence (AI) as being represented by a self-driving car.
For Tech and IT Startups Coworking Spaces Make the Most Sense
When most people think about coworking spaces, they immediately picture a bunch of freelancers and solopreneurs working on independent ventures at shared desks. But coworking spaces are more versatile than this.
Rising Complexity Higher Stakes for Enterprise Risk Management
Cyber risk has understandably become a focal point for enterprise risk managers, but the risk landscape is multi-layered and extends beyond the realm of cybersecurity. In addition to contending with a daunting array of cyberthreats, enterprises are determining how much risk they are willing to accept in deploying emerging technologies, working through a heightened focus on customer privacy and adjusting to changes in the regulatory environment.
The Role of Data Strategy in Optimizing Organizational Processes
The relevance of data cannot be over emphasized in today’s world, where change is the only constant. Decisions that managers and executives tend to make emanate from the availability of data analysis.
Technology Emboldening Innovators on the Ground in the Air and Beyond
A future in which passengers order air taxis, victims of serious accidents tap neurotechnology to rise above limitations and AI/machine learning-fueled space exploration allows astronauts to trek deeper into the universe – for longer periods – was boldly presented on Monday, 28 October, at the Dare Mighty Things technology conference in Chicago, Illinois, USA.
Practical Recommendations for Better Enterprise Risk Management
Based upon my experience in Enterprise Risk Management, I was not surprised to see respondents to new State of Enterprise Risk Management research from ISACA, CMMI Institute and Infosecurity identify risk identification and risk assessment to be the most employed risk management steps in their organizations
CISOs and CMOs Joined At The Hip in the Era of Big Data
Senior leaders in business and government ought to take note of ISACA’s State of Cybersecurity 2019 research, which details the findings of a global survey of cybersecurity professionals.
Senior IT Audit Leaders Discuss Cybersecurity Data Analytics
Senior IT audit leaders met to discuss a wide variety of topics, including audit analytics, IT audit’s role in cybersecurity and incident management, and agile/DevOps shops, at the recent IT Audit Leaders Summit in Geneva, Switzerland, as part of EuroCACS/CSX 2019. Participants shared opinions and best practices, and strategized on the path forward with new technologies and business practices.
Securing the SWIFT Cross Border Payment System Within Banks
A series of cyber-attacks involving the SWIFT banking network have come to light in recent years. The first public report of these attacks came from the Bangladesh Central Bank, and we have also seen attacks at State Bank of Mauritius, Cosmos Bank (India) and City Union Bank (India).
Is Your Organization Supporting Paths to Develop Women as Leaders
Is your organization supporting women in reaching leadership positions? Why is this important?
Saluting the Spirit of Volunteerism That Made CommunITy Day a Success
On ISACA’s first CommunITy Day on 5 October, 2019 – a day in which our global professional community came together over one day to volunteer in their local communities – the passion, creativity and industriousness of ISACA’s professional community was on full display.
Establishing Credibility with More Experienced Clients and Business Partners
I graduated college with all the confidence in the world. However, I then entered Corporate America, and I had a rude awakening.
A Seat at the Table Internal Auditors as Operational Partners and Organizational Strategists
IT auditors new to the profession may hear references to a time when the internal audit function was viewed as the “police.” Years ago, it was not uncommon for organizations to perceive internal audit’s responsibilities of assessment and evaluation as being similar to that of a policing function.
ISACAs SheLeadsTech Second Day of Advocacy in DC
More than 60 women and men gathered on Capitol Hill in Washington, DC, on 7 October for the SheLeadsTech program’s second annual Day of Advocacy.
Big Data Analytics Powering Progress in Animal Agriculture
There has been significant progress in technologies that can be utilized in the livestock industry. These technologies will help farmers, breeders associations and other industry stakeholders in continuously monitoring and collecting animal-level and farm-level data using less labor-intensive approaches.
ISACA Well Positioned to Advance Learners Journeys
I am the product of a liberal arts education. On the surface, what I learned in school has very little relevance to my day to day right now, yet, when you dig deeper, the communication and critical thinking skills that education instilled in me helped in ways beyond measure.
Regulatory Landscape Provides Added Incentive for Enterprises to Explore Blockchain
The increasing emphasis on data privacy gained widespread attention last year with the enforcement deadline of the General Data Protection Regulation (GDPR).
Cybersustainability Ensuring Digital Strategies That Protect Data
Increasingly, security professionals use language that makes a distinct comparison between our physical environment and our digital infrastructures.
Will Women in Tech Benefit from Millennials Weighing in or Exiting
The tech industry has been burning through talent and losing IP for decades, but this is usually after years or even decades of contributions. Some suggest it is based on work-life balance challenges, but a recent ISACA study, Tech Workforce 2020: The Age and Gender Perception Gap, highlights how millennials factor into this equation, too.
Tips for the Novice IT Auditor
Norman Ralph Augustine once said, “Two-thirds of the Earth’s surface is covered with water. The other third is covered with auditors from headquarters.” This highlights the rise of the auditing profession and the importance that more and more companies are placing on internal and external audits due to increasing regulatory requirements.
How the CISM and CISSP Certifications Can Complement One Another
In 2003, I had just completed my MSc in Information Security. I was excited about my future career prospects as I believed I had obtained at least the minimum level of knowledge needed to enter the information security field.
Are We Asking the Right Questions When It Comes to the InfoSec Skills Shortage
Chatting with a colleague recently about local economic issues, she made a remark which I found profoundly interesting at the time.
How 20 Minutes Can Lead to a More Inclusive Tech Workforce
If perceptions were always reality, why would a company that has hired professionals after conducting reasonable background checks be wary of internally orchestrated fraud and other white-collar crime?
Who Should the CISO Report To It Depends
The information security challenges faced by enterprises are dependent on the unique characteristics of the business. This means there is no one “right” answer for where the CISO sits on the org chart.
The 2010s A Decade of Growth and New Focal Points for ISACA
The 2010s have seen remarkable growth at ISACA.
I Know What I Know If You Know What I Mean
Edie Brickell (incidentally the wife of singer/songwriter Paul Simon) had a modest 1988 hit titled “What I Am.” The opening lines of the song contain the lyrics “I'm not aware of too many things. I know what I know if you know what I mean.”
What Capital One Got Right
The massive cyber breach of Capital One, reported in late July, quickly brought a chorus of condemnation of the company from a wide circle of pundits, concerned customers, competitors and potential investors. Lost in the media fray was Capital One’s exceptional incident response.
How Company Culture Helps Shape the Risk Landscape
In today’s environment, companies all over the globe are experiencing culture risk.
Sizing Up Email Security Protocols
Given the many instances of email security compromises, it has become vital to provide additional security to emails from the domain administrator level. Security protocols such as Domain-Based Message Authentication, Reporting and Conformance (DMARC), Domain Keys Identified Mail (DKIM), Sender Policy Framework (SPF) and Brand Indicators for Message Identification (BIMI) to prevent address spoofing are considered below.
Has GDPR Been a Success So Far
Since 25 May, 2018, the General Data Protection Regulation (GDPR) has been providing unified rules for data processing, requiring wider protection for the rights and interests of data subjects, and establishing important guidelines around the flow of information in the European Union.
Third-Party Vendor Selection If Done Right Its a Win Win
The benefits that can be realized from using third parties to support the delivery of products and services are always part of any good sales pitch by prospective vendors. Often these benefits include reductions in operational spend, scalability, improved delivery time, specialized capabilities, and the availability of proprietary tools or software, all of which equate to a competitive advantage for companies leveraging third-party relationships effectively.
US Government Innovates Cyber Job Fulfillment
Cybersecurity professionals believe their teams are understaffed, many teams have unfilled positions, open positions often take six months or more to fill, and job candidates often are not qualified for the positions for which they applied, as evidenced in the last several State of Cybersecurity annual surveys conducted by ISACA.
CISOs Must Address Their Blind Spot for Effective Oversight of ICS Security
Cybersecurity resilience of Industrial Control Systems (ICS), Building Management Systems (BMS) and other Operational Technology (OT) systems is falling behind, a critical challenge considering the potential impact of a cyberattack on ICS and OT could result in the loss of lives and/or major environmental damage.
How to Prepare for Taxation in a Digitalized Economy
While IT professionals and auditors are not required to be tax experts, they do need to have a certain level of mindfulness with regard to taxation within the digitalized economy going forward as tax collection is slowly but surely becoming part of the natural business ecosystem where taxation happens by default.
Improve ROI From Technology By Addressing the Digital Risk Gap
All too often, IT and risk management professionals seem to be speaking a different language—that is, if they even speak at all. Bridging the Digital Risk Gap, the new report jointly authored by RIMS, the risk management society®, and ISACA, promotes understanding, collaboration and communication between these professionals to get the most out of their organizations’ technological investments.
How Responsible Are Cloud Platforms for Cloud Security
These days, just about every software platform or app available has some kind of cloud functionality.
Five Ways to Identify Early Leadership Opportunities as a Young Professional
It has been said that leadership cannot be learned and that it is an innate ability. While that may be true to a degree, there are steps young professionals can take to hone their innate leadership abilities through experience early in their careers.
Interesting Times Ahead Why Young Professionals Should Consider Careers in Information Security
About 10 years ago, when I was deciding on my major in university, I was very anxious about where my decision would lead me. I eventually chose Management of Information Systems, and fast forward 10 years later, I’m working as an information security consultant at a Big 4 firm.
Cybersecurity a Central Ingredient in Evolving Digital Business Models
About the only thing shifting as fast as the cyber threat landscape is the typical enterprise’s org chart.
Digital Transformation Oversight Extends Beyond Technology
Digital transformation. Digitalization. Digitization. Three business terms in common use today that describe the differences in scope of the organizational digital effort, in this case in order of decreasing scope.
Know Who Your Customers Really Are or Prepare for Trouble
Recently in the UK, the women’s national football team manager, Phil Neville, called for all social media accounts to be verified and accountable as the result of a spate of racist postings, and asked for a boycott of social media until the situation is addressed.
Trsar Family Helps Ensure ISACAs Growth in Good Hands
As ISACA celebrates its 50th anniversary in 2019, we are telling stories of the members, volunteers and staff who have contributed to ISACA’s growth and global impact. Below is an excerpt from a feature article on the ISACA staff father-son duo of Terry Trsar and Tim Trsar.
Keys to More Effective Vendor Risk Management
Certain industries have a better conceptual understanding of their supply chain than others. For instance, in manufacturing, it’s very clear that raw materials come in one end and out the other comes a completed, processed product for consumption.
Ethics in IT An Emerging Frontier in the Enterprise Governance of IT
Trust. Privacy. Transparency. Three words that have invaded our technology lexicon. In an age of fashionable falsehoods, it is probably not surprising that these words permeate almost any aspect of our lives in technology, in government and even in our organizations.
Improving Cybersecurity Awareness Through Hacking
Cybersecurity awareness is a topic that most organizations and leaders know is important, but is typically treated as a check box requirement to remain compliant with regulations or mandates placed on the enterprise. Most leaders will argue that cybersecurity awareness training is very important but only marginally effective.
How Cybersecurity Can Better Support Digital Transformation Business Goals
Consumers are demanding we offer outstanding user experiences and technology interfaces, and we need to strategize how we both safeguard and leverage ever-growing portfolios of data and systems to differentiate ourselves from our competitors.
Learning to Secure AI
The trends appear to be presenting themselves all over the place; TV commercials, online ads, corporate product announcements, etc., are all saying the same thing: Artificial intelligence (AI) adoption and use are exploding.
Exploring COBIT 2019s Value for Auditors
COBIT 2019 is a terrific resource for a wide range of business technology professionals.
In the Age of Cloud Physical Security Still Matters
As a security consultant, I’ve had the opportunity to assess the security postures of clients of all shapes and sizes. These enterprises have ranged in sizes from a five-man startup where all security (and information technology) was being handled by a single individual to Fortune 500 companies with standalone security departments staffed by several people handling application security, vendor security, physical security, etc. This post is based primarily on my experiences with smaller clients.
The Role of Ethics in Risk Management
Most people are aware of and talking about risk management. However, barring a handful of high-profile and sophisticated IT organizations, for most enterprises, it is more talk vs. the actual implementation of risk management practices.
The Film Industry and IT Security
For those in the ISACA community who are fans of popular culture, you might have noticed in recent years that, in many cases, film and TV stars are beginning to look more like you and I, and less like the muscle men of our youths.
Ethical Considerations of Artificial Intelligence
Have you ever stopped to consider the ethical ramifications of the technology we rely on daily in our businesses and personal lives?
The Key Point Everyone is Missing About FaceApp
Much has been written in recent weeks about the widely publicized privacy concerns with FaceApp, the app that uses artificial intelligence (AI) and augmented reality algorithms to take the images FaceApp users upload and allow the users to change them in a wide variety of ways.
Auditing a Migration Plan When Transferring from On Site to the Cloud
Have you ever audited a computer system’s migration plan when transferring it from on site to the cloud? Here are some recommendations to keep in mind based on lessons learned from migration practices:
Applying Chaos Theory to Security
It has become almost impossible to face cybersecurity issues just by using the presently available countermeasures; hackers always find aways to bypass them.
The Digital Age A New World of Purpose-Driven Opportunity
Jon Duschinsky, an entrepreneur, social innovator and firm believer in leading a purpose-driven existence, will be the closing keynote speaker at ISACA’s EuroCACS/CSX 2019 conference, to take place 16-18 October in Geneva, Switzerland. Duschinsky recently visited with ISACA Now and shared his thoughts on why being purpose-driven is more realistic than ever in today’s digital age. For more of Duschinsky’s insights, listen to his recent appearance on the ISACA Podcast.
Modernized Maritime Industry Transports Cyberthreats to Sea
If there is one universal truth we have learned from developments on the cybersecurity landscape in recent years, it is that none of us are free from cyberthreats. Attackers identify and exploit vulnerabilities wherever they might exist, regardless of the target’s geographic location, whether the target is an individual or an enterprise, or which industry sector the target represents.
ISACAs Global Impact To Be Celebrated on ISACA CommunITy Day
On 5 October 2019, ISACA will conduct its inaugural ISACA CommunITy Day, a day of global service for ISACA members (through their chapters) and staff to give back to their local communities
FaceApp Puts Privacy Back Under Spotlight
There has been a heightened surge of questions about data privacy in recent weeks, especially in light of the app called FaceApp.
Measuring Risk Quantitatively
Quantitative risk has become a growing field of interest for information security professionals.
Establishing a Foothold in the Professional World as a Young Professional
Extracurricular activities have filled my schedule for as long as I can remember. I was always involved in academic clubs and societies, and in most I held leadership positions.
How To Land Your First Job in Cybersecurity
Taking that first step on the career ladder is a difficult challenge in pretty much any industry. Even for entry-level opportunities, employers generally look for some level of previous industry experience. The question is, how do you get experience without having experience?
Where to Begin Addressing the Policy-to-Execution Gap
How do you transform security and privacy compliance requirements into practical steps that can be executed by a team?
Assessing Public Sector Cyber Risk
The past decade has seen a significant advance in cyber risk assessment maturity.
What We Should Learn from the Capital One Data Breach
Another day, another data breach. Or so it seems. When the latest organization to suffer a big breach hits the news, it is easy to think, who is going to be next?
Peer Recognition of Outstanding Achievements Within ISACA Community
The prestige of the ISACA Awards Program is evident by the high caliber of recipients who are nominated and selected by their peers. Consider the eight Global Achievement Award recipients honored at North America CACS in 2019.
Addressing the Vulnerabilities of IoT Devices
My recent Journal article on the Internet of Things (IoT) was inspired by an article I read on a botnet takedown that involved the digital recording devices that many people have connected to their television.
How to Approach Mitigating Third-Party Risk
Vendor management comprises all processes required to manage third-party vendors that deliver services and products to organizations.
COBIT 2019 and Marathons
Training is important for marathon runners, but there are a number of specific factors that go into marathon runners achieving their personal best. Take a look at the examples below (and for you non-runners, your COBIT and digital transformation muscles will be exercised soon enough):
Transitioning GDPR Preparations Into Operations
While organizations may think that they have done everything needed to prepare for GDPR, they may not have thought about how they arrive at assurance over GDPR, especially considering that being prepared for GDPR is different from having GDPR as part of operations.
Cyber Lessons for Enterprises from the Equifax Breach and Record Fine
Government regulators and representatives of Equifax announced a settlement on penalties and consumer restitution related to the 2017 data breach that exposed sensitive information belonging to 148 million people.
The Need for Speed
In the 1980's movie Top Gun, the protagonist utters the phrase, “I feel the need, the need for speed!” Peter “Maverick” Mitchell was an F-14 Tomcat pilot, an interceptor jet capable of flying more than twice the speed of sound.
NIST Risk Management Framework What You Should Know
In late December 2018, NIST published a second revision of SP800-37, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy.
Taking Precautions With Smart Home Gadget Security
Smart home gadgets have been among the most popular holiday, housewarming and any-occasion gifts for the last few years. Whether it’s an interconnected home security system, a pet camera, or a voice-activated assistant like the Amazon Echo, homeowners and renters alike love having these tech gadgets in their homes.
Reimagining the Enterprise Landscape Through Advanced Technology
Stafford Masie, CEO of Google Africa (2006–09) and Non Executive Board Member at ADvTECH, will be the closing keynote speaker at the 2019 Africa CACS conference, to take place 19-20 August in Johannesburg. Masie, an inventor, mentor and keen observer of how to humanize technology, recently visited with ISACA Now to discuss how enterprises in Africa and beyond can take advantage of the major technological forces of the day, such as artificial intelligence and advances in fintech. The following is a transcript, edited for length and clarity:
Defining the ROI of Automation
In his opening remarks to the general session of the Institute of Internal Auditors (IIA) 2018 Midyear Meetings in Orlando (Florida, USA), IIA Global Board Chairman Naohiro Mouri said that throughout his international travels while in office, he rarely heard from audit practitioners about the “pain of automation” despite the oft-cited benefits of automation technologies and their potential to revolutionize the internal audit function.
Getting Creative to Solve Security Challenges in Healthcare
A recent article about information security challenges in healthcare pointed to the lack of resources many security teams report.
Practically Implementing DevSecOps
The explosion of DevSecOps has caused a lot of excitement and worry within the cybersecurity community. It is no longer of question of should an organization implement DevSecOps, but rather when and how?
Vendor Selection for ISO 27001 2013 Certification
The Information Security Management Systems Certification (ISO 27001:2013) helps organizations prove they are managing the security of clients’ and stakeholders’ information, and can generate the need for three types of vendors: certification body, internal audit and implementation.
Are the British Airways and Marriott GDPR Fines a Tipping Point
For many months, infosec and privacy colleagues alike have been telling me that the FUD (fear, uncertainty and doubt) about the terrifying levels of EU fines under the European Union General Data Privacy Regulation (GDPR) have disappeared from the boardrooms and executive management meetings.
Stripping Off the Monster Tag from IT Governance An Inclusive Approach
It is said that anything with two heads is a monster. I usually think of this saying when carrying out IT governance reviews, as inclusive governance seems to be a missing link.
Forthright Handling of Cybercrime Essential to Improved Results
While it is has become generally well-known that enterprises have a problem dealing with cybercrime, the true extent of the problem is much worse than many realize.
Rebuilding Institutions for an Online World
Author and journalist Jamie Bartlett will be the closing keynote speaker at the Infosecurity ISACA North America Expo and Conference, which will take place 20-21 November 2019 in New York City. Bartlett recently visited with ISACA Now to discuss his outlook on how technology is reshaping society, beginning with his contention that the internet is killing democracy. The following is an edited transcript of the interview:
Coincidence or History
On 23 October 1969—just a few months after Apollo 11 landed on the moon—the Electronic Data Processing Auditors Association (EDPAA), later to become ISACA, was incorporated.
Dont Forget These Factors When Considering a Certification
Part of growing as a young professional is being willing to continually learn and knowing your education should never stop.
Five Ways to Jump-Start Your Career in the Tech Workforce
Are you a student or an early-career professional seeking to kick-start your career in tech? Do you feel a bit overwhelmed by the possibilities out there, unsure of yourself, and lacking a clear idea not only of where you'd like to go, but how you can get there?
Securing Your Data The Crown Jewels of Your Enterprise
Every organization has data that is vital for its organizational growth. Typically, most organizations build security around infrastructure, network and applications. But with data leakage becoming more prevalent, organizations are now considering data to be their crown jewel.
Continuous Security Validation
No corporate executive should feel secure. Every day, we keep hearing about yet another company getting hacked or losing sensitive data.
Extracting More Value from IoT Using COBIT 2019
The time for making predictions about the number of IoT devices in future years and waiting for that time to come is long gone (however, if you really want to know, one source predicts there are going to be 75 billion IoT devices in 2025).
50th Anniversary Q A with ISACA CEO David Samuelson
David Samuelson was appointed chief executive officer of ISACA on 1 April of 2019, the year of ISACA’s 50th anniversary. Samuelson recently visited with ISACA Now to discuss the meaning of joining the organization during its milestone year and how ISACA can draw upon its decades of industry leadership to become even more impactful in the future. The following is an abbreviated transcript of the Q&A interview.
How Small and Medium Businesses Can Leverage Cybersecurity for Client Value
Small and medium-sized businesses (SMBs) lack the resources of a large business, in both finances and personnel, making it more difficult to extract client value from a robust cybersecurity program.
How to Properly Review an SOC Report
As a follow-up to a blog post previously published by The Mako Group’s Chief Audit Executive, Shane O’Donnell, let’s dig a little deeper into what you should be reviewing when you receive your vendors’ SOC 1, SOC 2 or SOC 3 reports.
ISACAs Future Brimming With Opportunity
As my relationship with ISACA unfolded through various volunteer roles for the past 25 years, I have had the privilege of seeing the organization evolve – through good times and challenging times – just as many of us have experienced in our personal lives and careers.
Patch Management Practice
Unpatched systems represent a very serious IT security threat with potentially extremely important consequences, as documented in a large number of high-profile breaches that exploited known unpatched vulnerabilities.
Drive Your Own Destiny in Achieving Goals
An individual would be hard-pressed to debate that behaviors and habits individuals exercise in their personal lives have no bearing or effects on their professional career.
Three Steps to Begin Transforming Your Cybersecurity Program
The nature of risk management has changed over the past 2 decades. Previously isolated IT infrastructures are more connected with the outside world, and organizations face an ever-expanding threat landscape.
Rethinking Cost Analysis in the Era of Cloud Computing and Emerging Tech
Have you thought about cost analysis in the era of cloud operation, combined with other emerging technologies? There is an orthodox way of considering cost analysis: Costs can be fixed, variable or some combination of the two. However, when it comes to analyzing IT costs, traditional cost analysis in the era of emerging technologies is inadequate.
A Look at CIS Controls Version 7 point 1
CIS Controls Version 7.1, released in April 2019, was developed by Center for Internet Security (CIS), which consists of a community of IT experts.
Increasing Your Organizaton Cybermaturity
Managing cyberrisk is critically important for organizations. Interconnectedness, digitization, the focus on utilizing data and providing enhanced client experiences expand the attack surface and expose an organization to increased cyberrisk.
ISACA at Infosecurity Europe Expert Speakers and New Research at Europes Largest Infosec Event
ISACA expert speakers, past board directors and chapter leaders provided insight and new research while ISACA representatives highlighted ISACA certifications and training solutions at Infosecurity Europe 2019, 4-6 June in London.
Integrating Human and Technical Networks in Organizational Risk Assessments
The US government’s recent efforts to ban the introduction of specific foreign IT vendors’ equipment in government networks is emblematic of the growing concern among organizational leaders posed by global supply chains, highlighting the broad interdependencies between technical and human systems
Cybersecurity Failing the Fundamentals
My fellow information security professionals, you recently spoke, and ISACA listened. Now it is time to get all those commercial enterprises and other organizations to listen, too. What did you say?
Innovation Is About People
I was a member of an innovation team because of my expertise in servers, Active Directory and general information security practices.
MIT CISR Research Forum Designing for Digital Leverage
The MIT CISR Research Forum (Europe), hosted by Heineken, recently was held in Amsterdam. As a partner of MIT CISR, ISACA was represented at the event. Presentation titles on the agenda like “Quick Look: What Is Your Digital Business Model?” by Joe Peppard, “Digitized Is Not Digital” by Jeanne Ross, “Managing Organizational Explosions During Digital Transformation” by Nick van der Meulen, and others, provided a good general sense of what the event would be all about.
The Role of Culture on IT Governance
It was 150 years ago that Sir Edward Tylor first referenced culture (in an anthropological sense) in his book Primitive Culture.
Why Dont We Apply Due Diligence in Selecting Social Media Providers
I’ve reviewed many social media implementations across a large variety of companies and, among the many concerns from a security perspective, is the total lack of due diligence over their selection.
Digital Ethics Rising in Importance
The innovative capabilities of technology – as well as the potency of that technology – is advancing at a remarkable pace, creating new possibilities in today’s digital economy.
Build Nurture Your Professional Network And Start Early
It can be surprising for professionals entering the workforce to realize that grades and knowledge is not the ultimate definer of your success.
ISACA Opens Doors for Young Professionals with Early Leadership Opportunities
The value of being an active member in a professional organization such as ISACA cannot be overstated.
Sharpening the Axe
Internal auditors are under increasing pressure to add value to what is valued while, at the same time, helping to protect their enterprises from risk such as cyberattacks.
Tapping into ISACAs Network to Shed Light on the Psychology of Information Security
I was always fascinated by the complexity of the technology discipline. The truth is, it’s very broad. ISACA helps to define some of the career pathways for young professionals through its educational resources and certification program. This made me think about where I saw myself adding value to the industry.
ISACAs Past Future Come Together at North America CACS
ISACA’s 50th anniversary year is about simultaneously honoring our past while visualizing how our professional community will innovate the future. Last week’s experience at our North America CACS conference in Anaheim provided tremendous inspiration on both fronts.
A Deeper Look Into the WhatsApp Hack and the Complex Cyber Weapons Industry
On 13 May, the Financial Times reported the discovery of a major security flaw in the popular messaging app, WhatsApp. The pervasive vulnerability, which affected both Apple and Android devices, allowed malicious actors to inject commercial spyware by ringing up unsuspecting targets using WhatsApp’s VOIP-based call function.
The Role of Incident Management in Identifying Gaps During Stabilization Period
Deploying an enterprise resource planning (ERP) system is challenging, and identifying gaps that could lead to risk is one of the most important aspects of stabilization.
Securing Major League Baseball - On and Off the Field
Three strikes and you're out is one of the more well-known sayings in baseball, but it only takes one devastating cyberattack to inflict huge damage on Major League Baseball or any of its 30 teams.
The Evolution and Power of Disruptive Technology Insights From an Executive Panel at NA CACS
At ISACA’s North America CACS conference Tuesday morning, an executive panel spoke on the past 50 years of tech disruption—and where technology is taking us in the future.
A Spectrum of Professions The World Needs Us
From the days of determining how to secure and derive value from early computers to today’s challenges as organizations enact digital transformation, it has been a remarkable 50 years for ISACA’s professional community.
IT Audit Stay Relevant or Perish
“Victory awaits him who has everything in order – luck, people call it. Defeat is certain for him who has neglected to take necessary precautions in time. This is called bad luck.” –Roald Amundsen, The South Pole
Driving or Driven by Disruption The AI Maturity Model
On 25 April 2019, Microsoft passed the trillion-dollar market cap threshold and passed Apple as the most valuable company in the world.
The Features and Challenges of IoT-Based Access Control
Employees and guests can use IoT-based access control for convenient access. Through their mobile device, they can be connected to a facility’s access control through digital ID securely.
ISACA-Infosecurity Keynoter Theresa Payton Design Security for Humans
Theresa Payton, former White House CIO and a prominent cybersecurity expert, will deliver the opening keynote address at the Infosecurity ISACA North America Expo and Conference, to take place 20-21 November 2019 in New York City. Payton recently visited with ISACA Now to reflect upon her time in the White House and provide analysis on how the technology and cybersecurity landscapes have evolved in her time since leaving the role. The following is a transcript of the interview, edited for length and clarity.
The Importance of Cyberresiliency
Cybersecurity is an endless process of chasing and preventing known attacks; anticipating attacks; and monitoring, alerting, patching, remediating and implementing solutions. It is becoming a maintenance function that trails hackers and other bad actors.
Putting Cyber Threat Intelligence Feeds to Good Use
Cyber risk is business risk. Business are digitizing and governments are putting in place policies to promote digitalization and smart-city projects. While this helps citizens and organizations to adopt technology advancement, the continuous increase in cyberattacks, in both frequency and sophistication, pose significant challenges for organizations that must defend their data and systems from threat actors.
Stakeholder Management Push or Pull
Managing projects for the best possible outcome is a bit art and a bit science. From a high-level view, stakeholder management includes: identifying the people that could impact a project, understanding the expectations of the stakeholders and their impact on a project, and developing strategies for effectively engaging the decision-making project stakeholders.
Navigating Change An Imperative for Technology Professionals
The fast-changing technology and regulatory landscape calls for members of ISACA’s professional community to continually refresh their knowledge and training.
Five Software Programs To Improve the Security of Business Websites
Cybersecurity may soon become an issue of higher concern than physical safety. We already share too much personal information online without paying attention.
The ISACA Way How I Earned the CISM CISA CRISC and CGEIT in 10 Months
Earlier this year, when I earned the last one of the Fab 4 of ISACA certifications – CISM, CISA, CRISC and CGEIT – I decided to write a post about my experience and the lessons I learned along the way. I hope this will be useful for anyone preparing to obtain these industry-recognized credentials.
GRC Keynoter Patrick Schwerdtfeger Endless Insights Within Organizations Reach
Patrick Schwerdtfeger, closing keynote speaker at the GRC Conference 2019, to take place 12-14 August in Ft. Lauderdale, Florida, USA, is a business futurist specializing in technology topics such as artificial intelligence, blockchain and FinTech. Schwerdtfeger recently visited with ISACA Now to discuss how these and other components of digital transformation will reshape the business landscape going forward. The following is a transcript of the interview, edited for length and clarity:
How to Get Your Employees to Care About Cybersecurity
With each highly publicized data breach or cyberattack, it becomes increasingly evident that businesses can’t sit back and hope their security strategy is strong enough to withstand an assault.
The Impact of the Thailand Cybersecurity Law
In the past 5 years, the cybersecurity agenda has been raised and discussed and in many forums because cyberattacks have been developed for various purposes, and the number of cybersecurity incidents or data breaches have increased dramatically every year.
The Gap Within the Skills Gap What Does Cybersecurity Really Need
I recently took to LinkedIn to air my views on one of the most talked-about topics in the world of tech: the cybersecurity skills gap. The skill gap is often discussed in urgent terms and, given my job as a cybersecurity recruiter, I see how it plays out in practice.
Why IT Teams Should Avoid Complacency
We are in 2019, and have all witnessed the effects of disruptive start-up companies, the growth and stability of the cloud market, the emergence of CI/CD practices and the simple need for agility. Inversely, there are organizations where none of what I mentioned is happening.
The Challenge of Assessing Security for Building Automation Systems
Building automation systems (BAS) have many characteristics that differ from traditional information processing systems, including different risks and priorities. Furthermore, these types of automation systems are subject to different performance and reliability requirements, and often employ operating systems, applications and configurations that may be considered unusual IT practices.
Tips to Prepare for ISACAs CRISC Exam
My motivation to pursue ISACA’s CRISC certification was to improve my skills, knowledge and understanding of enterprise and IT risk management.
ISACA Celebrates Volunteer Participation
It’s my favorite week of the year at ISACA – Volunteer Appreciation Week. It is a time when we all reflect on the important and impactful contributions members of our professional community have selflessly made to advance our organization and our industry. It is also a time to invite those who have not yet joined our volunteer corps to participate in ways that align with their interests and availability.
Why Ive Gone From Avid Skeptic to Avid User of Biometrics
My first job in security – and in fact my first job out of school – was for a biometrics company.
Global Passion for ISACA Comes Through Loud and Clear
As I begin my time as ISACA’s new chief executive officer, having just completed my first week in the role, one thing continues to impress me – the passion our professional community feels for ISACA.
Simplifying Enterprise Risk Analysis
How many enterprise risk analysis reports must an organization release? A few years ago, I faced this question in light of cost, time and complexity of the solution.
Happy 50th to the Organization That Keeps Me Ahead of the Curve
Recently, I celebrated a birthday (no, I am not going to tell you which birthday), and my 6-year-old niece who called to wish me a happy birthday asked me if I was wise now.
North America CACS Keynoter Sekou Andrews Technology Pros Should Be Storytellers Too
Sekou Andrews, a prominent poetic voice performer who blends inspirational speaking and spoken word poetry, will be the closing keynote speaker at ISACA’s 2019 North America CACS conference, to take place 13-15 May in Anaheim, California, USA. Andrews recently visited with ISACA Now, discussing why technology practitioners should also consider themselves to be storytellers and how changes on the technology landscape will lead to “a rediscovery of what it means to be human.” For more of Andrews’ insights on these and other topics, listen to his recent appearance on the ISACA Podcast.
Proactively Embracing Innovation
When looking at innovation, it may seem daunting to involve audit properly to protect the organization. With any new effort, there are a lot of unknowns. In traditional project processes, there should be enough time to discover major issues and handle the risk revealed.
Being an Effective Cybersecurity Leader Amid Increasing Pressure Expectations and Threats
It’s important to think about leadership in the cybersecurity realm through the lens of the “lines of defense” model.
Defining the Role of the CISO
Organizations have diverse understandings of what digital security is and is not. As a consequence, they wrestle with who is responsible and who is accountable for digital security.
Technology a Key Driver in UN Conclusions
It’s a wrap. At approximately 7.30 p.m. in New York City on Friday night, the final gavel fell on the negotiations at the 63rd session of the Commission on the Status of Women at United Nations headquarters.
How Security Improvements Can Lead to Business Process Optimization
Security improvements are often viewed skeptically, as they always seem to be associated with higher time requirements and rising costs.
The Next Challenge in IT Compliance Reporting SOC2 2017 Trust Services Criteria
In the aftermath of GDPR, the next big change in the IT compliance standards landscape is here. The period of applicability for the new System and Organization Controls for Service Organizations: Trust Services Criteria (SOC2 2017 Trust Services Criteria) has just begun – all SOC2 reports with an examination period ending on or after 15 December, 2018 will have to be issued as per the new standard.
Cybersecurity Auditing Skills
Ponemon Institute/Accenture Ninth Annual Cost of Cybercrime Study, the number of cyberattacks each enterprise has seen has increased, and these incidents take more time to resolve while the cost of cybercrime continues to rise.
Navigating a Challenging Cybersecurity Skills Landscape
As much as tools and technology evolve in the cybersecurity industry, organizations remain reliant on clever, well-trained humans with incisive critical thinking skills to protect themselves from the perilous cyber threat landscape.
Five Considerations for Data Breach and Incident Reporting in the EU
The increasing amount of cybersecurity incidents cause a serious negative impact on enterprises, prompting legislators around the world to explore new policies and regulations.
Why You Need to Align Your Cloud Strategy to Business Goals
Your company has decided to adopt the cloud – or maybe it was among the first ones that decided to rely on virtualized environments before it was even a thing. In either case, cloud security has to be managed. How do you go about that?
How IT Teams Can More Efficiently Deliver Stakeholder Satisfaction
Billy Beane was one of the first general managers in the history of Major League Baseball to use data to build out a successful team with a fraction of the budget relative to his peers. Like many IT leaders, he had to do more with less.
ISACA at RSA 2019 Sharing Research and Spurring Conversations
The theme of last week’s RSA Conference 2019, “Better,” gave ISACA the opportunity to engage with information and cybersecurity professionals on how we collaboratively move the technology field into a better future.
SheLeadsTech Returns to United Nations
SheLeadsTech was back this week at the United Nations for the 63rd Session of the Commission on the Status of Women to continue the critically important work of empowering women and girls by providing access to social protection and appropriate infrastructure, including technology infrastructure.
C-Suite The New Main Target of Phishing
We know that phishing attacks are on the rise, but did you know that more and more executives are falling for these phishing emails every day? New phishing campaigns targeting executives are intelligently crafted and difficult to spot.
GDPR Audits for SMEs Are All About the Language
It is often said that a good auditor is a good communicator, and this is particularly true when dealing with smaller organizations.
Cybersecurity: A Global Threat That We Can Control
If there were any question about the critically important role that information and cyber security practitioners play in the welfare of today’s society, there is new evidence spelling it out in stark, attention-grabbing terms.
Artificial Intelligence and Cybersecurity: Attacking and Defending
Cybersecurity is a manpower-constrained market – therefore, the opportunities for artificial intelligence (AI) automation are vast.
Paying for Apps with Your Privacy
Don’t look at your device when I ask you this question: How many apps do you have on your smartphone? Or, if you use your tablet more often, how many apps do you have on your tablet? Remember this number or write it down.
Environmental Drift Yields Cybersecurity Ineffectiveness
Your cybersecurity tools are working, optimized, and providing real, measurable, business value. They are successfully blocking attacks, detecting nefarious activity, and alerting the security team.
Challenges on Cybersecurity Landscape Demand Strong Leadership
Senior leaders in business and government ought to take note of ISACA’s State of Cybersecurity 2019 research, which details the findings of a global survey of cybersecurity professionals.
Three Keys to Improving Medical Device Security
A report released in January by the Healthcare & Public Health Sector Coordinating Councils details the need for better security for medical devices, a topic infrequently discussed in healthcare until recently.
How to Ensure Data Privacy and Protection Through Ecosystem Integration
My recent ISACA Journal article, “Data Privacy, Data Protection and the Importance of Integration for GDPR Compliance,” describes how the movement and processing of personal data, along with the procedures around those workflows, are central to General Data Protection Regulation (GDPR) compliance.
Is Your GRC Program Ready to Thrive in the Digital Economy?
Digital technologies have profoundly changed our lives, blurring the lines between the digital and physical worlds. From its humble beginnings, the current constellation of tools and technologies that empower organizations has grown smarter.
Certifications and the Paycheck: Trends and Truth
New highly validated data from 3,305 employers reveals that the average cash market value for hundreds of tech certifications is at its lowest point in four years. Meanwhile, pay premiums for non-certified skills in the same period have gained 6 percent in value on average.
Data Analytics in Internal Audit: State of the Data, 2019
Back in 2008, I placed a talented senior IT auditor who was one of the first I had seen with excellent data analytics skills, an ACL certification, and a vision for how to apply data analytics to a broader suite of audits.
Moving Beyond Stubborn Reluctance to Comply with GDPR
Last May marked the beginning of the application of the General Data Protection Regulation (GDPR), which harmonized and unified the rules governing privacy in the European Union. Leading up to and following the adoption of the regulation, data protection has been in the focus of attention all around the world
Getting Your GDPR Compliance Program Into Gear With Proper Record Keeping
Compliance procedures are notoriously demanding, and European Union General Data Protection Regulation (GDPR) compliance programs are no different.
More on Password Dictionaries
As a follow-up to our recent ISACA Journal article, “NIST’s New Password Rule Book: Updated Guidelines Offer Benefits and Risk,” we wanted to provide some additional thoughts on the password dictionary concepts.
Women in Cybersecurity Often Worth More Than They Realize
Before beginning my career in cybersecurity recruitment, I worked in the female-dominant industry of travel public relations. I was largely oblivious to the challenges of being a female in the workplace because I was surrounded by other strong businesswomen on a day-to-day basis.
North America CACS Keynoter Guy Kawasaki Sizes Up Innovation, Entrepreneurship
Guy Kawasaki, a Silicon Valley-based author, speaker, entrepreneur and evangelist, will be the opening keynoter at ISACA’s 2019 North America CACS conference, to take place 13-15 May in Anaheim, California, USA. Kawasaki recently visited with ISACA Now to discuss some of the themes he will explore at North America CACS, including innovation and entrepreneurship. The following is an edited transcript. For more of Kawasaki’s insights, listen to his recent interview on the ISACA Podcast.
5G and AI: A Potentially Potent Combination
Last week’s US State of the Union address by President Donald J. Trump promised legislation to invest in “the cutting edge industries of the future.”
For the Board, GDPR Compliance Implementation Reporting Is More Than Just About Exposure and Progress
Whether from a conformance (compliance) or performance perspective, 2 enterprise governance tasks of particular interest are knowing what questions to ask in the process of performing due diligence and knowing what data and information to request to support the due diligence process.
New Cybersecurity Pilot Program to Expand Career Pathways for Women in Chicago
Women in the Chicago area who are interested in exploring a career path in cybersecurity, particularly those who are underrepresented in the field, will now have the opportunity to join a pilot program launched last week by ISACA, along with AnitaB.org and the City Tech Collaborative.
How to Approach Blockchain Deployment While Mitigating Risk
Blockchain has emerged as one of the most promising technological developments of the past decade.
ISACA Anniversary Celebration – and Social Media Campaign – Are Underway
ISACA’s yearlong 50th anniversary celebration is underway around the globe, and one of the best ways to be part of the global celebration is through social media.
Protecting Patient Records in 2019 and Beyond
A program called MyHealthEData was unveiled in 2018. Through this program, the US Centers for Medicare & Medicaid Services (CMS) is promoting the adoption of IT environments that allow simpler sharing of health data to outside organizations, as well as better access. The CMS will also allow easier access to claims data by medical beneficiaries.
Incorporating Privacy into Data Protection Strategy
Nowadays, the term privacy echoes across boardrooms globally, where each country and enterprise races to update its laws and policies to keep up with the need for data privacy controls.
Certification Spotlight with … Marco Schulz
The ISACA Now blog occasionally highlights the impact ISACA certifications have in the evolving business landscape, as well as how certifications have impacted individual members of the ISACA professional community. Today, we profile Marco Schulz, CISM, CISA, CGEIT, CEO at marconcert GmbH (Germany).
Google’s GDPR Fine Reinforces Need for Intentional Data Governance
For those of us who work in information security, data privacy and governance, we seem to traverse daily from one headline to another. A new corporate victim announces they were breached to the tune of 100 million records.
IT Audit in 2019: Hot Topics and Trends
The turn of the calendar to a new year is always a great time to take pause and reflect. Now that 2019 is in full swing, I wanted to take a quick snapshot of hot topics and trends for the IT audit field in 2019. And just to make sure I wasn’t completely winging it, I checked in with a couple valued industry contacts.
Practical DLP Implementation
Practical implementation and management of data loss prevention or protection (DLP) solutions or a portfolio of solutions should follow a logical process to ensure the holistic protection of information resources.
How Tech Roles Provide Women Great Career Paths
I am often asked by women young and old, “Were you intimidated by technology or afraid to start your first job in tech?”
Cybersecurity and its Critical Role in Global Economy
Cybersecurity and its critical role in the global economy – a very interesting topic indeed, and one that is taking center stage this week at the World Economic Forum in Davos after being identified as one of the top five global risks.
Expired TLS Certificates Must Be Used as a Learning Experience
A recent report from the British research firm Netcraft showing that 80 US government websites had expired Transport Layer Security certificates during the ongoing US government shutdown rightfully has caused quite a stir, and ISACA members ought to be paying attention.
Auditing the GDPR
Like in many professions, the new year is traditionally a time for planning for IT auditors. This year, I am willing to wager that many of your resulting IT audit plans include something to do with the EU General Data Protection Regulation (GDPR).
Big Data: Too Valuable and Too Challenging to Be Overlooked
As the new year begins and business leaders refine their 2019 plans, how to effectively deploy technology increasingly will be a focal point of conversations in the boardroom and elsewhere throughout the enterprise.
GDPR Compliance as a Competitive Advantage
Last year was a milestone in the field of privacy as the General Data Protection Regulation (GDPR) put privacy into the spotlight in and outside the European Union.
The US Government Shutdown’s Potentially Lasting Impact on Cybersecurity
The partial US government shutdown is the longest in modern history and continues to drag on as both political parties remain entrenched, refusing to budge from their respective positions. The inability to reach an agreement, or at least to open the government, may have lasting impacts on the effectiveness of cybersecurity in the federal government.
A New Approach to Finding Cybersecurity Talent for the Future
The cybersecurity profession is facing a shortage of qualified talent to fill an increasing demand for positions, as so many reports inform us. What I find self-fulfilling about our “talent dilemma” is the acknowledged rapid rate of technology change, yet the ongoing quest for specific technical experience and expertise. We seek plug-and-play people to match technology components, rather than individuals with foundational skills and an aptitude and desire to learn changing technology.
The Business Risks Behind Slow-Running Tech
Entrepreneurs and IT leaders frequently underestimate the true power that slow technology has to negatively impact a business.
Shifting Technology Landscape Positions Auditors for Greater Impact
Enterprises are exploring opportunities driven by digital transformation, identifying technology-driven paths to deliver more value, more quickly, while also benefiting from new process efficiencies. IT auditors must do the same to ensure they remain valued partners by the organizations for which they work.
Start with the Why: A Strategic Lifecycle for Information Security
Many presentations by information security managers for stakeholders within their organizations include the depiction of a lifecycle in one form or another to underline that information security is not a one-off project, but a continuous activity.
Empower Auditors to Think Big Picture on AI
The new white paper, Auditing Artificial Intelligence, provides an overview of what AI is, why auditors need to be aware of AI, and how the COBIT 2019 framework relates to AI auditing.
How to Hack a Human
Have you ever wondered just how many ways there are to hack the human mind and just how effective each technique is? I did; so I set about collating all of the techniques for human control and influence:
Five Cost-Effective Ways for Small Businesses to Achieve Compliance
A recent report from the British research firm Netcraft showing that 80 US government websites had expired Transport Layer Security certificates during the ongoing US government shutdown rightfully has caused quite a stir, and ISACA members ought to be paying attention.
50th Anniversary Year Provides Inspiration to Look to ISACA’s Future
When ISACA – then known as the Electronic Data Processing Auditors Association – was incorporated by seven Los Angeles area professionals in 1969, “there was no authoritative source of information,” according to ISACA’s first president, the late Stuart Tyrnauer. There was “no cohesive force, no place to turn to for guidance.”