ISACA Podcast

The Future of IT Audit: Key Changes in ITAF 5

Thu, 28 May 2026 05:00:00 +0000

Technology is transforming how organizations operate — and IT audit and assurance must evolve alongside it. In this episode, Paul Phillips sits down with Mary Carmichael, contributor to the newly updated IT Audit and Assurance Framework (ITAF 5), to discuss how audit professionals can adapt to today’s increasingly complex digital enterprise.

Together, they explore the major shifts shaping modern audit, including AI governance, digital ecosystems, automation, evolving risk landscapes, cloud environments, and the growing need for stronger data literacy within audit teams. Mary also shares practical guidance on how organizations can begin modernizing their audit approach without overhauling everything overnight.

Key discussion topics include:

The evolution from traditional control testing to outcome-based assurance
Why audit teams need stronger technology and data capabilities
AI governance, automation, and digital risk considerations
Building practical audit modernization strategies
How ITAF 5 supports governance, credibility, and audit relevance in modern enterprises

Whether you're an auditor, governance professional, cybersecurity leader, or risk practitioner, this conversation provides valuable insight into the future of audit and assurance in a technology-driven world.

Related Resources & Stay Connected

Download ITAF 5: https://www.isaca.org/resources/itaf-is-a-framework

Explore More ISACA Podcast Episodes: Dive deeper into cybersecurity, governance, risk, and emerging tech insights. https://www.isaca.org/resources/news-and-trends/isaca-podcast-library

▶️Subscribe to ISACA on YouTube: Stay ahead with expert interviews, industry analysis, and cybersecurity leadership insights. https://www.youtube.com/@IsacaHq

🔔 Don’t forget to like, comment, and subscribe for more conversations shaping the future of IT audit, governance, risk, and cybersecurity.

#ITAudit #ITAF5 #AuditAndAssurance #Cybersecurity #Governance #RiskManagement #AI #ISACA #DigitalTransformation #InternalAudit

Breaking the Compliance Mentality

Thu, 21 May 2026 05:00:00 +0000

In today’s evolving cybersecurity landscape, strong leadership is the foundation of an effective security posture. Yet many agencies struggle when a “compliance mentality” takes hold, where meeting minimum requirements overshadows proactive risk management.

In this ISACA Podcast episode, Lisa Cook, ISACA's Principal Research Analyst, sits down with Patrick Bevill, Chief Information Security Officer (CISO) at the Federal Retirement Thrift Investment Board, to explore how agency leaders can establish a strong tone at the top and foster a culture that prioritizes security resilience over check-the-box compliance.

Related Resources & Stay Connected

Learn more about Williams Adley: Discover how Williams Adley helps organizations navigate audit, assurance, cybersecurity, risk, and advisory services with a focus on integrity and innovation. https://www.williamsadley.com/

Explore More ISACA Podcast Episodes: Dive deeper into cybersecurity, governance, risk, and emerging tech insights. https://www.isaca.org/resources/news-and-trends/isaca-podcast-library

Subscribe to ISACA on YouTube: Stay ahead with expert interviews, industry analysis, and cybersecurity leadership insights. https://www.youtube.com/@IsacaHq

Don’t forget to like, comment, and subscribe for more conversations shaping the future of IT and cybersecurity.

Audit-Ready by Design: How AI Powers Smarter Identity Security

Tue, 19 May 2026 05:00:00 +0000

Compliance does not have to be a stressful, last-minute scramble. In this episode, we explore how AI-driven control and automation transforms identity security from a costly headache into an audit-ready powerhouse. We break down the steps to simplify your regulatory processes, reduce operational costs, and enhance security by effectively managing human and non-human identities.

You will learn why gaining centralized visibility is your crucial first step, how to instantly spot and remediate risky orphan accounts, and the secret to running seamless, automated access certifications. Join our identity security experts as they share practical strategies to strengthen your defenses without draining your IT resources. Expect actionable tips that will help you build a sustainable, AI-powered compliance process tailored to your organization.

Related Resources & Stay Connected

Learn more about SailPoint:
Explore how SailPoint is helping organizations modernize identity security, strengthen governance, and simplify compliance in an AI-driven world.
https://www.sailpoint.com/
Explore More ISACA Podcast Episodes:
Dive deeper into cybersecurity, governance, risk, and emerging tech insights.
https://www.isaca.org/resources/news-and-trends/isaca-podcast-library
Subscribe to ISACA on YouTube:
Stay ahead with expert interviews, industry analysis, and cybersecurity leadership insights.
https://www.youtube.com/@IsacaHq

Don’t forget to like, comment, and subscribe for more conversations shaping the future of IT and cybersecurity.

SheLeadsTech Fireside Chat: Celebrating Women in Cybersecurity

Wed, 04 Mar 2026 13:30:58 +0000

Women in cybersecurity leaders share their stories and career advice in this SheLeadsTech fireside chat celebrating International Women’s Day.

In celebration of International Women’s Day and Women’s History Month, ISACA’s SheLeadsTech initiative brings together three inspiring leaders in cybersecurity for a special fireside conversation.

Join Debbie Lew and Jo Stewart-Rattray, both ISACA Hall of Fame inductees and recipients of the Eugene Frank Founders Award, as they sit down with Gail Coury, who will be inducted into the ISACA Hall of Fame in 2026.

In this warm and engaging discussion, they reflect on their journeys into cybersecurity, the evolving role of women in technology, and the power of mentorship, leadership, and community in shaping the future of the profession.

In this episode, they discuss:
• Their personal paths into cybersecurity and IT
• How opportunities for women in tech have evolved over time
• Lessons learned from leadership and service within the ISACA community
• Advice for the next generation of women entering the field

The conversation wraps up with a fun rapid-fire round that offers a glimpse into the personalities behind these accomplished careers.

Whether you're an experienced professional or just beginning your journey in technology, this fireside chat offers inspiration, insight, and encouragement from women helping shape the future of cybersecurity.

🔗 Learn more about ISACA’s SheLeadsTech initiative:
https://www.isaca.org/membership/sheleadstech

🎧 Explore more ISACA Podcasts:
https://www.isaca.org/resources/news-and-trends/isaca-podcast-library

📺 Subscribe to ISACA on YouTube:
https://www.youtube.com/@IsacaHq

#WomenInCybersecurity
#SheLeadsTech
#WomenInTech

Humans Are IT Security’s Weakest Link

Tue, 03 Mar 2026 05:00:00 +0000

On this episode of the ISACA Podcast, host Chris McGowan is joined by Amit Patel, Senior Vice President at Consulting Solutions, to explore one of the most underestimated threats in cybersecurity: the human element. From accidental errors to insider breaches, they discuss why employee behavior is at the heart of most security incidents—and what organizations can do about it. Amit shares insights on how ongoing training, strong policies, and AI-powered tools like behavior analytics can help bridge the gap between tech and human responsibility. Whether you're a cybersecurity leader or simply navigating today’s digital landscape, this episode offers practical strategies to strengthen your organization’s human-centric security posture.

📚 Related Resources & Stay Connected

📖 Read the full article:
Humans Are IT Security’s Weakest Link
https://www.isaca.org/resources/news-and-trends/industry-news/2024/humans-are-it-securitys-weakest-link

🎙 Explore More ISACA Podcast Episodes:
Dive deeper into cybersecurity, governance, risk, and emerging tech insights.
https://www.isaca.org/resources/news-and-trends/isaca-podcast-library

▶️ Subscribe to ISACA on YouTube:
Stay ahead with expert interviews, industry analysis, and cybersecurity leadership insights.
https://www.youtube.com/@IsacaHq

🔔 Don’t forget to like, comment, and subscribe for more conversations shaping the future of IT and cybersecurity.

Secure Your Privacy: A security and privacy podcast: real conversations, real consequences, real solutions?

Thu, 19 Feb 2026 05:00:00 +0000

You’re listening to Secure Your Privates™ brought to you by ISACA Podcasts - where security meets privacy, risk meets reality, and governance finally makes sense. We’re here to cut through the noise and get real about what’s actually happening in cyber. The no-BS podcast on security and privacy. We talk about what’s broken, what’s working, and what nobody’s telling you in between.

Securing Data in the Age of AI with DSPM: Lessons from a High-Impact ISACA Webinar

Thu, 12 Feb 2026 06:00:00 +0000

In this ISACA Podcast episode, host Safia Kazi, Principal Research Analyst – Privacy, is joined by Dirk Schrader, VP of Security Research at Netwrix, to discuss how generative AI is revealing long-standing gaps in enterprise data security and governance.

This episode builds on insights from a recent ISACA webinar that explored how generative AI is exposing weaknesses in enterprise data security and governance. The discussion examines why many organizations lack visibility into where sensitive data resides and who can access it, particularly across hybrid and cloud environments. The conversation also addresses emerging risks introduced by AI tools, including non-human access and overexposed data. Listeners will gain practical, governance-focused guidance on how DSPM helps organizations assess risk, support compliance, and prepare data responsibly for AI initiatives.

Related Resources:

Watch the ISACA Webinar from the ISACA Virtual Summit 2025: “Securing Data in the Age of AI with DSPM”
https://www.isaca.org/training-and-events/online-training/virtual-summits/ai-governance-strategies
Learn more from Netwrix:
https://netwrix.com/en/resources/
Explore more ISACA Podcasts:
https://www.isaca.org/resources/news-and-trends/isaca-podcast-library
ISACA on YouTube:
https://www.youtube.com/@IsacaHq

Elevate Your Career with Lauren Hasson

Thu, 04 Sep 2025 13:27:27 +0000

Lauren Hasson is the Founder of DevelopHer, an award-winning career development platform. In this podcast, she'll share a bit about her background and give a sneak peek at her upcoming CPE-eligible event.

Cyberrisk Quantification: Strengthening Financial Resilience

Wed, 04 Jun 2025 06:00:00 +0000

In this episode, ISACA's Lisa Cook engages with Yakir Golan, Executive Officer (CEO) and Co-Founder of Kovrr, to explore the critical role of Cyberrisk Quantification (CRQ) in enhancing organizational financial resilience. They discuss how CRQ solutions provide objective assessments of an organization's cybersecurity posture, enabling leaders to make informed decisions that align risk mitigation strategies with business objectives. The conversation also highlights the importance of translating cyberrisk exposure into monetary terms to facilitate high-level discussions and protect shareholder confidence.

Listen & Subscribe Catch this episode—and more—on the ISACA Podcast Library: https://www.isaca.org/resources/news-and-trends/isaca-podcast-library

or on your favorite podcast platform.

Securing Desktops and Data from Ransomware Attacks

Thu, 15 May 2025 18:02:49 +0000

Ransomware remains one of the most formidable cybersecurity threats facing organizations worldwide.

In this episode of the ISACA Podcast, host Chris McGowan speaks with Netwrix endpoint protection expert Jeremy Moskowitz, who explains how ransomware infiltrates and cripples desktop environments. He explains cybercriminals' tactics to exploit social engineering and system misconfigurations to gain unauthorized access, offering actionable insights on the most effective prevention and mitigation strategies.

Additionally, Jeremy delivers practical advice that security teams can use to resist ransomware. He shares tips on safeguarding locally stored data, implementing robust backup solutions, enforcing strict access controls and system patching, and educating staff on common red flags associated with ransomware.

Listen & Subscribe to ISACA Podcast

Catch this episode—and more—on the ISACA Podcast Library
or on your favorite podcast platform.

Connect & Learn More about Netwrix

Netwrix Data Loss Prevention Solution: Learn more
Follow Netwrix on LinkedIn: Netwrix Corporation: Posts | LinkedIn
Additional Resources Provided by Netwrix:

Cyberresilience and Cybersecurity

Tue, 11 Mar 2025 18:28:30 +0000

Cybersecurity and the role of internal audit, an urgent call to action: The forces driving business growth and efficiency contribute to a broad attack surface for cyber assaults. How is the end user protected with good service while not being compromised?

First Line includes internet, cloud, mobile, and social technologies, now mainstream, are platforms inherently oriented for sharing. Outsourcing, contracting, and remote workforces are shifting operational control.
Second line includes information and technology risk management leaders who establish governance and oversight, monitor security operations, and take-action as needed, often under the direction of the chief information security officer (CISO)
Third line of cyber defense—independent review of security measures and performance by the internal audit function. Internal audit should play an integral role in assessing and identifying opportunities to strengthen enterprise security. At the same time, internal audit has a duty to inform the audit committee and board of directors that the controls for which they are responsible are in place and functioning correctly, a growing concern across boardrooms as directors face potential legal and financial liabilities.

Cybersecurity Predictions for 2025

Tue, 07 Jan 2025 16:11:07 +0000

The prevalence of ransomware and the security concerns associated with AI have made the role of cybersecurity professionals vital for enterprise success. The complex security landscape can make cybersecurity jobs stressful, but enterprises can take steps to retain cybersecurity talent and ensure enterprise assets are protected. In this podcast, Justin Rende, founder and CEO at Rhymetec, shares insight on the top concerns for cybersecurity professionals, the most in-demand skills, and the impact of AI on cybersecurity.

Examining Authentication in the Deepfake Era with Dr. Chase Cunningham

Tue, 10 Dec 2024 06:00:00 +0000

Given the dynamic nature of cyberthreats and the ever-expanding digital ecosystem, authentication is more critical than ever. In this episode, ISACA director of professional practices and innovation discusses a new content piece titled, "Examining Authentication in the Deepfake Era" with author Dr. Chase Cunningham. Their conversation of the paper explores the evolution, current state, and future trajectory of authentication technologies.

Safely and Responsibly Using Emerging Health Technology

Thu, 05 Dec 2024 06:00:00 +0000

Emerging healthcare technologies have the potential to revolutionize healthcare and accessibility-related concerns, but these advancements are not without risk. To maximize the value and minimize the harms associated with emerging health technologies, it is critical to address ethical, privacy, and societal concerns to ensure that these technologies help rather than hurt humanity.

In this ISACA Podcast, join Safia Kazi and Collin Bedder as they explore the applications and risks associated with emerging healthcare technologies.

Addressing SAP Security Gaps

Tue, 17 Sep 2024 06:00:00 +0000

SAP systems are treated differently than many other enterprise applications from a cybersecurity perspective. Most SAP security teams are siloed and left to meet security objectives on their own. Since SAP is so integral to organizations, it is unusual for SAP security objectives to not be on the radar of an existing 24/7 cybersecurity team executing response actions for Linux or Microsoft environments. SAP teams must be integrated w

A chief information security officer (CISO) has many priorities, but when it comes to SAP environments, CISOs must fully understand how SAP applies to the IT enterprise and organizational environment to help them achieve all security goals. In addition, CISOs need to know their SAP team members personally so they can integrate them rather than contain them in silos. Finally, SAP must be secured to the same degree as other enterprise applications. When there is a Linux, Microsoft, or even a hybrid cloud incident, cybersecurity teams have a detailed plan of action upon which they are ready to act. SAP requires high-level consideration, or critical elements of the business will be vulnerable to malicious cyber actors—with no apparent response.

What Enterprises Need to Know About ChatGPT and Cybersecurity

Wed, 24 Jul 2024 09:00:00 +0000

Many people are pondering whether generative artificial intelligence (AI) tool ChatGPT is a friend or a foe.

In this ISACA podcast episode, Camelot Secure Director of Solutions Engineering Zachary Folks discusses not only his view of how ChatGPT can be considered an evolution of the encyclopedia, but importantly how it is aiding cybersecurity professionals and the overall goal of enterprise security, as well as how cybercriminals who want to exploit it can leverage it as well. He believes the world is entering a time when AI is fighting AI, and security professionals must focus on feeding ChatGPT technology more relevant data faster than the adversary. Folk also addresses how AI is affecting social engineering and his predictions for upcoming AI developments.

The Cyber Standard Podcast - Episode 4

Thu, 30 May 2024 06:00:00 +0000

Welcome to Episode 4 of "The Cyber Standard Podcast"!

Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the world of cybersecurity standardization. In this episode, titled "Becoming a License Body," Ameet is joined by esteemed guests Bryan Lillie, Strategic Technical Lead at the UK Cyber Security Council, and Peter Leitch, Co-Founder and Managing Partner at ANSEC. Together, they explore the intricacies of licensed bodies in shaping the cyber profession. Don't miss this insightful conversation!

Explore Further:

Delve deeper into the subject with additional resources provided in the episode description.

https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme

The Cyber Standard Podcast - Episode 3

Thu, 25 Apr 2024 06:00:00 +0000

Welcome to Episode 3 of "The Cyber Standard Podcast"!

Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the essential aspects of applying for and assessing candidates in the cybersecurity field. In this episode, titled "How to Apply," Ameet is joined by distinguished guests Ethan Duffell, representing the UK Cyber Security Council, and Allan Broadman, Director of CyberAdvisor London. Together, they shed light on the launch of specializations and the significance of professional standards in the cybersecurity sector. Don't miss this insightful conversation!

Explore Further:

Delve deeper into the subject with additional resources provided in the episode description.

https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme

Effective Third Party Risk Management in 2024: AI’s Impact and Future Trends

Wed, 24 Apr 2024 09:00:00 +0000

Traditional security questionnaires just aren't cutting it anymore.

Tune into this ISACA Podcast episode, Chris McGowan chats with VISO TRUST CEO and Co-founder, Paul Valente as they delve into the evolving landscape of Third-Party Risk Management (TPRM), exposing the limitations of current methods and exploring how emerging AI trends are shaping a more secure future and driving more effective third-party risk management programs.

To learn more about VISO Trust please go to https://visotrust.com/

Unlocking Strategic Value from a Bug Bounty Program

Wed, 03 Apr 2024 06:00:00 +0000

Are you curious about how to maximize the strategic value and impact of your bug bounty program?

In this episode, you can learn how Adobe continuously develops and improves its bounty program to engage security researchers and hackers globally and improve its security posture from an adversary perspective.

In this ISACA Podcast, Chris McGown, ISACA's Information Security Professional Practices Principal, chats with Alex Stan, Product Security Engineer and member of the Product Security Incident Response Team (PSIRT), discusses the value of bug bounty programs and shares how you can develop a metrics-driven approach to enhance the internal security testing and detection capabilities of your organization.

Explore Further: Delve deeper into the subject with additional resources

https://blog.developer.adobe.com/adobe-announces-researcher-hall-of-fame-initiative-for-security-researchers-5e677286dbd6

https://blog.developer.adobe.com/researcher-q-a-aem-solution-architect-by-day-adobe-bug-bounty-hunter-by-night-aed39a4750e4

https://blog.developer.adobe.com/attention-security-researchers-level-up-your-skills-and-join-our-private-bug-bounty-program-2da9d5979d8b

https://blog.developer.adobe.com/adobe-recap-2023-ambassador-world-cup-final-four-df701e1a1b12

The Cyber Standard Podcast - Episode 2

Thu, 28 Mar 2024 06:00:00 +0000

Welcome to Episode 2 of "The Cyber Standard Podcast"!

Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the intricacies of cybersecurity standardization. In this episode, titled "Audit and Assurance," Ameet is joined by esteemed guests Leanne Sperry, Project Manager for Standards Development at the UK Cyber Security Council, and Mike Hughes, the ISACA Immediate Past President for ISACA Central UK. Together, they explore key challenges, lessons learned, and insights from related workshops in the realm of Audit and Assurance. Don't miss this insightful conversation!

Explore Further:

Delve deeper into the subject with additional resources provided in the episode description.

https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme

The Cyber Standard Podcast - Episode 1

Wed, 28 Feb 2024 02:00:00 +0000

Tune in to the inaugural episode of "The Cyber Standard Podcast," “The Vision!”

Join host Ameet Jugnauth as he interviews Robin Lyons, ISACA Principal, IT Audit Professional Practices, and Annmarie Dann, Director of Professional Standards at the UK Cyber Security Council, in a compelling discussion about the standardization of specialisms in cybersecurity. Explore the Council's and ISACA's visions for the future, the significance of the Audit & Assurance specialism, and the collaborative efforts between the two organizations. Don't miss this insightful conversation that sets the stage for the podcast's journey into the world of cybersecurity standardization.

Explore Further: Delve deeper into the subject with additional resources provided in the episode description.

https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme

Measuring Security Risk Against Dynamic Threats

Wed, 21 Feb 2024 06:00:00 +0000

Getting dressed is a routine example of everyday life packed with choices. Should I wear pants or shorts? Do I need a sweater? Shoes or sandals? While we often make these choices subconsciously, even actions that don’t appear as choices include several microscopic risk-based calculations.

These judgments are executed based on some estimate of risk, and as known in the cybersecurity industry, what is believed to be safe today may no longer be safe tomorrow (or possibly even within the hour). Given this unique challenge, how do you establish a process that allows you to identify, analyze, prioritize, and treat security risks that are constantly evolving and where the threat is persistently adapting?

In this podcast, ISACA's Lisa Cook discusses with Adobe's Matt Carroll, Senior Manager of Technology Governance, Risk, and Compliance the risk methodology and practices his team has developed at Adobe that have helped the company rapidly measure security risk in a constantly changing landscape.

Reflecting on 25 Years of Information Security Matters

Wed, 14 Feb 2024 06:00:00 +0000

ISACA recently marked the 25th anniversary of Steve Ross’ ISACA Journal Information Security Matters column. Over the last quarter century, technology, security, and the workforce have evolved, while certain challenges remain the same.

In this ISACA Podcast episode, Safia Kazi speaks to Steve about how he started writing for the Journal, societal shifts in security perceptions, and how writing skills are invaluable for anyone in the security industry.

A View into CTEM Exposure Management: Reducing your Attack Surface 3x

Wed, 07 Feb 2024 15:25:11 +0000

Organizations can no longer rely on legacy vulnerability management solutions to protect against even basic attacks. Instead, vulnerability management is just one small component in a unified continuous threat exposure management (CTEM) approach to securing an enterprise from malicious intruders and ransomware. In addition to vulnerability management, security around misconfigurations, patching, identity, software, external attack surfaces, and more must be included.

In this ISACA Podcast, Nanitor Chief Strategist Derek Melber explains that an organization can prevent breaches and ransomware by taking an asset-centric prioritized-security approach that includes all of these security areas.

For more ISACA Podcasts, visit www.isaca.org/podcasts

To learn more about Nanitor, please visit https://nanitor.com/

To view the Nanitor article, please click https://na ni tor.com/resources/blog/cybersecurity/exploring-continuous-threat-exposure-management-ctem/

Leveraging Agile Concepts for Neurodiverse Auditors

Wed, 17 Jan 2024 15:14:39 +0000

In this ISACA Podcast episode, we’ll delve into how leveraging Agile concepts can mitigate common challenges neurodiverse auditors face in the workplace. Neurodivergent auditors can bring a fresh and dynamic energy to projects if given appropriate accommodation.

Join us as ISACA's Robin Lyons chats with Program External Audit IT Program Manager Amanda Tucker as they explore small changes that can significantly impact not only neurodiverse individuals on your team but the entire team itself.

Minimizing Risk and Audit Requests

Wed, 03 Jan 2024 06:00:00 +0000

With the increasing demand for audits and risk assessments, artifact requests will not be going away anytime soon. However, the burden these activities bring to the organization can be drastically reduced when audit and risk work together.

In this ISACA Podcast episode, Paul Phillips, Director of Event Content Development at ISACA, hosts Staff Governance, Risk, and Compliance Analyst Benjamin Bartz. Ben takes a deeper dive and elaborates on some of the must-haves for this partnership to live to its full potential.

Issue Management Confidential: Tools and Best Practices for Improving IT Issue Management

Wed, 27 Dec 2023 06:00:00 +0000

Effective IT issue management is crucial for organizations to mitigate financial loss, reputational damage, and operational disruptions. Issue management tools streamline the process by tracking and resolving issues, while risk rating helps prioritize responses based on their impact and likelihood.

In this ISACA Podcast episode, ISACA's GRC Professional Practices Principal, Lisa Cook chats with IT Risk Manager, Eric Peck about why acknowledging and addressing high-risk issues with a structured approach empowers organizations to protect themselves and ensure compliance in today's complex regulatory landscape.

Improving Security while Enabling Market Access with CCF

Wed, 13 Dec 2023 06:00:00 +0000

Software-as-a-Service (SaaS) providers continue to face increasing customer demand to attain security compliance certifications that demonstrate commitment to security, privacy, confidentiality, and more. Pursuing every national and international certification individually results in a repetitive cycle of ongoing walkthroughs, interviews, testing, and evidence requests (i.e., audits).

A central CCF can be considered a one-stop shop response to the complex alphabet soup of compliance standards on the market today.

In this ISACA Podcast episode, ISACA's Lisa Cook listens in as James Huang, Global Cloud Compliance Senior Manager, explains why having a central CCF can help various product engineering teams meet their security compliance needs and understand the level of effort required for each compliance certification.

Scaling Your Threat Modeling Program

Wed, 15 Nov 2023 06:00:00 +0000

Understanding product security risk starts before a single code line is written. Teams can discover threats to the architecture of a system early in the development life cycle with Threat Modeling. While it’s not a new concept, how do we transform traditional ways of Threat Modeling to meet the complexities of modern software development at scale?

In this ISACA Podcast episode, Chris McGowan chats with Lauren Strope, Manager of Application Security at Adobe. Lauren offers her expertise on strategies for scaling your program and provides unique perspectives on the future of Threat Modeling.

Learn more about Adobe at www.adobe.com

For more ISACA Podcasts, please visit https://www.isaca.org/resources/news-and-trends/isaca-podcast-library

Secure your Supply Chain with an Effective Vendor Security Program

Thu, 05 Oct 2023 06:00:00 +0000

Security risks introduced by vendors have become a top-of-mind concern for executives today, driven by recent supply chain incidents that have exposed organizations to operational and reputational risks.

A robust vendor security program is now a must, as it helps ensure compliance and proactively identifies and mitigates these risks throughout the vendor lifecycle. However, many vendor security teams today face an ever-growing backlog of security reviews, creating increased urgency and pressure for teams to maintain quality assessments. These reviews are often perceived as time-consuming in the procurement process, calling for a balance between meeting business demands and conducting thorough assessments to identify and isolate potential risks.

In this ISACA Podcast, Adobe's Manager of Vendor Security Nidhi Bandi shares about recent enhancements Adobe has made to calculate risk in the vendor space better and provides guidance on how you can stand up a strong vendor security program that balances procurement needs at your organization.

Learn more about Adobe at https://www.adobe.com/

Listen to more ISACA Podcasts at https://www.isaca.org/resources/news-and-trends/isaca-podcast-library

Cultivating Inspired Leaders with Kristi Hedges

Tue, 03 Oct 2023 06:00:00 +0000

If we want people to bring their most creative, innovative selves to work, we need to cultivate a culture where inspiration is given, encouraged, and fostered.

In this ISACA Podcast, Kristi Hedges, executive coach, and leadership development consultant, speaker, and author, gives a sneak peek of her upcoming member-exclusive 'Cultivating Inspired Leaders, a CPE-eligible event. At the event, Kristi Hedges will provide a roadmap for building an inspired mindset for leaders, teams, and individuals.

Exploring the Benefits of Neurodiversity within Cybersecurity

Wed, 27 Sep 2023 16:07:00 +0000

Neurodiversity within cybersecurity offers many benefits but requires organizations and hiring managers to re-evaluate hiring practices and job descriptions typically structured for neurotypical applicants.

Join ISACA's Director of Professional Practices and Innovation as he hosts a conversation with a company helping to remove barriers and maximize the value neurodiverse talent brings to cybersecurity.

For more ISACA Podcast, go to https://www.isaca.org/resources/news-and-trends/isaca-podcast-library

Internal Audits That Create Stakeholder Value Adopting an Agile Mindset

Wed, 16 Aug 2023 09:00:00 +0000

Agile Scrum is a lightweight framework that promises to significantly improve internal audits by creating a mindset that generates stakeholder value through adaptive solutions for complex auditing problems. This mindset is needed as organizations face unprecedented changes and pressures in today's business landscape. Internal audits must keep leaders informed and aware of potential risks.

Such a mindset addresses some of the often-experienced auditing challenges such as a lack of senior management support, insufficient audit preparation time, difficult auditees and lack of time needed to write audit results.

Featuring special guest Thomas Bell and hosted by ISACA's Robin Lyons.

Strategies for Avoiding Burnout

Wed, 09 Aug 2023 09:00:00 +0000

Chronic workplace stress can lead to burnout, which poses a significant risk to the mental health of busy professionals, such as auditors. But how can these professionals protect themselves from burnout? And how can their employers help them do so? If you are interested in learning the answers to these questions, then watch as ISACA’s Robin Lyons and Dr. Elena Klevsky, Assistant Professor of Accounting at the University of Tampa, discuss strategies for avoiding burnout.

Inspired by the Sustainable Model of Human Energy proposed by Ryan Quinn, Gretchen Spreitzer and Chak Fu Lam, these strategies focus on managing your personal energy by increasing resources, decreasing job demands, practicing skills and tasks, and monitoring energy.

Properly implementing these strategies has the potential to help busy professionals ensure that they have sufficient resources to meet their job demands, and, therefore, increase the likelihood that they feel energized instead of exhausted.

The Danger of Distraction in Augmented Reality

Wed, 02 Aug 2023 09:00:00 +0000

While users of technology are becoming more educated in how to avoid cyberattacks such as phishing, a distracted user might be more prone to missing signs of social engineering. This project explored whether users immersed in augmented reality applications were more inclined to fall for an on-screen text message that prompted familiarity (such as a friend calling in) or urgency (such as a warning to update software or be subject to an automatic device re-boot within a certain timeframe).

Featuring special guest Sarah Katz and hosted by ISACA's Collin Beder.

Managing Human Risk Requires More Than Just Awareness Training

Wed, 26 Jul 2023 17:00:00 +0000

A comprehensive information security awareness program must be in place to ensure that employees are aware of and educated about the threats they may encounter at the workplace. The workforce needs to be prepared to know how to respond to these threats. It all starts with a risk assessment to identity the most critical of risks that need to be mitigated through preparedness. Making security a part of the organization’s culture reduces these risks to an acceptable level.

Featuring special guest Chris Madeksho and hosted by ISACA's Lisa Cook.

Preparing for Interruptions, Disruptions and Emergence Events

Wed, 19 Jul 2023 10:00:00 +0000

This podcast speaks about how an Information Systems (IS) Auditor can prepare for the Interruptions, Disruptions and the Emergence events that happen to the business and to technology.

Describing the features of Interruptions, Disruptions and Emergence events and distinguishing the differences between them, special guest Anantha Sayana outlines how the IS Auditor can prepare, react, and contribute to all the three.

Hosted by ISACA's Hollee Mangrum-Willis.

IS Audit in Practice: Data Integrity On Demand

Tue, 11 Jul 2023 10:00:00 +0000

On this podcast, ISACA's Hollee Mangrum-Willis and special guest Cindy Baxter discuss the disparities between American communities and access to electronic health records. From there, they examine how key data insights from the ISACA community can help us all be healthier.

ISACA Live | Digital Trust Priorities for Privacy and Emerging Tech

Wed, 28 Jun 2023 15:00:00 +0000

ISACA Digital Trust Advisory Council Members Anne Toth and Michelle Finneran Dennedy will discuss privacy concerns and priorities around emerging tech and the most critical considerations for ensuring strong digital trust. Hosted by ISACA's Safia Kazi.

Processes of Engagement with Scott Gould

Wed, 21 Jun 2023 14:00:00 +0000

Scott Gould is the author of 'The Shape of Engagement: The Simple Process Behind how Engagement Works.' In this podcast, Scott gives a sneak peak at his upcoming member-exclusive, CPE-eligible event. Scott will discuss the essential frameworks for understanding and operationalizing engagement and building enduring connections with your networks and communities.

Delivering Security Value to Product Teams Using the Power of Data

Tue, 13 Jun 2023 08:00:00 +0000

In security, aligning with product teams has never been more important, especially when outmaneuvering adversaries. To foster a truly productive and action-oriented cybersecurity culture, security teams must begin addressing their product engineering counterparts as customers they serve rather than entities they govern.

In this podcast, ISACA’s Chris McGowan listens in as Adobe’s Manager of Adversary Intelligence Gurpartap “GP” Sandhu provides unique insight into how he’s bringing intrapreneurship to life in product security through a key project that delivers actionable data that product teams can use to enhance their security posture more rapidly.

They’ll also discuss how his team is harnessing strong adversary focus using the power of data and share advice on how you can stay ahead of adversaries by better predicting their next move in the ever-changing threat landscape. Tune into this ISACA Podcast to learn more!

Check out more from Adobe, https://www.adobe.com/trust.html

For more ISACA podcasts, www.isaca.org/podcasts

AI Ethics and the Role of IT Auditors

Tue, 06 Jun 2023 09:00:00 +0000

We, as a society, have always lived by certain norms that are driven by our communities. These norms are enforced by rules and regulations, societal influence and public interactions. But is the same true for artificial intelligence (AI)?

In this podcast we discuss and explore the answers to some of the key questions related to the rapid adoption of AI, such as: What are the risks associated with AI and the impact of its increasing adaption within almost every industry? And, what role should we as IT Auditors should play in this fast changing technological landscape?

Hosted by ISACA's Hollee Mangrum-Willis and featuring special guest Jai Sisodia.

Using a Risk-Based Approach to Prioritize Vulnerability Remediation

Thu, 01 Jun 2023 08:00:00 +0000

Organizations today struggle with vulnerability management. More specifically, remediating vulnerabilities in a timely manner poses a challenge. With vulnerability remediation backlogs growing at an alarming rate, what can organizations do to meet their established remediation timelines and to protect the organization from cybersecurity threats. Cybersecurity leader Ray Payano will discuss the exponential increase in published vulnerabilities, the lack of resources in cybersecurity to perform remediation and balancing remediation with reduced maintenance windows. These challenges contribute to organizations struggling with remediation backlogs. Ray will explain how calculating vulnerability risk can help organizations prioritize their vulnerabilities based on risk level to help determine the order in which vulnerabilities are addressed.

Hosted by ISACA's Chris McGowan.

The True Cost of a Data Breach

Tue, 23 May 2023 08:00:00 +0000

Guests Jack Freund and Natalie Jorion discuss the need for additional data for quantitative risk analyses and methods to derive that data when it does not exist. They cover how this was done in the past and their updated method for interpolation of such data from record losses and other firmographic data. They end with a discussion of the role of model validation and how it can enable reliable risk management decision making.

Hosted by ISACA's Safia Kazi.

2023 IT Compliance and Risk Benchmark Report

Tue, 16 May 2023 10:00:00 +0000

Are you wondering about the ever-changing landscape of IT compliance and risk management? Look no further. Hyperproof, a leading SaaS compliance operations provider, conducts an annual survey of over 1,000 IT risk, compliance, and security professionals to uncover their top challenges. Tune in to this exclusive episode to hear about the top five most important statistics uncovered from the survey and get an overview of how your industry peers are managing IT risk and compliance programs within their organizations.

We’ll cover:

● The top five findings from the survey

● How your peers are planning to handle compliance, audit management, and risk management in the midst of this year’s volatile economy

● What companies are doing differently in response to recent and highly publicized security breaches to avoid security lapses and compliance violations

Download Hyperproof’s 2023 IT Compliance and Risk Benchmark Report https://hyperproof.io/it-compliance-benchmarks/

What Kind of Glasses Are You Wearing? Your View of Risk May Be Your Biggest Risk of All

Tue, 09 May 2023 16:00:00 +0000

The world of business has changed dramatically over the past few years. Our digital world is more connected than ever, leaving security and technology teams stretched even thinner. Privacy and data regulations are increasing on a state and national level, threat actors are learning and evolving, and cybersecurity has finally become a boardroom priority! Now that you have leadership’s attention- what will you do? If your answer is “risk management as usual”, that may be holding you back.

Traditional risk management approaches make a lot of promises, but most of them are myths. Do any of these sound familiar?

● You can make better-informed decisions by using a single platform.

● You can use automation to achieve continuous compliance.

● You can implement risk management by creating a risk register.

● You can use qualitative attributes to measure and assess risk.

In this episode, we’ll assess risk management myths and discuss how to establish scalable, quantifiable, and always-on risk management for the future.

Hosted by Lisa Cook and featuring special guest Megan Maneval.

How Organizations Can Consistently Reduce Cyberrisk

Thu, 04 May 2023 09:00:00 +0000

Cyber threats are now a “clear and present danger” to most organizations, companies and governments of the world. A good cyber defense involves many, intricate layers. You can never have enough layers, just like you can never remove all the risk. In order for organizations to reduce as much risk as possible, in a rapidly shifting threat landscape, they must constantly make improvements. The threat groups are making rapid improvements and increasing their expertise at a steady rate. They are investing in R&D and Zero-Day exploits. To offer a good defense, we must make progress at the same rate as the threat groups or we may fall behind, increasing risks and allowing the cyber world to become like the “wild-wild west.”

Key Considerations for Conducting Remote IT Audits

Tue, 02 May 2023 09:00:00 +0000

Conducting adequate preparation including risk assessments, assessing resource requirements and ensuring ongoing communication to harness both the benefits and to address the potential challenges faced when conducting hybrid or fully virtual audits.

Seven Things to Know Before Automating IT General Control Audits

Thu, 27 Apr 2023 10:00:00 +0000

This podcast is a practical discussion with two IT Internal Auditors, Frans Geldenhuys and Gustav Silvo, that have automated IT General Controls across their highly diversified and decentralized group. They will share some of the pitfalls they have experienced in their automation roll out and advise on how to avoid or manage these pitfalls with host, Robin Lyons.

Check out Frans and Gustav’s full ISACA Industry News article, “Seven Things to Know Before Automating IT General Control Audits,” http://www.isaca.org/automating-it-general-control-audits

For more ISACA Podcasts, https://www.isaca.org/podcasts

Understanding, Assessing, Aligning and Transforming Organizational Culture

Thu, 20 Apr 2023 09:00:00 +0000

Organizational culture is crucial because it shapes behaviors and attitudes in the workplace, which can profoundly impact operations and overall success. However, it is sometimes difficult for CISOs and other infosec managers to fully understand their culture because they are inside it constantly.

In this ISACA Podcast episode, author and journalist Mark Tarallo chats with ISACA's Safia Kazi about how infosec managers can assess the organizational culture by using a culture model to examine the behaviors, relationships, attitudes, values, and environment that the culture sustains. It also discusses possible ways to lead a culture change initiative.

To read Mark's full ISACA Journal article, "Understanding, Assessing, Aligning and Transforming Organizational Culture," click the link https://www.isaca.org/organizational-culture

For more ISACA Podcasts: https://www.isaca.org/podcasts

Topics in Emerging Technology, Governance and Ethics

Tue, 18 Apr 2023 08:00:00 +0000

What are the primary risks associated with the adoption of emerging technologies, particularly during periods of high market volatility and changing governance requirements? We talk with Samuel Zaruba Smith, PhD(c) about his learnings from working in government regulated industries and emerging technology. We deep dive into the problems of business strategy, security, policy, social engineering ethics, and audits within a business environment of emerging technology systems such as Artificial Intelligence and Web3 decentralized technologies. Given the current business landscape of early 2023, changing market conditions and rapidly evolving governance concerns need to be top of the mind for all organizational leaders. Samuel provides insightful recommendations for improving your organizational structure and technology governance to create a more productive, inclusive, and ethical workplace.

Industry Spotlight - Julia Kanouse

Tue, 11 Apr 2023 13:56:26 +0000

Get to know Chief Membership and Marketing Officer Julia Kanouse as she sits down with childhood best friend and ISACA VP Amanda Raible. The duo discuss everything from leadership to motherhood while competing in Mario Kart! Tune in!

What Is Your IP Address Cybersecurity IQ? The Role of IP Address Data in a Digital World

Tue, 04 Apr 2023 15:00:00 +0000

There are literally thousands of VPN services on the market. Some are undeniably benign, but others offer a slate of features that are friendly to cyber criminals. Keeping your network safe from hackers requires you to understand the VPN market, and make decisions based on your company’s appetite for risk. Fortunately, by analyzing IP address data associated with these devices, security professionals can get access to a wealth of VPN contextual data that helps them distinguish between perfectly legitimate providers and those that turn a blind eye toward crime. In today’s world, it is vital for security professionals to know how to leverage IP address data and its contextual insights to protect enterprise networks.

The Future of Technology Risk: 4 Ways to Build Stakeholder Trust in the Technology Risk Imperative

Tue, 21 Mar 2023 10:00:00 +0000

Today, the pace of change across industries is quicker than ever before. Economic, political, and social unrest and a global climate crisis have placed unprecedented disruption and pressures on organizations looking to navigate a rapidly changing environment.

Firms are being out-innovated and entire industries are being disrupted in a matter of months or years, as opposed to decades. Shifting regulations, data as an asset, dynamic customer behavior and employee expectations of continued flexibility in a more virtual workplace add to the challenge.

Technology risk and compliance needs to adjust to this new reality. The strategy and value of an organization’s technology risk management are becoming essential to build and secure stakeholder trust. That means moving closer to the point where the risk events occur and using preventative, detective, and automated controls as much as possible.

In this podcast, Beth McKenney, a Principal in the KPMG Technology Risk service network, offers a game plan for companies to meet these today’s challenges with an eye on building stakeholder trust. That means having a proactive, rather than a reactive, approach to risk management.

Measuring Security Resilience from the Lens of the Adversary Community

Tue, 14 Mar 2023 10:00:00 +0000

In a world where adversaries are constantly adapting to improve tactics, techniques, and procedures (TTPs), it is crucial to understand the unique traits and goals of various types of adversaries that actively seek to cause harm to an organization. The personification of these threats will ultimately help measure resilience against specific threat actors, identify investment and hardening opportunities, and improve trust with customers.

In this podcast, Daniel Ventura, Manager of Product Security Incident Response Team (PSIRT), shares insight into Adobe’s approach to adversary personification as well as provides guidance on how you can better measure the security resilience of your products. He’ll also talk about Adobe’s bug bounty program which helps his team identify new trends in adversary interest and defend against real incident response events.

Risky Business – Jon Brandt

Tue, 07 Mar 2023 16:00:00 +0000

For the average person, life moves quickly. But for business leaders and anyone involved in any aspect of IT, the pace at which technology is changing is overwhelming. Technology can help businesses and individuals do more with less and increase profit margins. However, technological advances carry tremendous risk and increase the criticality of risk management. No longer can business and personal use of technology be viewed in siloes. ISACAs Director of Professional Practices and Innovation, Jon Brandt, is joined by Ryan Cloutier as they discuss some of the latest headlines and impact to intellectual property.

Building Digital Trust Through Advocacy

Thu, 02 Mar 2023 10:00:00 +0000

If you thought ISACA was only about certification and education, get ready to listen to this podcast and see how ISACA advocates for the IT Audit and Risk Management professions! Join Cindy Baxter, author of the Audit in Practice column in the ISACA Journal, as she interviews two members of the ISACA New England Board of Directors who attended ISACA’s Hill Day in Washington DC. Hear how they met with their government representatives and with ISACA’s help, discussed legislation that supports our profession! It’s an opportunity to think about the impacts you can have in your own back yard and with civic leaders!

Advertising Information Security

Tue, 28 Feb 2023 10:00:00 +0000

In this episode, executive principal at Risk Masters International’s Steven Ross discusses why vendors of IT products and services are advertising information security, why businesses are not advertising their security and how to use information security as a component of organizations’ public images with host Safia Kazi.

Rethinking Identity Governance

Tue, 21 Feb 2023 10:00:00 +0000

SaaS is eating the world even more than we think. Companies are dealing with SaaS sprawl: hundreds of apps distributed across different owners that store sensitive data and which are used to orchestrate critical business workflows. Security-minded teams are turning to external compliance frameworks to help protect their customers and data.

However, traditional identity governance controls have fallen short of delivering real security outcomes in this digital-first world. They’re missing a critical piece: automation. In this episode, ConductorOne’s CEO and Co-Founder, Alex Bovee joins this episode to discuss why we need to change the way we think about compliance and risk and what a security-led governance program could look like.

Learn more about ConductorOne at https://www.linkedin.com/company/conductorone/ or https://www.conductorone.com/blog/automating-compliance-controls-least-privilege-access/

2023: The Year of Risk

Tue, 14 Feb 2023 21:00:00 +0000

A review of the events of 2022 shows that 2023 will not be the year of dire new cyber attacks waged by hoodie-wearing cyber criminals or office-bound nation-state APTs. Instead, 2023 will be when multiple regulatory bodies express their mounting frustration with public and private companies' collective inability to reduce the volume and impact of prior cyber attacks.

Tune into this ISACA Episode as Hyperproof’s Field CISO, Kayne McGladrey, speaks with ISACA’s Jeff Champion on how 2023 will be the year of risk.

Learn more about Hyperproof at:

https://twitter.com/Hyperproof

https://www.linkedin.com/company/hyperproof/

https://www.instagram.com/hyperproof/

Additional Hyperproof Resources:

https://hyperproof.io/resource/the-ultimate-guide-to-enterprise-risk-management/

https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2022/three-key-predictions-for-2023-the-year-of-risk

https://hyperproof.io/resource/risk-management-software-buyer-guide/

https://hyperproof.io/case-studies/pythian-uses-hyperproof-to-get-time-back-and-improve-its-risk-management-maturity/

Improving Cyber Resilience in an Age of Continuous Attacks

Thu, 09 Feb 2023 10:00:00 +0000

We live in the age of continuous compromise. This podcast dives into why so many organizations continue to be breached even after spending money on cybersecurity point solutions. Many organizations gravitate towards silver bullet solutions without understanding the threat and impact.

In this ISACA Podcast episode, Chris McGown speaks to Rex Johnson and Hamlet Khodaverdian about why a holistic and collaborative approach is absolutely critical to creating cyber-resilience.

For more information check out www.isaca.org/improving-cyberresilience-in-an-age-of-continuous-attacks

Advancing Digital Trust Through Audit and Assurance

Tue, 07 Feb 2023 10:00:00 +0000

A strong audit and assurance function is critical to achieving digital trust in an organization. This conversation spotlights audit's role in digital trust and outlines key priorities. It also shares new ISACA resources for auditors.

For more information, go to https://isaca.org/digital-trust

ISACA Live_Critical Infrastructure Security

Thu, 02 Feb 2023 10:00:00 +0000

ISACA's Chris Dimitriadis and the US GAO's Nick Marinos discuss the current state of critical infrastructure security, escalating threats and how to better prepare.

For more information check out www.isaca.org/heightened-threats

ISACA Live | Risk Scenarios

Tue, 31 Jan 2023 10:00:00 +0000

Paul Philips and Lisa Young will discuss how risk scenarios help decision-makers understand how certain events can impact organizational strategy and objectives. Good risk scenario building is a skill and can take some time to truly master. Paul and Lisa will provide actionable advice on building the best possible scenarios to help your organization better manage risk

For more information check out https://www.isaca.org/resources/it-risk

ISACA Live | How to Mature Your Privacy Compliance Program

Thu, 26 Jan 2023 10:00:00 +0000

Compliance with the world’s ever-increasing list of privacy laws can be a tricky undertaking for any organization, but by taking a few simple steps, you can begin to mature your privacy program from a series of check-box exercises into an intelligent compliance program that can help organizations to build consumer trust and protect brand reputation.

Join this conversation with OneTrust DPO Linda Thielova and ISACA's Paul Phillips to learn how to operationalize privacy compliance within your organization and get practical tips on how to mature your privacy compliance program.

Career Coach Advice: How to Launch Your IT Audit Career

Tue, 24 Jan 2023 10:00:00 +0000

Career coach Caitlin McGaw will share her top tips for young professionals and career changes on how to launch a successful career in IT audit--from acing your first interview and landing your first job to career resources to help your career continue to grow and thrive.

To learn more, check out www.caitlinmcgaw.com

ISACA Live | Advancing Digital Trust Through Data Privacy

Thu, 19 Jan 2023 10:00:00 +0000

Learn more at isaca.org/digital-trust

ISACA Live | The Dark Future of Privacy

Tue, 17 Jan 2023 10:00:00 +0000

Privacy Mining will increase because of billions of IoT devices being connected every day. Combined with advanced psychologic research, this can be a very powerful tool for manipulating people's behavior. A Fake reality also poses a big threat to our future of privacy. Software, such as Deep Fakes, has the ability to use someone's facial structure and create fake videos featuring digitally created characters with an uncanny resemblance of real people, such as celebrities.

This technology is so advanced, that our minds aren't sophisticated enough to comprehend the difference between real and fake data created by it, which leads to the next point. We are entering a trust crisis.

Trust is the foundation for innovation and technological advance. If people don't trust autonomous cars - they won't use them; if people don't certain websites - they won't read their news; Without trust, we cannot move forward, which is why we need to raise awareness about the dark future of privacy.

Information Privacy Contradiction: Interest-Based Posture of Compliance and Violation

Thu, 12 Jan 2023 10:00:00 +0000

Why do individuals, organizations, institutions, nations, or responsible agents work hard to preserve their personal and enterprise data, personnel information, trade secrets, intellectual properties, technical know-how, or national data, yet easily trade on the individual and enterprise data and national data of others?

To understand and answer the question appropriately, one must examine the underlying of the Information Privacy Realities Contradiction Theory (IPRCT), which is integral to (1) our natural unity of opposites, (2) our material dialectic mechanism or struggle of choosing from the opposites, and (3) the role of our self-interest in time and circumstance. Therefore, understanding the intricacies of the IPRCT would be instrumental to the proper and timely introduction of privacy requirements early in our system development lifecycle and in the development and enactment of information privacy policies, directives, guidance, and regulations around the world.

In this ISACA Podcast episode, Safia Kazi host Dr. Patrick Offor, Chief Warrant Officer Five Retired (CW5(R)); Associate Faculty, to discuss his recently released ISACA Journal article.

To read Dr. Offor’s full article, please visit https://www.isaca.org/resources/isaca-journal/issues/2022/volume-6/the-information-privacy-contradiction.

To listen to more ISACA podcasts, please visit www.isaca.org/podcasts.

ISACA Live | Advancing Digital Trust Through IT

Thu, 05 Jan 2023 10:00:00 +0000

On National IT Professionals Day, ISACA's Kevin Keh explains how IT professionals can advance digital trust in their organizations and in their industries.

Learn more at isaca.org/digital-trust

Should Cybersecurity Be Subject to a SOX-Type Regulation?

Thu, 29 Dec 2022 15:00:00 +0000

Numerous laws and regulations have been passed to protect sensitive information, both at the federal and state level, creating a patchwork of requirements for companies to comply with.

However, with limited resources for cybersecurity investment, this uncoordinated approach has clouded objectives and led to decision paralysis within firms. Could cybersecurity implementation benefit from a Sarbanes-Oxley Act (SOX) type approach?

In this ISACA Podcast, Senior Director Mike Tomaselli joins ISACA’s Robin Lyons in this episode to discuss how this approach would create a risk-based, internal control model focused on cybersecurity that includes enforcement capabilities and requires third-party oversight and executive accountability.

To read Should Cybersecurity Be Subject to a SOX-Type Regulation? Please visit www.isaca.org/should-cybersecurity-be-subject-to-a-sox-type-regulation.

To listen to more ISACA podcasts, please visit www.isaca.org/podcasts.

Beware the Traps of Data Governance and Data Management Practice

Tue, 27 Dec 2022 15:00:00 +0000

Guy Pearce joins ISACA’s Lisa Villanueva for a conversation about the traps of Data Governance and management. Guy breaks down Lore vs. Data, reasons for not using information for decision-making, and why data is a shared benefit for the organization.

Stay tuned until the close to hear Guy’s advice on using metaphors when communicating technical concepts to executive leadership.

To read Guy's full article, visit: www.isaca.org/beware-the-traps-of-data-governance.

To listen to more ISACA podcasts, please visit: www.isaca.org/podcasts.

Convergence: Where Next?

Thu, 22 Dec 2022 15:00:00 +0000

ISACA’s Jeff Champion welcomes Steven Ross to the ISACA podcast. Steven asks what the effect of Convergence on the Control Community and concludes that everything is connected to every role, and it is becoming risky to have employees siloed within their own practice. He also remarks on how he once wrote an ISACA Journal article about companies creating a role for Chief Security Officer and now that is becoming a reality within the industry. Tune in now!

To read Steven’s full-length article, visit: www.isaca.org/convergence-where-next

To listen to more ISACA podcasts, visit: www.isaca.org/podcasts

Do Data Go To Waste

Tue, 20 Dec 2022 17:11:17 +0000

The Impact of SOX on the Industry 20 Years Ago and Today. Opponents of Sarbanes Oxley, (SOX) contend the law is too costly for companies to operationalize given the small benefit that SOX regulation provide. Proponents say that a world without SOX is a world in chaos.

This article discusses how SOX measures up 20 years after the law was enacted.

To read Cindy's ISACA Journal article, Do Data Go to Waste, please visit: www.isaca.org/do-data-go-to-waste

To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.

Protecting Your Enterprise and Deterring Fraud in a New Risk Era

Tue, 13 Dec 2022 16:41:57 +0000

As uncertainty persists due to the COVID-19 pandemic, the war in Ukraine, international cyberthreats, inflation, and a looming recession, it is clear that the world has entered a new era of risk. These factors have created the perfect storm for rising fraud. In the past year, unauthorized digital account openings increased by 21%, while smartphone-related cyberattacks soared by 71%, reflecting a changing threat landscape impacting enterprises and consumers alike.

According to one global survey, nearly half of all respondents experienced fraud in the past 24 months, 3 compromising financial resources, personal data, and peace of mind with frightening rapidity. Recent research we have completed also reflects that “60% of Consumers Don't Believe Companies Do Enough to Protect Their Data as Demand for Security Grows".

Listen to the CEO of GBG Americas, Christina Luttrell, as she explains that, as a result, identity verification is a priority for organizations and government agencies that view it as a strategic differentiator that allows them to enhance the customer experience while improving their defensive posture at a critical time in this ISACA podcast episode.

To read the ISACA Journal article, Protecting Your Enterprise and Deterring Fraud in a New Risk Era, please visit: https://www.isaca.org/protecting-your-enterprise.

To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.

The Circle of Failure: Why the Cyber Security Industry Doesn’t Work

Fri, 09 Dec 2022 15:55:46 +0000

Richard Hollis, Director of Rick Crew, is serious about asking the tough questions.

ISACA’s Jon Brandt welcomes him to the ISACA podcast to have a conversation that challenges the status quo: Does the Cyber Security Industry work? After decades of experience in the security industry, Richard asks, “have I affected any change?” Richard points out that if we buy a toaster at the store and it doesn’t work, we return it, but as security professionals, we don’t hold products to the same standards. Why is this? Jon and Richard go back and forth on FUD, vendors, false positives, and where accountability lies in the industry.

Join Richard and Jon in the conversation to think about how we can affect the positive change that we want to see in our industry in the future!

To read Richard's full report, please visit www.isaca.org/the-circle-of-failure.

To listen to more ISACA podcasts, visit www.isaca.org/podcasts.

Meeting Attackers Where They Are

Tue, 29 Nov 2022 08:00:00 +0000

The world's largest software companies leverage modern-day Red Teams to protect against real-world attacks. Many companies focus on vulnerability management, compliance, and patching to secure themselves, but this is only a tiny part of the big picture. An improved security posture is achieved by leveraging the Red Team to pressure test the attack surface and discover the impact that can be made by actively exploiting the soft spots of the company.

In this podcast, Justin Tiplitsky, Director of the Red Team at Adobe, talks about how his team uses adversary intel to perform continuous testing on the parts of the company that attackers are the most interested in targeting. This continuous testing leads to the relentless identification of the most opportunistic areas to attack, more closely emulating the never-ending threat from real adversaries. Testing is followed up by storytelling and data to influence change within the company.

To learn more about Adobe, please visit: www.adobe.com

To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

Taking Security Strategy to the Next Level: The Cyber Kill Chain vs. MITRE ATT&CK

Tue, 22 Nov 2022 16:34:13 +0000

In an era of rampant ransomware and other malicious cyberattacks, it’s mandatory to double down on cybersecurity analysis and strategy to ensure an optimal security posture and the protection of critical assets and data.

Today, two models can help security professionals harden network resources and protect against modern-day threats and attacks: the cyber kill chain (CKC)and the MITRE ATT&CK framework.

Tim Liu, long-term security technologist, co-founder, and CTO, will provide an overview of these two frameworks and the limitations or benefits of each approach.

To read Taking Security Strategy to the Next Level, please visit www.isaca.org/taking-security-strategy-to-the-next-level.

To listen to more ISACA podcasts, please visit www.isaca.org/podcasts.

Auditee Buy-In—A Key Component of Effective Audits

Thu, 10 Nov 2022 18:02:31 +0000

As you plan and execute your audit, do you take time to invest in the stakeholder relationship? This can be an often-overlooked element but essential in an effective audit.

Tune into this ISACA Podcast as Steve Jackson, IT Audit Manager at Airbnb, chats with ISACA’s Robin Lyons about ways to gain auditee buy-in and have a successful and effective audit.

To read Steve’s full-length article, “Auditee Buy-In—A Key Component of Effective Audits,” visit www.isaca.org/auditee-buy-in

To watch the ISACA Video Podcast of this episode, visit, https://youtu.be/nWFcXC24ueA.

For more ISACA Podcasts, please visit: www.isaca.org/podcasts or visit ISACA YouTube Channel at https://www.youtube.com/c/IsacaHq.

Breaking Down the ESET T2 2022 Threat Report

Tue, 08 Nov 2022 21:55:56 +0000

In this ISACA Podcast episode, ESET’s Chief Security Evangelist, Tony Anscombe, joins ISACA’s Principal, Emerging Technology Professional Practices, Collin Beder to discuss ESET’s recently released T2 2022 Threat Report.

As a global leader in cybersecurity, ESET’s T2 2022 Threat Report summarizes the most notable trends that have shaped the threat landscape for the past four months. This report dives into CloudMensis, the previously unknown macOS malware discovered by ESET researchers.

To read the full ESET report: https://www.welivesecurity.com/wpcontent/uploads/2022/10/eset_threat_report_t22022.pdf.

For more information, check out ESET’s award-winning blog: WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.

Enabling Digital Trust through Canada’s Digital Charter

Fri, 04 Nov 2022 17:07:42 +0000

Data are the lifelines of a digital economy. They drive innovation, enabling cutting-edge research and next-generation technologies, including artificial intelligence (AI), robotics, and the Internet of things (IoT). But these opportunities introduce new sources of risk that must be managed appropriately. Canadians are raising important questions such as, “How will personal data be used?” and “What controls are in place to safeguard privacy and security?”

To encourage innovation within the digital economy while managing this risk, the Government of Canada has established the need for digital trust between citizens and organizations as an enabler by implementing a Digital Charter. As the Canadian government cites, “Trust is the foundation on which our digital and data-driven Canadian economy will be built.” This digital trust is defined by the “confidence that users have in the ability of people, technology, and processes to create a secure digital world.

Tune into this ISACA Podcast as the Acting Director of Internal Assurance at the Office of Enterprise Risk & Assurance of the University of British Columbia (UBC), Mary Carmichael, join’s ISACA’s Safia Kazi to explore topics including what is the Digital Charter and how it supports digital trust; what are critical elements of the Digital Charter (e.g., AI Ethics, Privacy, Principles for the Digital Economy); what are the implications for organizations and the public.

To read Mary’s full-length article, visit https://www.isaca.org/enabling-digital-trust-with-canadas-digital-charter.

It’s About (Down) Time

Tue, 01 Nov 2022 14:14:37 +0000

It is all about the system's downtime.

In this ISACA Podcast episode, Risk Masters International's Steven Ross tells ISACA's Collin Beder that organizations should start focusing on hours of unavailable systems and data when measuring the cost of a cyber-attack. Steven also discusses the causes and targets of system downtime and why he thinks the IT world is currently living in a dangerous time.

To read Steven's full-length article, visit www.isaca.org/its-about-down-time.

To listen to more ISACA Podcasts, visit www.isaca.org/podcasts.

How Social Engineering Bypasses Technical Controls

Thu, 27 Oct 2022 09:00:00 +0000

We are subjected to phishing scams almost every day, and even the most seasoned professional must examine an email to ensure the links included are safe.

Brown University and Federal Reserve Bank of Cleveland's Allen Dziwa says people are the weakest link and that customized messaging using regional language for targeted attacks is becoming more prevalent. Allen breaks down the many types of attacks (phishing, spear phishing, smishing, vishing, whaling) with ISACA's Kevin Keh. Tune in now to learn how to be vigilant when facing potential attacks from scammers.

To read Allen’s full article, please visit: www.isaca.org/how-social-engineering-bypasses-technical-controls

To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

What Makes Risk Assessments So Unpleasant and How to Change That

Wed, 26 Oct 2022 20:44:42 +0000

Ryan Cloutier's child came home from school one day and told him that he had figured out the staff Wi-Fi password. Frustrated that the security wasn't better for a school network, Ryan decided to do something about it. Since then, his career has been focused on serving K12, local government, and socio-economically disadvantaged communities with his company Security Studio.

ISACA's Jeff Champion asks him about ways to overcome technical language barriers when completing risk assessments and Ryan discusses key issues with risk assessments and a path forward to resolving them. Tune in to start thinking about more interesting ways to approach risk assessments!

To read Ryan's full-length article, visit: www.isaca.org/what-makes-risk-assessments-so-unpleasant

To listen to more ISACA Podcasts, visit: www.isaca.org/podcasts

ISACA CyberPros – Naomi Buckwalter

Fri, 21 Oct 2022 15:49:55 +0000

Executive Director of Cybersecurity Gatebreakers Foundation, Naomi Buckwalter, joins ISACA’s Jon Brandt to discuss burnout.

There are many factors at play when discussing burnout: company culture, work-from-home flexibility, unrealistic expectations from supervisors, and industry pressure, but Naomi gives you multiple action plans for combatting workplace burnout and creating healthy boundaries with your colleagues. Tune into this ISACA Podcast now!

To learn more about Naomi, please visit: https://www.linkedin.com/in/naomi-buckwalter/

To listen to more ISACA podcasts, please visit: www.isaca.org/podcasts

Quantifying the Qualitative Risk Assessment

Tue, 18 Oct 2022 15:11:29 +0000

In this ISACA podcast episode, IT Risk Director and Senior Vice President Mike Powers and IT Segment Risk Manager Julie Ebersbach discuss using the qualitative risk assessment as part of an organization's enterprise risk framework, focusing on using data to inform subjective judgments.

The value and accuracy of a qualitative risk assessment, based on subject matter expert judgment, can be improved with focused data. Tune in now to hear Mike and Julie chat with ISACA's Jeff Champion about how quantifiable data increases the qualitative risk assessment's reliability, accuracy, and credibility.

To read ISACA Journal article, Quantifying the Qualitative Technology Risk Assessment, please visit: www.isaca.org/quantifying-the-qualitative-technology-risk-assessment

To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.

Gaining More Actionable Intelligence Using a Smarter Security Data Lake

Thu, 13 Oct 2022 09:00:00 +0000

In today’s dynamic world of distributed computing and cloud-scale systems, traditional security data platforms and tools such as SIEM typically fall short of actually delivering the intelligence needed to better adapt to the rapidly changing threat landscape. This is primarily due to a lack of core data lifecycle management, analytics, and integration capabilities. In addition to closing these functional gaps, security organizations could benefit by making AI/ML-driven advanced analytics a core component of their security intelligence capabilities. While there is admittedly a lot of hype around the concept of a “security data lake” in the industry, most approaches to date have not really delivered the type of usable intelligence needed to be as nimble as we must be in today’s cybersecurity world.

To address these issues, Adobe is taking a holistic approach to data and analytics that aims to enable efficiencies and scale for its Security organization. We have embarked on a journey to build an integrated and holistic security data and analytics platform as a foundational building block in its security organization. Join Krishna Patil, Principal Architect, Security, from Adobe as he discusses with ISACA's Collin Beder the approach we have taken to provide insights you can use to help tackle the problem of not just gathering the right data but making it more actionable to your security teams. Tune into this ISACA Podcast now!

To learn more about Adobe, please visit: www.adobe.com

To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

ISACA Industry Spotlight | Ali Pabrai

Tue, 11 Oct 2022 14:03:59 +0000

There is no denying the passion that ecfirst's CEO, Ali Pabrai has for cybersecurity. In this ISACA Podcast, Ali tells ISACA's Hollee Mangrum-Willis that after all his years in the industry, he is still more excited than a two-year-old at the entrance to Disneyland.

Listen in as Ali discusses his origin story as a first-generation American working for Fermi National Accelerator Laboratory, creating a startup soon after the new millennium and how he has balanced all his career accomplishments while raising a neurodivergent child. Tune in now to hear about why Ali thinks we should compare the human body to cybersecurity and much more!

To learn more about Ali, please visit: https://www.linkedin.com/in/pabrai/

To learn more about OneInTech, please visit: www.oneintech.org

To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

Managing Cybersecurity Risk as Enterprise Risk

Thu, 06 Oct 2022 13:04:05 +0000

Cybersecurity incidents like ransomware can potentially bring operations to a standstill. Recent regulatory changes by the FTC and proposed changes by the SEC show that both agencies are drafting cybersecurity rules similar to ERM concepts. This would include board oversight of cybersecurity and the responsibility of senior management to implement cybersecurity policies and procedures and provide training for information security staff that is sufficient for them to address relevant security risks. In addition, this could mean that your organization may be required to report incidents and disclose cybersecurity policies and procedures.

Tune in to this ISACA Podcast episode to listen in as Cyber Defense Labs’ Manager of Cybersecurity Advisory Services Tom Schneider tells ISACA’s Jeff Champion that any threat to this essential information is an enterprise risk that needs to be managed by the enterprise through teamwork, with leadership from both the board and senior management. Tom also gives insights into managing cybersecurity risk as an enterprise risk.

To read Managing Cybersecurity Risk as Enterprise Risk, please visit: www.isaca.org/managing-cybersecurity-risk-as-enterprise-risk.

To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts.

Implementing Artificial Intelligence: Capabilities and Risk

Tue, 04 Oct 2022 09:00:00 +0000

University of Florida's Ivy Munoko is passionate about AI and has plenty to share regarding implementation and usage, but ISACA's Collin Beder asks, "is it ethical"?

Ivy breaks down the ethical considerations for AI and the four types of intelligence (Mechanical, Analytical, Intuitive, Empathetic), and she shares her take on why she thinks AI won't be replacing our jobs for a very long time to come

To read Ivy's article, please visit www.isaca.org/implementing-ai-capabilities-and-risk.

To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.

Audit in Practice: Auditing Culture

Thu, 29 Sep 2022 13:03:42 +0000

What’s The Risk LLC’s Cindy Baxter sits down with ISACA’s Robin Lyons to discuss auditing culture, which can be one of the most interesting areas to audit. We all have things we want out of our work environment like remote work, flexible hours or as Cindy comments: “I’d love to take my dog to work with me!”, but she and Robin question what is really important to workplace culture, and does it start with a “tone at the top”? Cindy gives advice on auditing approaches and key assessments when auditing as culture can be a critical part of an organization, making or breaking its effectiveness.

To read Cindy’s full length article, please visit: www.isaca.org/auditing-culture

To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

Incident Report & Continuous Control Monitoring

Tue, 27 Sep 2022 12:40:21 +0000

This episode of the ISACA Podcast is all about incident reporting. Lesotho Postbank's Relebohile Kobeli talks to ISACA's Collin Beder about mitigating risk, minimizing losses from events, and good communication. As Relebohile says: "as we carry out our daily tasks at work, we should always be proactive... and recognize abnormal behavior". Tune in now!

To read Relebohile's full article, please visit: www.isaca.org/how-enterprises-can-leverage-incident-reporting

To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

Industry Spotlight - Lisa Young

Thu, 22 Sep 2022 13:02:55 +0000

Netflix's Lisa Young started as a bank teller that learned tech by fixing and servicing ATMs, which transitioned to her joining the network ops field and leading her to "help organizations understand what could keep them from meeting their strategy, objectives or mission". After rough telecom layoffs, she re-educated herself with ISACA certifications and started leading a chapter, which included the honor of hosting an ISACA conference and she has developed content with ISACA's Paul Phillips. In this episode she sits down with Paul to discuss their shared work on ISACA-related projects, cyber careers and why you should be curious and ask how things work. Lisa loves the idea of continuous learning and asks, "what is a good next step for you?"

To listen to more ISACA Podcasts, go to isaca.org/podcasts

Be sure to like, comment, and subscribe for more ISACA Productions content.

Defending Data Smartly

Tue, 20 Sep 2022 12:45:12 +0000

Some industry watchers estimate that by 2025 the collective data of humanity will reach 175 Zettabytes. ISACA's Jon Brandt invites Dr. Chase Cunningham (aka Dr. Zero Trust) to discuss how to defend the ever-growing amount data, problem-solving for business units and compliance. Chase also questions the idea of “never compromise” and “perfect defense” when defending data. Tune in now!

To Learn more about Dr. Zero Trust, visit: www.zerotrustedge.com/dr-zero-trust

To listen to more ISACA Podcasts, visit: www.isaca.org/podcasts

Foco de la industria - Arnulfo Espinosa Dominguez Parte II

Fri, 16 Sep 2022 11:13:17 +0000

Parte I: https://isacapodcast.podbean.com/e/foco-de-la-industria-arnulfo-espinosa-dominguez/

El vicepresidente del Capítulo Monterrey de ISACA y Director de Auditoría y Fraude de TI de uno de los Grupos Financieros más grandes de México, Arnulfo Espinosa Domínguez, se une a Jocelyn Alcantar de ISACA para compartir muchas cosas que ha aprendido durante sus 20 años de experiencia profesional en la industria. Habiéndose dado cuenta del valor de la información a una edad temprana, Arnulfo ha forjado su camino dentro de la comunidad de TI. Es un formador acreditado para múltiples certificaciones, asesor independiente y presidente de varios comités de Ciberseguridad, Riesgo y Auditoría, y es reconocido mundialmente por un apodo que sus compañeros le han dado, "El AudiTHOR".

Como voluntario de ISACA desde hace mucho tiempo y orador de conferencias, Arnulfo ha sido premiado en numerosas ocasiones por sus destacados logros. En 2019, se le otorgó el "Premio al Líder de Capítulo Sobresaliente" (Outstanding Chapter Leader Award) de ISACA, en 2020, recibió el "Premio John Kuyers al Mejor Orador" (John Kuyers Award for Best), y recibió el mayor logro, el "Premio Salón de la Fama de ISACA" (ISACA Hall of Fame Award) en 2021.

¡Únase a la escucha de este episodio mientras Arnulfo ofrece sus mejores consejos y prácticas para convertirse en un orador excepcional, consejos sobre cómo los profesionales emergentes pueden entrar en la industria, y cómo su alter ego, AudiTHOR, alimenta su pasión por la auditoría!

Para leer más sobre Arnulfo, visite www.isaca.org/resources/news-and-trends/isaca-now-blog/2020/iamisaca-from-rock-star-to-speak-star

Para escuchar más Podcasts de ISACA, visite www.isaca.org/podcasts

Ethical AI Shifting the Conversation Left

Thu, 15 Sep 2022 13:31:53 +0000

Many organizations prioritize goals such as gains and profits, which often require rich data sets, but fail to consider the eventual impact of their data handling methodologies on foundational social justice issues. ISACA's Collin Beder talks to Josh Scarpino about his recently released article Evaluating Ethical Challenges in AI and ML. Josh discusses issues such as ethical behavior, systemic issues and how to create trusted systems. Collin also asks what is the future for humans in regards to AI. Tune in now!

To read Evaluating Ethical Challenges in AI and ML, visit: www.isaca.org/evaluating-ethical-challenges-in-ai-and-ml

To listen to more ISACA Podcasts, visit: www.isaca.org/podcasts

Foco de la industria - Arnulfo Espinosa Dominguez Parte I

Wed, 14 Sep 2022 14:42:38 +0000

Parte II: https://isacapodcast.podbean.com/e/foco-de-la-industria-arnulfo-espinosa-dominguez-parte-ii/

Para leer más sobre Arnulfo, visite www.isaca.org/resources/news-and-trends/isaca-now-blog/2020/iamisaca-from-rock-star-to-speak-star

Para escuchar más Podcasts de ISACA, visite www.isaca.org/podcasts

Why (And How to) Dispose of Digital Data

Tue, 13 Sep 2022 13:08:45 +0000

The stakes are too high for organizations not to comply with data privacy regulations,” Bassel Kablawi states in his article, "Why (and How to) Dispose of Digital Data." As the Information Security and Data Privacy Consultant for System Solutions, Bassel Kablawi has the knowledge and experience to determine that the value of data disposal can help an organization protect personal data from being exposed and why the final step in the Data Lifecycle could be considered the most crucial.

Bassel takes us on a deep dive into digital data with ISACA's Safia Kazi on the five stages of data disposal in this ISACA podcast episode. He explains why it is essential to understand that destruction should be performed based on an organization’s retention policy and the five main disposal methods of data, which include date anonymization, data deletion, data crypto shredding (for encrypted data), data degaussing, and data destruction.

Tune in to hear Bassel explain why data destruction is critical to developing digital trust with customers and stakeholders and could save an organization’s reputation.

To read Bassel's article, please visit: www.isaca.org/resources/news-and-trends/industry-news/2022/why-and-how-to-dispose-of-digital-data

To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

Industry Spotlight - Johann Dettweiler Part II

Thu, 08 Sep 2022 13:08:37 +0000

Link to Part I: https://isacapodcast.podbean.com/e/industry-spotlight-johann-dettweiler-part-1/

In this ISACA podcast episode, we connect with TalaTek Director of Operations Johann Dettweiler to discuss his almost two decades of experience across multiple industry fields, his involvement in FEDRAMP compliance, and why the next generation should focus on adding certifications to their resumes.

Johann tells ISACA's Keith Karlsson that it was his work ethic and guidance of a trusted mentor that provided an opportunity in the IT security field. In less than 12 months, he racked up multiple impressive certifications such as CISSP, CCSP, and CEH that rapidly advanced his career and, as he explains it, allows him to be “the person that everyone hates because I tell you what is wrong with your system.”

Johann’s strong background in research and his constant quest for knowledge about this evolving industry, he is more than willing to provide listeners with his efficiency hacks to stay productive, motivational career advice, and why the next-generation cyber professionals may have an advantage over him. Tune in now to meet Senior Security Information Security Consultant Johann Dettweiler.

To learn more about Johann, visit https://talatek.com/project/johann-dettweiler/

To listen to other ISACA Podcast episodes, visit www.isaca.org/podcast

ISACA Podcast

The Future of IT Audit: Key Changes in ITAF 5

​​Breaking the Compliance Mentality​

Audit-Ready by Design: How AI Powers Smarter Identity Security

SheLeadsTech Fireside Chat: Celebrating Women in Cybersecurity

Humans Are IT Security’s Weakest Link

Secure Your Privacy: A security and privacy podcast: real conversations, real consequences, real solutions?

Securing Data in the Age of AI with DSPM: Lessons from a High-Impact ISACA Webinar

Elevate Your Career with Lauren Hasson

Cyberrisk Quantification: Strengthening Financial Resilience

Securing Desktops and Data from Ransomware Attacks

Cyberresilience and Cybersecurity

Cybersecurity Predictions for 2025

Examining Authentication in the Deepfake Era with Dr. Chase Cunningham

Safely and Responsibly Using Emerging Health Technology

Addressing SAP Security Gaps

What Enterprises Need to Know About ChatGPT and Cybersecurity

The Cyber Standard Podcast - Episode 4

The Cyber Standard Podcast - Episode 3

Effective Third Party Risk Management in 2024: AI’s Impact and Future Trends

Unlocking Strategic Value from a Bug Bounty Program

The Cyber Standard Podcast - Episode 2

The Cyber Standard Podcast - Episode 1

Measuring Security Risk Against Dynamic Threats

Reflecting on 25 Years of Information Security Matters

A View into CTEM Exposure Management: Reducing your Attack Surface 3x

Leveraging Agile Concepts for Neurodiverse Auditors

Minimizing Risk and Audit Requests

Issue Management Confidential: Tools and Best Practices for Improving IT Issue Management

Improving Security while Enabling Market Access with CCF

Scaling Your Threat Modeling Program

Secure your Supply Chain with an Effective Vendor Security Program

Cultivating Inspired Leaders with Kristi Hedges

Exploring the Benefits of Neurodiversity within Cybersecurity

Internal Audits That Create Stakeholder Value Adopting an Agile Mindset

Strategies for Avoiding Burnout

The Danger of Distraction in Augmented Reality

Managing Human Risk Requires More Than Just Awareness Training

Preparing for Interruptions, Disruptions and Emergence Events

IS Audit in Practice: Data Integrity On Demand

ISACA Live | Digital Trust Priorities for Privacy and Emerging Tech

Processes of Engagement with Scott Gould

Delivering Security Value to Product Teams Using the Power of Data

AI Ethics and the Role of IT Auditors

Using a Risk-Based Approach to Prioritize Vulnerability Remediation

The True Cost of a Data Breach

2023 IT Compliance and Risk Benchmark Report

What Kind of Glasses Are You Wearing? Your View of Risk May Be Your Biggest Risk of All

How Organizations Can Consistently Reduce Cyberrisk

Key Considerations for Conducting Remote IT Audits

Seven Things to Know Before Automating IT General Control Audits

Understanding, Assessing, Aligning and Transforming Organizational Culture

Topics in Emerging Technology, Governance and Ethics

Industry Spotlight - Julia Kanouse

What Is Your IP Address Cybersecurity IQ? The Role of IP Address Data in a Digital World

The Future of Technology Risk: 4 Ways to Build Stakeholder Trust in the Technology Risk Imperative

Measuring Security Resilience from the Lens of the Adversary Community

Risky Business – Jon Brandt

Building Digital Trust Through Advocacy

Advertising Information Security

Rethinking Identity Governance

2023: The Year of Risk

Improving Cyber Resilience in an Age of Continuous Attacks

Advancing Digital Trust Through Audit and Assurance

ISACA Live_Critical Infrastructure Security

ISACA Live | Risk Scenarios

ISACA Live | How to Mature Your Privacy Compliance Program

Career Coach Advice: How to Launch Your IT Audit Career

ISACA Live | Advancing Digital Trust Through Data Privacy

ISACA Live | The Dark Future of Privacy

Information Privacy Contradiction: Interest-Based Posture of Compliance and Violation

ISACA Live | Advancing Digital Trust Through IT

Should Cybersecurity Be Subject to a SOX-Type Regulation?

Beware the Traps of Data Governance and Data Management Practice

Convergence: Where Next?

Do Data Go To Waste

Protecting Your Enterprise and Deterring Fraud in a New Risk Era

The Circle of Failure: Why the Cyber Security Industry Doesn’t Work

Meeting Attackers Where They Are

Taking Security Strategy to the Next Level: The Cyber Kill Chain vs. MITRE ATT&CK

Breaking the Compliance Mentality