ISACA Now Blog

ISACA Now offers global perspectives and real-time insights on evolving challenges and opportunities facing our professional community—engage with leaders, experts and practitioners today.

Glenda Suarez Cabrera
Featured Blog

Five Mistakes Leading to a Biased Information Security Training and Awareness Program – and How to Avoid Them

Accomplishing a cyber-risk aware and motivated workforce is not something that can be achieved overnight. In most cases, it requires a multi-year program tailored to the organizational culture and the challenging external landscape.

Read now
Icon of a person holding a briefcase, next to two up arrows

ISACA Career Catalyst Member Stories

Explore our Career Catalyst series to see how members have turned to ISACA for support at different points of their career journeys.

Read now

View Recent Posts

Layout

List Layout Card Layout

Filters

Subjects

Domain

Credentials

15 of 1346 Results

Renaldo Jack
Blog Post

Fortifying the Operational Technology Sector: Battle-Tested Cyber Resilience Strategies

Battle-tested operational technology cybersecurity strategies starts with performing an OT cyber risk assessment and includes focus on foundational controls and multilayered network security.

17 June 2025
Krishan Bagla
Blog Post

A Practical Approach to Integrating Vulnerability Management into Enterprise Risk Management

Organizations can strengthen their vulnerability management and improve their risk posture without expensive tools by utilizing existing resources, fine-tuning internal processes and creating a security-aware culture.

13 June 2025
David Foote
Blog Post

Versatilists in the Vanguard: Why the Future of Info/Cyber Security, Audit, Risk and Privacy Belongs to the Agile

Versatilists connect dots and adapt, characteristics that increasingly are in demand by employers as the digital trust landscape becomes more complex and interconnected.

11 June 2025
Jas Gill, CISA, CISM, Senior Internal Audit Manager at RELX
Blog Post

ISACA Career Catalyst Stories: Jas Gill, CISA, CISM, Senior Internal Audit Manager at RELX

ISACA member Jas Gill says her audit career has progressed since tapping into ISACA credentialing and learning resources, with an emphasis on auditing emerging technologies.

6 June 2025
Aamir Jamil
Blog Post

DORA and NIS2: Connection Points and Key Differences

Compliance with the DORA and NIS2 regulations should not be viewed only as a regulatory obligation but as a strategic opportunity to strengthen digital trust.

5 June 2025
Chidambaram Narayanan
Blog Post

Iron Man’s Due Diligence: How Tony Stark Would Audit J.A.R.V.I.S. Before Deployment

Would your artificial intelligence audit align with industry standards in governance, risk and cybersecurity, and pass an Iron Man-level due diligence check?

3 June 2025
Mohammed J. Khan
Blog Post

The Evolving Connection Points Between AI and Audit

The integration of artificial intelligence (AI) in the audit profession is rapidly transforming how auditors work, enhancing skills development, improving efficiency, and revolutionizing risk analysis and monitoring processes.

30 May 2025
Glenda Suarez Cabrera
Blog Post

Five Mistakes Leading to a Biased Information Security Training and Awareness Program – and How to Avoid Them

Building a quality information security training and awareness program capable of elevating organizations requires intention, investment and a willingness to evolve.

29 May 2025
Advait Patel
Blog Post

Zero Trust in the Age of AI: Securing Cloud Environments Against Evolving Threats

The number of AI-powered attacks continues to grow and are becoming more difficult to detect, and security models using traditional methods are no longer effective.

27 May 2025
Sumit Sharma
Blog Post

Automation and AI/ML Opportunities in Third-Party Risk Assessment

Automation and artificial intelligence/machine learning can set in motion a smarter, faster and more scalable future for third-party risk management.

22 May 2025
Alaina Lawson
Blog Post

Beyond the Moat: Modern Defense- in-Depth Strategies

Just as medieval castles depended upon more than a single knight to stave off potential attacks, modern organizations need a deep arsenal of security tools to protect their critical assets.

21 May 2025
Abdul Jaleel
Blog Post

Five Ways that IT Auditors Can Put AI to Good Use

The success auditors have in leveraging artificial intelligence is dependent upon balancing the technological capabilities with sound governance, clear objectives and a thorough understanding of audit standards.

19 May 2025
Wojciech Misiura
Blog Post

Why IT Auditors Need AAIA: Addressing AI Challenges in Audit

The new ISACA Advanced in AI Audit (AAIA) credential equips auditors for a changing landscape in which artificial intelligence is reshaping roles and presenting auditors with new opportunities.

19 May 2025
Deidre Diamond
Blog Post

IT/OT Convergence: An Era of Interconnected Risk and Reward

Successful IT/OT convergence comes down to aligning three distinct paradigms: IT Operations, OT Operations and Cyber Operations.

15 May 2025
Ope Ajibola
Blog Post

Seven Strategies Business Leaders Can Adopt to Protect Operational Technologies and Critical Infrastructure Against Sophisticated Cyber Threats

Tailored strategies to protect critical assets are needed at a time when the attack surface is expanding, putting critical infrastructure at heightened risk.

13 May 2025
Load More
Natasha Barnes
Blog Post

Mindfully Befriending Your Certification Exam-Day Anxiety

Certification exam day can be stressful for exam-takers, but a mindful approach can go a long way toward constructively dealing with the nerves and improving performance.

9 May 2025
Mary Carmichael and Dooshima Dabo'Adzuana
Blog Post

Six Steps for Third-Party AI Risk Management

ISACA members Mary Carmichael and Dooshima Dabo'Adzuana shared their insights in a session on third-party AI risk at RSA Conference 2025.

8 May 2025
Welland Chu
Blog Post

Fortifying Digital Defenses: The Imperative of a Unified Cybersecurity Platform

A data-driven and cost-effective strategy—centered on governance, technology, and human expertise—is the approach organizations need to improve their cybersecurity posture and resilience.

6 May 2025
Carolynn van Arsdale, Content Marketing Manager at ReversingLabs
Blog Post

The 2025 Software Supply Chain Security Report: Threats Growing and Evolving

The threat landscape facing software today is changing fast! RL’s new research report explores those changes and shares key learnings and action items.

5 May 2025
2024 Annual Report
Blog Post

ISACA 2024 Annual Report Showcases Future Focus

The 2024 ISACA Annual Report provides insight into how ISACA is working to future-proof members' careers in a time of volatility and innovation across the digital trust fields.

2 May 2025
Asaf Weisberg
Blog Post

Elevating ISACA's Impact: Building a High-Performing Board for the Future

ISACA Board Director Asaf Weisberg addresses the Board's composition and varied backgrounds in this installment of Notes from the Boardroom.

30 April 2025
Rob Clyde
Blog Post

No More Excuses for Procrastinating on Quantum Preparation

We have an urgency problem when it comes to quantum computing that is rivaling even the underlying technology challenge.

28 April 2025
Donovan Cheah
Blog Post

Preparing Our Stakeholders to Navigate Quantum Computing

Within the cybersecurity space, quantum computing has often been linked to doomsday scenarios such as the cracking of RSA.

28 April 2025
Ravi Ragoonanan
Blog Post

Lessons from the CCOA: Failing Forward as a Cybersecurity Leader

A failed attempt at the CCOA exam provided important lessons learned and deepened my commitment to earning ISACA's new cybersecurity credential.

24 April 2025
Ola Akinsuli
Blog Post

Adaptive Access Control: Navigating Cybersecurity in the Era of AI and Zero Trust

Adaptive Access Control, an AI-driven security approach, gives organizations a better opportunity to counteract the modern, sophisticated threat landscape.

22 April 2025
Freeman Ng
Blog Post

ISACA Career Catalyst Stories: Freeman Ng, Principal Consultant at iSystems Security Limited

A major career change meant that Freeman Ng had to prove himself all over again, and turning to ISACA played a big part in his next phase.

21 April 2025
Massimo Migliuolo
Blog Post

ISACA’s Growing Influence as a Resource for Governments

ISACA's growing policy influence with global governments will create healthier digital trust disciplines and expand opportunities for ISACA members.

18 April 2025
Chidambaram Narayanan
Blog Post

Welcome to the IT Audit Awards: Ctrl + Alt + Defend Night

From Phantom Access to the Longest Audit Report and beyond, these IT Audit Awards come in many categories that might not be as much of a joke as we'd like to think.

17 April 2025
Liz Kinuthia
Blog Post

Practical Strategies to Overcome Cyber Security Compliance Standards Fatigue

Elizabeth Kinuthia shares three practical strategies cyber teams can deploy to overcome compliance fatigue.

16 April 2025
Mary Carmichael
Blog Post

An Overnight Wakeup Call: Coordinating Responses to Major Cyber Attacks

Gamification can be an effective approach to trust-building that will allow diverse stakeholders to be better prepared to deal with stressful and high-stakes cybersecurity incidents.

14 April 2025
Michelle Moore
Blog Post

CIO vs. CISO: The Key Differences — and Why They Matter

Discover the key differences between the CIO and CISO positions — including responsibilities, education and certifications — and why they matter.

10 April 2025
Maman Ibrahim
Blog Post

Lessons from The Art of War: A Fresh Look at Modern Auditing

Maman Ibrahim shares the lessons auditors can learn from Sun Tzu's The Art of War.

9 April 2025
Varun Prasad
Blog Post

Building AI Governance by Design

An artificial intelligence governance culture balancing safety and innovation is important to effectively deal with AI risks and enhance the trustworthiness of AI systems.

7 April 2025
Pam Nigro
Blog Post

My Transformational Journey: from Chapter Leader to the ISACA Global Board

Pam Nigro shares how her years in ISACA chapter leadership compares and contrasts to her current role on the ISACA Global Board of Directors, and what has helped her progress along the way.

3 April 2025
Jack Freund
Blog Post

A Multilayered Framework for Trusting Cyberrisk Models

A multilayered framework for evaluating trust in cyberrisk models enables organizations to effectively assess whether a model is fit for purpose and worthy of confidence in its outputs.

2 April 2025
Aditya Patel
Blog Post

Navigating the Future: 6 Cybersecurity Career Paths Shaped by AI

Artificial intelligence is causing organizations and practitioners to reimagine the approach to numerous roles across the cybersecurity profession.

31 March 2025
Ramona Ratiu
Blog Post

Technology as a Tool for Empowerment, Not Exclusion

Ramona Ratiu, winner of ISACA's Technology for Humanity Award, advances cybersecurity careers and empowers women in tech. Learn more about her leadership journey.

28 March 2025
Arnulfo Espinosa Domínguez
Blog Post

Extreme Auditing: Pushing the Boundaries of IT Assurance

Extreme auditing calls for the ability to jump in and assess anything, no matter how unexpected or unfamiliar, and it is a skill set that increasingly will come in handy for IT auditors.

27 March 2025
Richard Beck
Blog Post

Hackers Don’t Play by Rules: Neither Should You

As technology and the threat landscape continue to evolve and become increasingly sophisticated, organizations can no longer afford to let red vs. blue rule-bound perceptions put them at a disadvantage against hackers.

26 March 2025
James Omorogbe
Blog Post

Four Strategies Web3 Companies Can Deploy to Cost-Effectively Improve Cyber Resilience

James Omorogbe provides five low-cost cybersecurity strategies that Web3 companies can implement to enhance their cyber resilience while keeping expenses in check.

25 March 2025
Ookeditse Kamau
Blog Post

Follow-Up Audits and Follow-Up Process: The Auditor’s Impact Litmus Tool

Structure, evaluation criteria and reporting are all key aspects of the audit follow-up process that can determine the effectiveness of IT auditors' recommendations.

20 March 2025
ER Kritka
Blog Post

Artificial Intelligence and Machine Learning: A Double-Edged Sword

While artificial intelligence tools continue to grow more effective, cybercriminals use the same capabilities to accomplish complex attacks and intrusions.

19 March 2025
Patrick Trierweiler, A-LIGN Senior Consultant
Blog Post

PeopleOps, Not Human Resources, for Stronger System Security

A change in perspective can allow organizations to better see the risk and value of key controls and may prevent your source code from ending up on Discord.

17 March 2025
Niki Gomes
Blog Post

ISACA Career Catalyst Stories: Niki Gomes, Senior Internal Auditor

Niki Gomes, an audit professional and ISACA volunteer, says the relationships she has built through ISACA have made her career journey more enjoyable.

14 March 2025
Guy Pearce
Blog Post

CIO 4.0: Redefining IT Leadership

CIOs and other IT leaders have the opportunity to integrate sustainability into the core of IT operations, accentuating IT’s role as a catalyst for competitive advantage.

13 March 2025
Jamie Norton
Blog Post

Diving In: My First 90 Days on the ISACA Board

Jamie Norton, the newest addition to the ISACA Board of Directors, shares behind-the-scenes insights from his first few months in the ISACA boardroom.

12 March 2025
José David Pino
Blog Post

Challenging CISA Exam Myths: A Non-IT Auditor’s Perspective

José David Pino shares his CISA experience to encourage audit professionals with non-IT backgrounds to embark on the CISA certification journey.

11 March 2025
SheLeadsTech Scholarship Winners Share Visions for the Future
Blog Post

SheLeadsTech Scholarship Winners Share Visions for the Future

SheLeadsTech scholarship winners outline their visions for the future and what the scholarship has meant to them as they work toward entering digital trust professions such as security and GRC.

7 March 2025
Jenny Tan
Blog Post

Let’s Keep the Progress Coming for Women in Tech

ISACA research shows most women are satisfied with their career progression in the tech workforce but there are still areas for more headway to be made.

5 March 2025
Chidambaram Narayanan
Blog Post

When Harry Met SALY: A Love-Hate Story in Audit Risk Assessment

'Same As Last Year' does not cut it for IT auditors looking to successfully adapt to new risks and opportunities.

3 March 2025
Jeff Wade
Blog Post

Achieving Seamless Privacy by Design Through Secure by Design Practices

When organizations approach privacy as a design principle, it drives operational excellence and helps organizations to achieve regulatory compliance.

28 February 2025
Richard Beck
Blog Post

Financial Services Under Threat by Adversarial AI

Adversarial AI—the act of manipulating AI systems to function in unintended or harmful ways—is a growing, overlooked threat that will require updated frameworks in the financial sector.

27 February 2025
Sampa David Sampa
Blog Post

ISACA Career Catalyst Stories: Sampa David Sampa, CISA, IGP

ISACA member Sampa David Sampa, an IT audit professional from Zambia, says ISACA continues to play a central role in shaping his career journey.

24 February 2025
Subrat Mishra
Blog Post

From Theory to Practice: Real-World Risk Management, Starting with Ourselves

Training and development should be a non-negotiable element in developing an effective approach to risk management.

20 February 2025
Jeff Wade
Blog Post

Accelerating Secure by Design by Meeting Teams Where They Are

By focusing on people, sharpening processes, and strategically integrating technology, organizations can achieve security by design and ensure security is embedded in their DNA.

18 February 2025
Eugene Leow
Blog Post

Automating Incident Response: Six Practical Steps for Faster, Smarter Cyber Defense

By prioritizing automation while also relying upon human capabilities, cybersecurity professionals can better contain incidents and reduce the time it takes to effectively respond to them.

17 February 2025
Grant Hughes
Blog Post

Developing a Cyber Strategy and the Seven Pillars of Cyber Resilience

An effective cybersecurity strategy that includes critical pillars of cyber resilience, such as embedding security into the design phase and prioritizing basic controls, can drive business success.

14 February 2025
Keri Bowman
Blog Post

SOX Audit-Ready in Minutes: Streamlined Compliance Reporting

By automating key aspects of the audit process, standardizing reports and producing actionable data, organizations' compliance efforts will go more smoothly.

12 February 2025
Patrick Trierweiler, A-LIGN Senior Consultant
Blog Post

Just Call It a Security Incident

More honesty, accuracy and transparency is needed when it comes to organizations acknowledging and reporting security incidents.

10 February 2025
State of Privacy
Blog Post

Exploring the State of Privacy in 2025

ISACA’s State of Privacy 2025 report delves into the latest trends in staffing, budgets, training and obstacles from more than 1,600 global professionals.

5 February 2025
Chasserae Coyne
Blog Post

COBIT: A Practical Guide for AI Governance

To keep up with the speed of business, organizations need to move fast to stay competitive and improve their market share.

4 February 2025
Mary Carmichael
Blog Post

Five Ways for Risk Professionals to Work More Efficiently in 2025

Work smarter, not harder.” It’s a simple idea, but in risk management, it’s a game-changer.

31 January 2025
Erik Prusch
Blog Post

Kicking off 2025 with a New Mission and Vision

Input from members and chapter leaders around the world are reflected in ISACA's new mission and vision statements, which includes emphasis on how members will be supported throughout their career journeys.

29 January 2025
New CCOA Fills Gap in Technical Cybersecurity Credential Offerings
Blog Post

New CCOA Fills Gap in Technical Cybersecurity Credential Offerings

The new Certified Cybersecurity Operations Analyst (CCOA) credential is designed for security professionals with two or three years of experience who aspire to be information security/cybersecurity analysts and related roles.

29 January 2025
Maman Ibrahim
Blog Post

Positioning DORA Compliance as a Strategic Advantage for Digital Trust and Operational Excellence

If approached properly, the Digital Operational Resilience Act (DORA) can be a strategic tool to help organizations solidify operational continuity and earn stakeholder trust.

28 January 2025
Melanie Wijeratna
Blog Post

ISACA Career Catalyst Stories: Melanie Wijeratna, CISM | PROSCI

ISACA member Melanie Wijeratna draws inspiration and motivation from her father's life as she advances her career journey in cybersecurity.

27 January 2025
Chidambaram Narayanan, Chartered Accountant, CISA, Azure Cybersecurity Architect Expert (SC-100)
Blog Post

Don’t Let Excuses Hold You Back: Ten Reasons Why the CISM Certification is Worth the Effort

The Certified Information Security Manager (CISM) certification consistently ranks among the most sought-after credentials in cybersecurity.

23 January 2025
Duane Gran
Blog Post

Reframing the Way Organizations Think About Privacy

ISACA’s State of Privacy 2025 report highlights trends in the industry around staffing, collaboration and increasing demands on privacy teams.

21 January 2025
Julie Chatman
Blog Post

Words Matter: Why Zero Trust Needs a New Name

Zero Trust has become a leading cybersecurity approach but the term itself can be counterproductive in organizations' efforts to gain buy-in from business stakeholders.

17 January 2025
RV Raghu, Past Board Director, ISACA, and director of Versatilist Consulting India Pvt. Ltd
Blog Post

Leveraging AI for Enterprise Innovation

RV Raghu previews his ISACA Virtual Conference session in which he will explore ways in which enterprises can leverage artificial intelligence for innovation and how they can best approach their AI initiatives

16 January 2025
Jason Lau Blog
Blog Post

Artificial Intelligence in the Boardroom: ISACA’s Approach to AI and Cybersecurity

How ISACA’s board is providing oversight around artificial intelligence’s impact on ISACA and its global membership.

14 January 2025
Megan Hall
Blog Post

Five Ways to Make Better Use of Emerging Technology in the New Year

When it comes to making better use of artificial intelligence and other emerging technology, having consistent processes for staying informed and measuring risk can go a long way.

10 January 2025
Neil Harper
Blog Post

Five Ways Security Professionals Can Start the New Year Strong

By enhancing engagement with enterprise leadership and better anticipating key cyber risks, security professionals will be on their way to a great year ahead.

9 January 2025
Onur Korucu
Blog Post

Five Ways Privacy Professionals Can Start the New Year Strong

Privacy professionals must embrace change in the evolving technology and regulatory landscape, turning risks and opportunities alike into drivers of their organizations' success.

8 January 2025
Ramona Ratiu
Blog Post

Five Ways Risk Professionals Can Start the New Year Strong

Identifying and leveraging reliable information sources is a useful starting point for risk professionals looking to solidify their good practices for the year ahead.

7 January 2025
Patrick Trierweiler, A-LIGN Senior Consultant
Blog Post

Five Ways Audit Professionals Can Start the New Year Strong

A fresh start for IT auditors in 2025 is possible, but closing out lingering loose ends from last year likely requires attention before embracing the clean slate.

6 January 2025
Rui Feng Isaac Lee
Blog Post

The Synergy Between Generative AI and IS Audit

Applying Generative AI to the audit profession can be done more effectively when the data involved is examined carefully to ensure its quality is reliable.

3 January 2025
Kushal Walia and Karthik Mahalingam
Blog Post

Leveraging Artificial Intelligence for Enhancing Security and Privacy in Modern Computing Systems

Artificial intelligence can play a significant role in enhancing the security and privacy disciplines, but governance and ethical implications must remain top-of-mind considerations.

31 December 2024
Timothy R. Mcilveene, Ph.D.
Blog Post

Shedding Light on Shadow IT: Aligning Goals for Organizational Success

A disconnect between the goals of the IT team and business units can open the door to the usage of more shadow IT solutions, opening the organization to increased risk.

27 December 2024
Ravikumar Ramachandran
Blog Post

Five Key Priorities for Governance Practitioners in 2025

In the modern technology environment, governance professionals have to be attuned to much more than traditional IT governance principles to stay on top of all that is within their scope.

26 December 2024
Muhammad Usman
Blog Post

Navigating AI in Aviation: A Roadmap for Risk and Security Management Professionals

Considering the especially high security and safety stakes in aviation, risk and security professionals play a crucial role in ensuring that AI technologies in the industry are responsibly deployed.

23 December 2024
Shingi Mushangwe
Blog Post

Four Strategic Priorities for C-Suite Leaders in Big Data Transformation

Data collection, data governance, data architecture and defining success metrics are four aspects to get right when it comes to big data transformation.

19 December 2024
VB Malik
Blog Post

Navigating the Complex Landscape of Large Language Model Security

A multi-faceted approach, including robust model training, is needed to effectively deal with large language model vulnerabilities.

18 December 2024
Donovan Cheah
Blog Post

Post-Quantum Cryptography Preparedness 101

Post-quantum cryptography efforts should focus on what is within practitioners' control to implement in preparing for the arrival of Q-Day.

17 December 2024
Five Takeaways from ISACA’s Tech Workplace and Culture Survey
Blog Post

Five Takeaways from ISACA’s Tech Workplace and Culture Survey

Gender representation in tech, pay gaps, career advancement opportunities and more are explored in ISACA's new Tech Workplace and Culture findings.

16 December 2024
Prabha Anand
Blog Post

Integrating AI with CMMI: Cognizant’s Path to Elevating Excellence

Cognizant is one of the world's leading professional services companies, transforming clients' businesses and operating and technology models for the digital era.

16 December 2024
Gokhan Polat
Blog Post

It’s Time for the Financial Sector to Experience ISACA's Digital Trust Ecosystem Framework

Digital trust is especially critical in the financial sector, where the digital banking ecosystem is expected to operate as intended at all times.

13 December 2024
Chidambaram Narayanan
Blog Post

Batman’s Guide to Mastering Password Management: An IT Auditor’s Perspective

Password management, when handled diligently, is a master class in vigilance, with some parallels that can be drawn directly from the Batcave.

12 December 2024
Alaina Lawson
Blog Post

Security by Design or Default?

Secure-by-Design and Secure-by-Default are not mutually exclusive, and both are important elements in bolstering organizations' security posture.

11 December 2024
Neil Harper
Blog Post

How the ISACA Board and Executive Management Address Cyber Risk

The ISACA Board takes extensive action to understand and address cybersecurity risk while aligning cyber risk management with strategic business objectives.

9 December 2024
Pablo ballarin usieto
Blog Post

AI Ethics: Navigating Different Cultural Contexts

Artificial intelligence ethics comes with plenty of nuance for stakeholders to assess, as explored in a recent Ask Me Anything discussion on ISACA's Engage online community.

6 December 2024
Shamik Kacker
Blog Post

AI Governance: Key Benefits and Implementation Challenges

ISACA's Artificial InteIligence Governance Brief explores how AI governance must be in place throughout the AI lifecycle to achieve its benefits within the enterprise business strategy and to minimize AI risks.

5 December 2024
CPE Opportunities
Blog Post

CPE Credit Opportunities: How to Earn Your Annual Continuing Education

Webinars, conferences, volunteering and the ISACA Journal are just a few of the CPE opportunities available through ISACA to fulfil end-of-year requirements and plan ahead for 2025.

2 December 2024
John de Santis
Blog Post

The Role of the Chair vs. CEO

The Board Chair and CEO both have distinct responsibilities to drive ISACA forward yet extensive collaboration and communication between the two is critical.

27 November 2024
Rob MacDonald
Blog Post

The Arrival of CMMC: Positioning Your Company for Success

The long-awaited arrival of the Cybersecurity Maturity Model Certification (CMMC) presents an opportunity for professionals to position their organizations as go-to resources for CMMC guidance and compliance.

25 November 2024
CA. Ratan Singh Tanwar, CISA, DISA, FAFD, Managing Partner- Tanwar Ratan Singh & Associates CA. Firm, Chartered Accountant
Blog Post

User Access Review Verification: A Step-by-Step Guide

Conducting a User Access Review Verification ensures that only authorized individuals are able to access an organization's key systems and data.

21 November 2024
Chirag Joshi
Blog Post

ISACA Career Catalyst Stories: Chirag Joshi, Founder and CISO, 7 Rules Cyber

On his way to success as an author, entrepreneur and cybersecurity leader, Chirag Joshi has turned to ISACA for credentialing, community and thought leadership.

20 November 2024
Luigi Sbriz
Blog Post

Adding Value with Risk-Based Information Security

It is achievable to manage multiple control frameworks at the same time, with the effort of managing only one.

18 November 2024
Krishan Bagla
Blog Post

A Simplified Approach to Cost-Effectively Boost Security Around Digital Crown Jewels

Cybersecurity teams can protect their crown jewels more effectively by following a few critical steps and by collaborating effectively with business units and enterprise leadership.

14 November 2024
Maureen O’Connell
Blog Post

Inside the Audit Committee: Roles, Responsibilities and Qualifications

Our Notes from the Boardroom blog series continues with a detailed look at the role and responsibilities of ISACA's audit committee.

13 November 2024
CrowdStrike Panel Explores Lessons Learned from Massive Outage
Blog Post

CrowdStrike Panel Explores Lessons Learned from Massive Outage

An ISACA conference panel dissected the massive CrowdStrike incident, dissecting what went wrong and lessons learned to help avoid similar incidents in the future.

11 November 2024
Keith bloomfield deweese
Blog Post

Machine Learning Knowledge Looms Large at a Time of Accelerated AI Transformation

New ISACA courses in machine learning will prepare practitioners to better understand the lifecycle of machine learning projects, large language models, neural networks, and more,

8 November 2024
Donovan Cheah
Blog Post

How Geopolitics Affects Cybersecurity Risk: A Primer

The geopolitical landscape can have a major impact on cybersecurity risk and provide alternate motivations for cybercriminals to the financial ones for which defenders tend to be more attuned.

6 November 2024
Tatum Crisp
Blog Post

ISACA Career Catalyst Stories: Tatum Crisp, ISACA Auckland Chapter President

Tatum Crisp pursued ISACA chapter leadership to grow her communication and leadership skills, and the experience has paid even greater dividends than she anticipated.

5 November 2024
Ulrika Dellrud
Blog Post

The EU AI Act is Here: What You Need to Know and Do

Many different layers of compliance requirements are taken into consideration within the EU AI Act, including various AI use cases and models.

1 November 2024
Dhaval Deepak Joshi, CISA, CDPSE
Blog Post

Navigating the New Frontier: Mastering ESG Audits in Modern Business

Environmental stewardship, social responsibility and governance integrity represent three critical components of ESG audits.

31 October 2024
Patrick Barnett
Blog Post

What Type of Person Will Make a Good Cybersecurity Professional?

Beyond their technical know-how, effective cybersecurity professionals tend to have a range of other characteristics, such as adaptability, integrity and curiosity.

29 October 2024
RV Raghu, Past Board Director, ISACA, and director of Versatilist Consulting India Pvt. Ltd
Blog Post

Behind the Scenes with Adam Grant: The Opportunity of a Lifetime

A recent ISACA Member-Exclusive Speaker Event with Adam Grant presented new mindsets and approaches that can help professionals unlock more enjoyment and creativity in their work.

25 October 2024
Thomas Phelps
Blog Post

Approaching Risk, Compliance and Security Through a Consistent Lens with Enterprise Training

ISACA enterprise trainer Thomas Phelps shares his perspective on how group training can help brings teams together and collectively uplevel their knowledge and performance.

24 October 2024
Osman Azab
Blog Post

How the Emerging Technology Landscape is Impacting Cybersecurity Audits

Embracing continuous auditing and focusing on risk-based approaches are among the ways to effectively deal with the increasing complexity of cybersecurity audits as the emerging technology landscape continues to evolve.

22 October 2024
John de Santis
Blog Post

Introducing the Chair’s Fellowship Program

ISACA's new Chair's Fellowship Program provides awardees with the opportunity to gain board leadership skills and become well-versed in best practices for a high-performing board.

21 October 2024
Karen Franklin
Blog Post

ISACA Career Catalyst Stories: Karen Franklin, Director, Compliance Analytics with Discover Financial Services

Karen Franklin, ISACA member and participant in the Mentorship Program, calls pursuing her CISA certification 'one of the most pivotal decisions' she made along her career journey.

18 October 2024
Daniil Karp
Blog Post

A Proactive, Continuous Approach to Automated Compliance

Automation and a compliance by design approach can empower organizations to build a more secure, compliant and efficient IT environment.

16 October 2024
Celebrating ISACA’s Cybersecurity Month Scholarship Recipients
Blog Post

Celebrating ISACA’s Cybersecurity Month Scholarship Recipients

Recipients of the ISACA Foundation's Cybersecurity Month scholarships share their aspirations for making their mark on the cybersecurity profession.

14 October 2024
John de Santis
Blog Post

Our Day in Court

ISACA prevailed in a recent court ruling, which will free up more time and resources to put the focus back where it belongs: on delivering value for members and certification-holders.

14 October 2024
Christian Have
Blog Post

Is NIS2 In Danger of Becoming a Paper Tiger?

NIS2 is intended to improve cybersecurity resilience, but to reach its potential, there will need to be real consequences for organizations that are simply going through the motions.

10 October 2024
Jim Lamadrid
Blog Post

From Failure to Fulfillment: My Journey in Attaining the CRISC

Eight key takeaways that helped one CRISC-holder improve upon his first exam attempt and reach his goal of attaining CRISC certification.

8 October 2024
John de Santis
Blog Post

Ready to Be a Board Director? Here are 12 Things You Should Know

Being an ISACA board director is much more than an honorary role, and requires expertise in a range of areas, including a strong command of global strategy.

7 October 2024
Ejona Preci
Blog Post

ISACA Career Catalyst Stories: Ejona Preci, CISO, Lindal Group

Ejona Preci, a Germany-based CISO, says she has met 'true powerhouses' through ISACA that have helped accelerate and enrich her career journey.

3 October 2024
Alex Holden
Blog Post

Choosing Your Cybersecurity Path

Building a successful career in cybersecurity can be a smoother process by identifying organizations with healthy security culture, avoiding monotonous tasks, embracing continuing education and showing an ability to learn from failure.

2 October 2024
Jenai Marinkovic
Blog Post

The Hidden Culture Crisis and Human Burden Undermining Cybersecurity Resilience

The cybersecurity industry is facing a growing internal crisis that is not rooted in technology or external threats but in the culture underpinning our current workforce.

1 October 2024
Surya Prakash
Blog Post

The Importance of Establishing an Open-Source Ingestion Policy to Mitigate Threats

Open-source software can lead to many benefits while simultaneously introducing security risks, creating the need for a substantive open-source ingestion policy.

30 September 2024
Maximizing Usage and Trust of AI: Insights from ISACA China Hong Kong Panel
Blog Post

Maximizing Usage and Trust of AI: Insights from ISACA China Hong Kong Panel

The ISACA China Hong Kong Chapter recently featured a panel exploring how organizations can make artificial intelligence more trustworthy and more effective.

27 September 2024
Abdelelah Alzaghloul
Blog Post

Cyber Resilience: What Shawshank Teaches Us About Security

A focus on prevention alone was not sufficient in The Shawshank Redemption and it is similarly not going to do the job in building successful, modern security programs.

26 September 2024
Empowering Europe's Digital Future: How ISACA Contributes to Building Cyber Resilience and Digital Trust
Blog Post

Empowering Europe's Digital Future: How ISACA Contributes to Building Cyber Resilience and Digital Trust

ISACA just published its Vision Paper on “Empowering Europe’s Digital Future with Cyber Resilience, Competitiveness and Digital Trust.

26 September 2024
Sergio Tringali
Blog Post

Shaping the Future of Digital Trust and Cybersecurity Policy: How ISACA Contributes to the UK

ISACA’s UK Vision Paper 2024: A manifesto for bridging the UK’s digital skills gap and improving cyber resilience.

25 September 2024
Jack Freund
Blog Post

From Theory to Action: Building a Strong Cyber Risk Governance Framework

Knowing your organization's risk appetite is the first step toward effectively integrating cyber risk quantification into an organization's cyber risk governance.

23 September 2024
Erik Prusch
Blog Post

A Career Journey You Won’t Want to Miss

Joining ISACA means not only becoming better equipped to succeed in your current job, but also for future opportunities throughout your career journey.

18 September 2024
Anthony Pacilio
Blog Post

Leveraging Neurodiversity: Strategic Advantages in GRC

Recruiting and nurturing neurodiverse talent is a winning strategy for organizations looking to enhance their GRC and cybersecurity capabilities.

16 September 2024
Maria Koslunova
Blog Post

Data Governance for AI: It Starts and Ends with Data

Understanding the relationship between artificial intelligence and data is critical for organizations as they increasingly leverage AI in their business operations.

13 September 2024
Chidambaram Narayanan
Blog Post

The Curious Case of the Complacent Commercial Chief: An Internal Auditor's Challenge

Internal auditors are not always met with open-minded attitudes from key stakeholders, but they can break down resistance by taking the right approaches.

12 September 2024
Vaibhav Malik, Global Partner Solution Architect, Cloudflare
Blog Post

AI and Risk Management: A Strategic Guide for CIOs and CISOs in Financial Services

Artificial intelligence is having a large impact on the risk landscape in the financial sector, underscoring the need for AI governance frameworks and thorough AI risk assessments.

11 September 2024
Mukta Sharma
Blog Post

Cybersecurity Compliance Essentials: Balancing Technical and Non-Technical Skills

Technical acumen can be valuable in working toward cybersecurity compliance, but non-technical elements also play a significant role in achieving compliance.

9 September 2024
Abigail Bada
Blog Post

ISACA Career Catalyst Stories: Abigael Bada – Founder, Fortini Tech

ISACA’s Career Catalyst Stories showcase how members have been supported by ISACA throughout all stages of their careers. Today, we profile Abigael Bada, founder, Fortini Tech.

6 September 2024
Jayakumar Sundaram
Blog Post

The Never-ending Quest: Why Continuous Monitoring is Crucial for Cybersecurity

Systematically analyzing threats from the beginning of the design phase enables practitioners to build security into systems in time to make a difference amid a difficult threat landscape.

4 September 2024
muneeb-imran-shaikh-blog
Blog Post

Preventing the Storage Limitation Principle from Becoming an Elusive Dream

Strengthening approaches to retention of personal data can lead to more business resilience, reducing risk of personal data exposure and sharper operational efficiency.

3 September 2024
Alex Sharpe
Blog Post

The Often-Forgotten Organizational Dimensions of Resilience and Digital Trust

Bits don't know borders, meaning emphasis on building digital resilience and digital trust is paramount in this era to protect organizations and their reputations.

30 August 2024
Matthew Moog
Blog Post

DORA Compliance: Navigating the New EU Regulation

New regulations such as the Digital Operational Resilience Act (DORA) are intended to improve risk management and make operational resilience easier to attain.

28 August 2024
chris dimitriadis
Blog Post

NIS2 Directive: Strengthening Public Cybersecurity and Infrastructure Across Europe

The European Union’s NIS2 Directive will align key cybersecurity practices throughout the EU, increasing member-states' ability to prevent cyber incidents and lessen their impact.

26 August 2024
Richard Clapton
Blog Post

Top GenAI Success Stories for Risk and Assurance Professionals, and the Crucial Caveats You Need to Know

Generative AI comes with several promising applications for audits and risk professionals, who also must be mindful of the environment in which they are working and diligently steer clear of potential AI pitfalls.

22 August 2024
Jay Hira Blog
Blog Post

ISACA Career Catalyst Stories: Jay Hira, Director, Cyber Security – Financial Services, KPMG Australia

ISACA member Jay Hira has moved from continent to continent for various job roles, but finds his relationship with ISACA to be a constant wherever his career has taken him.

20 August 2024
C. Warren Axelrod
Blog Post

‘Cyberpandemic’ Strikes a Crowd

The recent Crowdstrike incident underscored the need to reduce complexity and limit risky interdependencies to avoid widespread outages.

19 August 2024
Daniil Karp
Blog Post

A Journey Through Integrated Risk Management

When assembling the elements needed for a successful integrated risk management program, organizations should start with their end goal in mind.

16 August 2024
Manoj Patel
Blog Post

The Role of AI & Generative AI in Integrated Risk Management

The risk management space is undergoing big changes driven by the rise of artificial intelligence, resulting both in promising advancements and significant potential pitfalls.

14 August 2024
Meghan Maneval
Blog Post

For Better AI Governance, Begin with Education

AI governance expert Meghan Maneval shared best approaches for more effective AI usage on the enterprise landscape in a recent Ask Me Anything discussion on ISACA's Engage platform,

12 August 2024
Chidambaram Narayanan
Blog Post

From Chapter Engagement to Global Inspiration: How ISACA Muscat Ignited My Spark

Engagement with local ISACA chapters can be a springboard to further success both within and beyond the ISACA professional network.

8 August 2024
Donovan Cheah
Blog Post

An Introduction to Post-Quantum Cryptographic Risks

Post-quantum cryptography algorithms will increasingly become a focal point for organizations as quantum computing makes strides forward.

7 August 2024
Steven Sim
Blog Post

Overcoming the Shortcomings of Modern Authentication

An ISACA white paper examining authentication challenges in the deepfake era identifies challenges organizations face and methods that can overcome them.

5 August 2024
Brian Vasquez
Blog Post

Navigating the Modern CISO Landscape: Practical Strategies for Cybersecurity Success

Focusing on robust communication, keeping current with the regulatory landscape and aligning with key business objectives are among the approaches that can set modern CISOs up for success.

1 August 2024
Jeimy J. Cano
Blog Post

How Boards of Directors Can Better Prepare to Lead on Cyberrisk

Board directors need to be aware of key cybersecurity-related strategies and investments and make sure they are aligned with the organization's risk appetite.

30 July 2024
Larry Marks
Blog Post

Cyber Resilience Through More Effective Design

There is a saying that I expect many have heard before: “How do you eat an elephant”? “One bite, one part at a time.”

26 July 2024
Geetha Murugesan
Blog Post

AI Ethics and Why It Matters

Artificial intelligence ethics considerations must be top-of-mind for organizations when leveraging AI as trust, bias, security, privacy and other important elements should not be overlooked.

24 July 2024
Sarah Katz
Blog Post

The Risk of Malicious Push Notifications in Augmented Reality Apps

Push notifications in augmented reality applications carry overlooked risks, and app developers should help mitigate them by working closely with privacy and legal experts

22 July 2024
Larry G Wlosinksi
Blog Post

How to Merge AI and Robots Responsibly

When it comes to merging AI and mobile robots, standards, guidance and testing are critically important to ensure that developers and other key players in the ecosystem are operating responsibly.

19 July 2024
Shingi Mushangwe
Blog Post

Three Ways for Enterprise Leaders to Make Technology Transformations More Successful

Clear scope, vetting vendors carefully and retaining key resources can position organizations for success in technology transformation projects.

17 July 2024
anna-johannson
Blog Post

Why So Many Organizations Underestimate Insider Threats

Insider threats remain overlooked by many organizations even though they are potentially more devastating than many incidents coming from external attackers.

15 July 2024
Hakan Kantas
Blog Post

Unlocking the Power of Digital Trust: Exploring ISACA’s Digital Trust Ecosystem Framework

ISACA's Digital Trust Ecosystem Framework provides organizations with the guidance needed to build and maintain trust with customers and other organizational stakeholders.

12 July 2024
Zechariah Oluleke
Blog Post

The Looming Threat of Unsecured IoT Devices: A Deep Dive

A secure Internet of Things ecosystem demands a multi-faceted approach, including specialized security solutions and layered defense mechanisms.

10 July 2024
Abigail Bada
Blog Post

Empowering Women in Technology: ISACA’s Commitment to Bridging the Gender Gap

Through the ISACA Scholarship Program and the Digital Trust Workforce Inclusion Program, the ISACA Foundation helps to create equitable access to education, training, and career opportunities.

8 July 2024
Chidambaram Narayanan
Blog Post

Ten Pivotal Moments in an Internal Auditor's Career

Learning to navigate disagreements, adapting to emerging technology and keeping up to date on key regulations are among many pivotal factors in an internal auditor's career success.

3 July 2024
CCOA Beta Program Equips Cybersecurity Professionals for Early-Career Success
Blog Post

CCOA Beta Program Equips Cybersecurity Professionals for Early-Career Success

ISACA's new Certified Cybersecurity Operations Analyst (CCOA) credential prepares early-career cybersecurity professionals for a range of in-demand roles in the field.

28 June 2024
Jayakumar Sundaram
Blog Post

ISO 27001 Shines Bright As a Beacon of Trust

The ISO 27001 Risk Assessment is not just a standard or certification; it can serve as a beacon of trust for a range of stakeholders.

27 June 2024
David Kliemann
Blog Post

Building an AI Risk Management Program: A Security & Audit Team Perspective

Implementing trustworthy artificial intelligence requires enterprises to put in place a solid governance structure and a comprehensive framework of controls.

25 June 2024
Poonam Gupta
Blog Post

European Union Artificial Intelligence Act: An Auditor’s Perspective

Organizations will need to identify the needed audit and governance resources and skill sets in order to make implementation of the EU AI Act successful.

24 June 2024
Mathura Prasad
Blog Post

Navigating the Challenges of Cybersecurity in the Modern Data Landscape

With exponential growth in data, addressing the related privacy, risk and security implications on the data landscape needs to be a top priority for digital trust professionals.

20 June 2024
Megan Hall
Blog Post

Governance Key to Taming Evolving Risk Landscape

The risk landscape continues to transform, highlighting the need for cross-functional collaboration, leveraging of frameworks and effective third-party risk management.

18 June 2024
Alex Holden
Blog Post

Security Professionals Face Big Challenge in Evolving Ransomware Landscape

The shifting ransomware landscape places responsibility on security professionals to keep pace with new attack types and trends that are especially targeting vulnerable industries.

17 June 2024
Richard Marcus
Blog Post

Managing AI’s Transformative Impact on Business Strategy & Governance: Strategies for CISOs

Gain a firmer handle on AI risks, controls design, needed detection and monitoring capabilities, and best practices for AI implementations.

14 June 2024
Chidambaram Narayanan
Blog Post

The Numbers Whisper, But Stories Captivate: Rethinking Audit Communication

Auditors need to go beyond the cold, hard facts and incorporate time-tested storytelling methods to make their reports resonate more deeply with stakeholders.

11 June 2024
Victor Fang
Blog Post

AI for Auditors: Challenges and Opportunities for Career Advancement

An ISACA training course on AI for auditors explores categories of AI algorithms that auditors will encounter, relevant regulations, how to audit third-party AI dependencies and more.

10 June 2024
Chetan Anand
Blog Post

More Responsible Data Usage Through Privacy-Enhancing Technologies

ISACA's new white paper on privacy-enhancing technologies describes popular PETs, explores regulatory perspectives for using PETs for compliance and provides examples of how the technologies are being used.

6 June 2024
Wojciech Misiura
Blog Post

A Toolkit to Facilitate AI Governance

ISACA's AI Audit Toolkit helps auditors to verify that artificial intelligence systems meet needed benchmarks for governance and ethical responsibility.

4 June 2024
George Goodwin and Karen Franklin
Blog Post

ISACA Member Finds Newfound Career Optimism Through Mentorship Program

ISACA member George Goodwin credits his ISACA Mentorship Program mentor, Karen Franklin, with giving him the confidence and encouragement he needed at a critical juncture of his career.

3 June 2024
Divya Aradhya
Blog Post

Security-as-Code: A Key Building Block for DevSecOps

Security-as-Code can ensure that key security protocols and good practices are automated and integrated directly into all components of the software development lifecycle.

31 May 2024
Password Hygiene: The Present and Future State
Blog Post

Password Hygiene: The Present and Future State

Best practices for password hygiene remain fluid as many professionals eye a future where passwords will no longer be a fixture on the security landscape

30 May 2024
Neil Lappage
Blog Post

Bridging the Digital Trust Gap: An Urgent Imperative

Organizations that do not prioritize building digital trust open themselves up to significant business and reputational risks, as underscored by ISACA's 2024 State of Digital Trust research.

29 May 2024
Five Key Takeaways from the 2024 RSA Conference
Blog Post

Five Key Takeaways from the 2024 RSA Conference

The growing influence of artificial intelligence on the security landscape was top of mind for many presenters and attendees at the recent 2024 RSA Conference.

28 May 2024
Rethinking Cybernetics: Why and How
Blog Post

Rethinking Cybernetics: Why and How

When it comes to the looming arrival of quantum computing, the creation of a new Turing machine will be the necessary starting point.

24 May 2024
C. Warren Axelrod
Blog Post

AI AIn’t Human

Many of the guardrails that exist in the context of human thinking are not in place for artificial intelligence, which presents a range of significant challenges.

23 May 2024
Veronica Rose
Blog Post

Are We In Control of Our Digital Lives?

Technology is neither inherently good or bad, but it can be addictive, and digital trust professionals have a role to play in countering the harms that can result.

21 May 2024
Chandrasai D.
Blog Post

Unlocking Digital Transformation in Pharma: A Least-Vendor Approach with the 3A-3C Framework

A least-vendor strategy can bring big benefits to organizations as they undergo digital transformation projects that otherwise can become complex and strain resources.

17 May 2024
Samuel Zaruba Smith, Ph.D.(c)
Blog Post

Solving the First Conversation Problem in AI

Solving The First Conversation Problem in AI can go a long way toward companies having greater impact in leveraging the promising technology.

16 May 2024
Guy Pearce
Blog Post

The Benefits of National Digital Health in a Short Story

When properly designed and implemented, patient-centric digital healthcare brings transformative potential to healthcare patients around the world.

14 May 2024
Chidambaram Narayanan
Blog Post

Navigating the AI Maze: An IT Auditor’s Guide Utilizing ISACA’s Digital Trust Ecosystem Framework

ISACA's Digital Trust Ecosystem Framework helps auditors and other digital trust professionals ensure that AI is implemented in a way that strengthens the organization and inspires trust with stakeholders.

13 May 2024
Patrick Trierweiler, A-LIGN Senior Consultant
Blog Post

The $8,000 SOC 2 Conundrum

While the typical cost of a standard SOC 2 audit is going down, the skill level required for auditors to effectively perform them is increasing.

10 May 2024
Meghan Maneval
Blog Post

A Pathway to an Actionable AI Governance Roadmap

A new ISACA course on artificial intelligence governance can help professionals learn to design, develop, implement and monitor trustworthy AI within their organization.

8 May 2024
Meghan Maneval
Blog Post

A Better Path Forward for AI By Addressing Training, Governance and Risk Gaps

New ISACA survey data on artificial intelligence realities show that companies need to ramp up training and policies to deal with emerging risks from the powerful technology.

7 May 2024
Gokhan Polat
Blog Post

Unlocking AI’s Potential: How COBIT Can Guide Your Business Transformation

The COBIT framework can help organizations implement artificial intelligence more responsibly and in ways that ultimately will create more value for the enterprise.

2 May 2024
2023 Annual Report
Blog Post

2023 ISACA Annual Report Shows How ISACA is Fueling Future

The 2023 ISACA Annual Report provides updates on ISACA's finances, leadership and important progress made throughout the year by ISACA's global community.

30 April 2024
Han Jumashov
Blog Post

Three Reasons Why You Should Not Wait to Take the CISA Exam

There are several benefits for rising IT auditors to take the CISA exam even before they have the full years of experience required to complete their certification.

29 April 2024
Aleksei Panov
Blog Post

Performing an ATM Security Audit

In preparing for an ATM security audit, auditors will need to prioritize understanding core governance and business processes impacting ATM management.

26 April 2024
Sushila Nair
Blog Post

ISACA Award-Winner Embraces Shared Vision for Safer Digital World

Sushila Nair, ISACA Technology for Humanity award-winner, sizes up the intersection of technology and humanity and what drew her to the cybersecurity field.

24 April 2024
Prathibha Muraleedhara
Blog Post

The Need For AI-Powered Cybersecurity to Tackle AI-Driven Cyberattacks

Artificial intelligence can help security professionals counter the threats from cyberattacks that also are increasingly boosted by AI.

23 April 2024
Noelle Pickler
Blog Post

Volunteer Appreciation Week: ISACA Volunteers Share Their Stories

ISACA volunteers share their motivations and career benefits they have received through their volunteer activities.

22 April 2024
Daniel Liebau, Affiliate Faculty Member Singapore Management University and Roland Schwinn, Adviser
Blog Post

Vanity Gone Rogue: The Rise of Exploits Targeting Custom Blockchain Addresses

The Vanity Address Attack is an under-the-radar automation capable of confusing blockchain users and opening the door to digital fraud.

19 April 2024
Chidambaram Narayanan
Blog Post

Audit Career Insights: Letter to My Younger Self

Embracing change, drawing inspiration from others and staying curious are among the recipes for success and longevity in the audit profession.

18 April 2024
Ravikumar Ramachandran
Blog Post

Evolving Threats to Cloud Computing Infrastructure and Suggested Countermeasures

Cloud misconfigurations and insecure APIs are among the major threats to cloud computing infrastructure that need to be remediated.

16 April 2024
Brandon Burns
Blog Post

When it Comes to Controls, It’s the Little Things That Matter

Getting certain foundational, baseline control requirements right, including a tailored approach to risk management, benefits organizations of all types.

12 April 2024
Punit Bhatia
Blog Post

How Will AI Impact Our Jobs in Digital Trust Fields?

Artificial intelligence can be a constructive force on the jobs landscape, especially for those in digital trust professions, with the right approach and commitment to ongoing learning.

10 April 2024
Mark Thomas
Blog Post

DTEF Takes Center Stage in ‘Ask Me Anything’ Conversation with ISACA Hall of Famer

Digital Trust Ecosystem Framework expert Mark Thomas recently shared his perspective on DTEF and digital trust during an Ask Me Anything conversation on ISACA's Engage community.

8 April 2024
Matthew Henshaw
Blog Post

Why You Should Get Your CRISC

The evolving risk and technology landscapes has made the knowledge and expertise of the CRISC credential all the more valuable for risk practitioners.

4 April 2024
Luiz Claudio Diogo Reis, CISA, CRISC, CDPSE, COBIT 5 & 2019 Certified, Marcos Sêmola, CISM, CIPM, CDPSE, PCI/DSS, ISO27k LA, IAPP Vanguard Award LA 2023 and Paulo Sergio Pagliusi, Ph.D. in Information Security - RHUL, CISM, C|CISO, LA7799
Blog Post

Addressing Artificial Intelligence Threats and Risks from the Board of Directors Perspective Using COBIT 2019

The COBIT framework can be useful for enterprises as they look to responsibly operationalize and govern artificial intelligence.

2 April 2024
Tamim Ahmed
Blog Post

The Struggle of IT Risk Management in Micro, Small and Medium-sized Enterprises

Limited resources, misaligned priorities, lack of awareness, complexity of IT ecosystems and regulatory pressures are among the factors that make risk management especially challenging for small and medium-sized enterprises.

29 March 2024
Brian Gallagher
Blog Post

Shaping the Future with CMMI

The 2024 CMMI Conference will spotlight recent updates and improvements that position the CMMI community for increasingly high impact.

28 March 2024
Exploring the Cyber Commander’s Role in Enhancing Cybersecurity Governance
Blog Post

Exploring the Cyber Commander’s Role in Enhancing Cybersecurity Governance

The ISACA China Hong Kong Chapter contributed to a panel discussion with a focus on the potential impact of cyber commanders in the security governance ecosystem.

27 March 2024
milova_omolara_shih_quinland-blog
Blog Post

Meet ISACA’s Women’s Month Scholarship Winners

ISACA Foundation Women's Month Scholarship Award winners share their motivations and future ambitions for making their mark on digital trust professions

26 March 2024
keith-bloomfield-deweese
Blog Post

Get Grounded in AI

A new ISACA resource on artificial intelligence provides valuable insights applicable both to those beginning their journeys in AI as well as those with knowledge and experience.

25 March 2024
Maosen Cai
Blog Post

How to Instill a Culture of Data in Internal Audit Function

Asking the right questions and meaningfully addressing business challenges through analytics can set internal auditors on the right path toward establishing a culture of data

20 March 2024
Patrick Trierweiler, A-LIGN Senior Consultant
Blog Post

Quick Scoping: How to Easily Frame Your Environment from a Compliance Lens

Lessons learned from theft prevention in a retail environment have surprising relevance when it comes to compliance and access management.

19 March 2024
Marcel den Hartog, CGEIT, Trend & Innovations Expert at Enable U in The Netherlands
Blog Post

Why AI Might Not Make the Best Coding Buddy

The information you upload in a public AI engine is public domain from the moment you press enter: what are the consequences for IT and corporate governance?

15 March 2024
Daniil Karp
Blog Post

How AI Is Transforming Audit, Risk and Compliance

Whether optimizing coverage in your compliance program, identifying similar risks across various business units or seeking more efficient risk management, AI-driven insight can help to connect the dots.

14 March 2024
BInita Patel
Blog Post

The Symbolic Dance: Exploring the Role of AI in Cloud Computing

The convergence of artificial intelligence and cloud computing offers big opportunities for organizations alongside potential security and privacy risks.

11 March 2024
Noelle Pickler
Blog Post

Refreshed Mission, Renewed Energy Around SheLeadsTech Program

ISACA's SheLeadsTech program has a refreshed focus and renewed commitment to offering expanded opportunities for women to make their mark on digital trust professions.

8 March 2024
Tara Kissoon
Blog Post

Countering Identity Takeover Incidents

Protecting individuals' identities in the aftermath of a privacy incident begins with important communication from banking, credit, government and employment organizations.

5 March 2024
Mark Thomas, president of Escoute Consulting, Greg Witte, CISM, Security Engineer and Cybersecurity Instructor, and Rolf von Roessing, partner & CEO at Forfa Consulting
Blog Post

Digital Trust Ecosystem Framework a Valuable Complement to COBIT, Other Frameworks

The Digital Trust Ecosystem Framework and COBIT work well in tandem, with each playing a significant role in allowing organizations to build a stronger foundation for success.

4 March 2024
Oleksii Baranovskyi
Blog Post

ISACA Award-Winner Stands at Crossroads of Theoretical and Practical

Oleksii Baranovskyi, of Ukraine, recipient of the ISACA Educational Excellence Award, is proud to simultaneously be a security professional and an educator.

29 February 2024
Jayakumar Sundaram
Blog Post

Harmony in Cyberleadership: Navigating the Gen Z Rhythm

Cybersecurity leaders should be mindful of the composition of their security teams, including common characteristics of Gen Z cyber professionals, when devising their approaches to leadership.

28 February 2024
Mukta Sharma
Blog Post

Third-Party Termination: Understanding Technology and Information Security Risks

Mitigating the technology and information security risks from terminating third parties calls for organizations to formulate nuanced security strategies.

27 February 2024
Pablo Ballarin Usieto
Blog Post

Fallout from Viamedis, Almerys Attack Does Not End with the Data Leak

A major breach in France reinforces the need for sharpened security practices and the overarching imperative to drive toward strengthening digital trust.

26 February 2024
A Cybercriminal is Sentenced. Will It Make a Difference?
Blog Post

A Cybercriminal is Sentenced. Will It Make a Difference?

Ransomware often targets small-to-medium enterprises, so security teams need to take action to be more prepared for this potentially devastating line of attack.

23 February 2024
Ali Pabrai
Blog Post

CMMC: A Global, Resilient Cyber Supply Chain Standard

The Cybersecurity Maturity Model Certification standard helps businesses to examine their computing ecosystem and enhance capabilities for stronger supply chain resilience.

22 February 2024
Shini Menon
Blog Post

Broad, Regulatory Frameworks Needed to Responsibly Harness AI

As regulatory frameworks for the AI era continue to evolve, governments around the world will need to find a shared sense of purpose and collaborate on the best way forward.

21 February 2024
Ravikumar Ramachandran
Blog Post

The Key Steps to Successfully Govern Artificial Intelligence

Accounting for key characteristics of trustworthiness and considering perspectives from a range of stakeholders are among the needed ingredients to strengthen AI governance.

19 February 2024
Chidambaram Narayanan, Chartered Accountant, CISA, Azure Cybersecurity Architect Expert (SC-100)
Blog Post

Eight Things NOT To Do When Preparing for the CISA

Avoiding these light-hearted 'tips' for preparing for the CISA exam will put you in better position for a successful exam-day experience.

16 February 2024
Jessica Burnett
Blog Post

The Digital Trust Game-changer: Get Ready for the Digital Trust Ecosystem Framework

Trust reigns supreme in this digital era. And as technologies like AI revolutionize industries, the importance of trust continues to skyrocket.

15 February 2024
Jagdish Mohite
Blog Post

The Surge in AI Development: Boon or Bane

Responsible development of artificial intelligence that recognizes the need for a balance between AI and human capabilities is the path to ensure the powerful technology's good outweighs the bad.

14 February 2024
Ricky Hamilton
Blog Post

Auditing Social Engineering: A Practical Approach

By asking the right questions around people, processes and technical controls, auditors can gather the evidence and documentations they need to successfully audit social engineering.

13 February 2024
Ramona Ratiu
Blog Post

Securing the Future: Enhancing Cybersecurity in 2024 and Beyond

Prioritizing comprehensive cybersecurity strategy in support of overarching enterprise goals can position enterprises for success, even amid challenging threat and regulatory environments.

12 February 2024
RV Raghu, Past Board Director, ISACA, and director of Versatilist Consulting India Pvt. Ltd
Blog Post

AI and Patents: More Questions Than Answers

Court rulings that AI cannot be granted patents provided needed short-term clarity but there are still many open questions about how AI should be viewed in legal, ethical and practical contexts.

9 February 2024
Guy Pearce
Blog Post

Digital Proficiency: Not Only for Individuals

Technology-minded countries around the world can learn a lot from Rwanda, which, despite limited resources, has become a digital benchmark through an impressive set of initiatives and ingenuity.

6 February 2024
Divya Aradhya
Blog Post

Threat Modeling and Secure-By-Design Applications

Identifying the flows, assets and vulnerabilities are among the key building blocks when threat modeling for software applications.

5 February 2023
Jo Stewart Rattray
Blog Post

Taking Action to Create a Future Where AI Benefits Us All

Artificial intelligence is a human creation that reflects the people who developed it, meaning we must guard against humans' shortcomings and biases resulting in AI furthering inequality and other societal harms.

2 February 2024
Jay Hira
Blog Post

Global Experts Weigh in On Australia’s ‘Six Cyber Shields’ – Sharing Insights on Achieving a Safe Digital World

Global cybersecurity practitioners share their perspectives on Australia's new cyber shields strategy to provide more robust protection of digital assets in the coming years.

31 January 2024
ookeditse-kamau
Blog Post

‘Just for Control’: the True Power of Controls

Ill-designed controls can waste organizations' time and resources, so make sure implementing controls is more than just a power move.

29 January 2024
Nina Bryant and Susana Esteban
Blog Post

Responsible AI Governance in Traditional and Emerging Ecosystems

Organizations implementing artificial intelligence into their operations will need strong governance in place to ensure transparency and trust in their AI usage.

25 January 2024
Anthony Oteri
Blog Post

Executing A Well-Executed Risk and Control Self-Assessment

When executed properly, risk and control self-assessments become enablers for organizations to more effectively navigate the risk management landscape.

24 January 2024
Valerie Lyons
Blog Post

The Top 10 Things Every Cybersecurity Professional Needs to Know About Privacy

As the intersection between cybersecurity and privacy increases, security professionals can benefit from gaining a solid understanding of core privacy terminology and privacy principles.

22 January 2024
Nandita Rao Narla, Head of Technical Privacy and Governance at DoorDash
Blog Post

Privacy in Practice: Dissecting the Global Trends That are Shaping the Profession

Challenges on the privacy landscape can be successfully addressed through upskilling, privacy by design principles and solid training and awareness programs.

18 January 2024
Noelle Pickler
Blog Post

Mentorship: The Missing Ingredient in Your 2024 Goals?

The ISACA Mentorship Program has proven to be rewarding for mentors and mentees alike, allowing for valuable connections to propel ISACA members' careers to new heights.

17 January 2024
Ravikumar Ramachandran
Blog Post

Post-Quantum Cryptography: Are We Ready for Q Day?

Focusing attention on understanding and building confidence in post-quantum cryptography now can save the security community major problems in the years to come.

16 January 2023
Sergio Tringali
Blog Post

Nurturing Responsible Innovation: ISACA’s DTEF Recognized for Advancing Trust in AI Environments

ISACA’s Digital Trust Ecosystem Framework (DTEF) empowers organizations to build and sustain digital trust in the age of artificial intelligence and other impactful technological advancements.

12 January 2024
Luigi Sbriz
Blog Post

Modeling Identity Trust

An identity system based on trust in a third party could better protect personal data and improve trust throughout the digital ecosystem.

10 January 2024
Erik Prusch
Blog Post

ISACA’s Exciting 2024 is Underway

New ISACA digital trust resources, thought leadership, and upcoming events, both in-person and virtual, are among the coming attractions in 2024 for the ISACA community.

8 January 2024
Hakan Kantas
Blog Post

Workforce Resilience: A Critical Asset for Organizations in Today’s Dynamic World

Promoting a culture of ongoing learning and upskilling is part of the equation for organizations looking to develop a more capable and resilient workforce

5 January 2024
Grant Hughes
Blog Post

Building a Great Security Operations Center

Defining and articulating a clear strategy for a security operations center (SOC) will make it much more likely that organizational leaders and other key stakeholders will support the SOC on an ongoing basis.

4 January 2024
Carol Lee
Blog Post

The Intersection of Change Management and Cybersecurity: A Paradigm Shift in Protection

Given its focus on human behavior in an organizational change context, change management can lead to a fresh and valuable perspective on cybersecurity

2 January 2024
Kristi Hedges
Blog Post

Cultivating a Culture of Inspiration: ISACA’s Member-Exclusive Speaker Series

Kristi Hedges, a Fortune 500 leadership coach and author, shared her perspective on how to inspire others during the ISACA Member-Exclusive Speaker Series.

29 December 2023
Greg Shieds
Blog Post

Supporting Privacy, Security and Digital Trust Through Effective Enterprise Data Management Programs

Organizational silos, poor data quality and improper data storage are among the challenges enterprises need to overcome to build effective data management programs and strengthen digital trust.

28 December 2023
ISACA Award Winner
Blog Post

ISACA Award Winner Advocates for ‘Life or Death’ Matter of Information Management

Castlepoint Systems, an Australian organization focused on data protection, compliance and risk management, was recognized with the 2023 ISACA Innovative Solutions Award.

27 December 2023
Adam Kohnke
Blog Post

Top Management Considerations for Zero Trust

A new zero trust audit program from ISACA can help organizations transition from traditional network security architectures to ones that are better equipped to handle the modern threat landscape.

26 December 2023
Ravikumar Ramachandran
Blog Post

API Security: An Internal Auditor’s Quick Reference

Effective usage of Application Programming Interfaces (APIs) calls for diligence in related security controls and audit considerations.

21 December 2023
phoenix-defense-case-study
Blog Post

Significantly Improving Security Posture: A CMMI Case Study

Adopting CMMI has led to performance improvements across the board for Phoenix Defense, including a significant reduction in network attacks.

20 December 2023
Brian Levine
Blog Post

Protecting Your Organization from Cybersquatting

Registering and trademarking your internet domain, and monitoring for registrations with confusingly similar domain names, are among the ways organizations can protect themselves from cybersquatting.

19 December 2023
How Business Leaders Can Responsibly Embrace Generative AI
Blog Post

How Business Leaders Can Responsibly Embrace Generative AI

A Forbes article by Phillimon Zongo lays out how enterprise leaders can help their organizations responsibly leverage generative artificial intelligence.

18 December 2023
Guy Pearce
Blog Post

Five Things for Governance Professionals to Put on Their 2024 To-Do List

In an era of increased complexity, formalizing data governance frameworks and data management protocols should be increasingly top-of-mind for governance professionals.

15 December 2023
Gary Carerra
Blog Post

Five Things for Privacy Professionals to Put on Their 2024 To-Do List

Gaining a better understanding of fast-evolving privacy regulations is a good starting point for privacy practitioners who are looking to position themselves for success in 2024.

14 December 2023
Sandeep Godbole
Blog Post

Five Things for Cybersecurity Professionals to Put on Their 2024 To-Do List

Incorporating artificial intelligence capabilities and sharpening the ability to architect security solutions in cloud settings can help cybersecurity professionals thrive in 2024.

13 December 2023
Mary Carmichael
Blog Post

Five Things for Risk Professionals to Put on Their 2024 To-Do List

Embracing the role risk management can play in supporting the strategic growth of the business is among the items risk professionals should place on their 2024 to-do lists.

12 December 2023
Veronica Rose
Blog Post

Five Things for Audit Professionals to Put on Their 2024 To-Do List

Prioritizing upskilling, participating in mentoring programs and authentic engagement with stakeholders are among the approaches that can get IT auditors off to a good start in 2024.

11 December 2023
Glenda Suarez Cabrera
Blog Post

Secure Software Development Lifecycle Cannot Achieve its Purpose Without Third-Party Risk Management

Treating security as a core element of the design, build and implementation of software products takes intentional action, and understanding the impact that third parties play in achieving the desired level of product security is a step that not everyone is prepared for.

8 December 2023
Vishal Sharma
Blog Post

Adapting Leadership for the Changing Technology and Cybersecurity Landscapes

The increasing prominence of technology in today's digital ecosystem calls for different approaches to organizational leadership, including creating an environment where innovative mindsets are encouraged.

7 December 2023
Liz Fosslien and Molly West Duffy
Blog Post

The Leadership Benefits of Emotional Fluency and Vulnerability: ISACA’s Member-Exclusive Speaker Series

A recent installment of the ISACA Member-Exclusive Speaker Series focused on vulnerability and managing emotions in a workplace and leadership context.

6 December 2023
Ramona Ratiu
Blog Post

The Essentiality of Cybersecurity for Small Businesses: Applying Zero Trust Principles

Applying zero trust principles can be every bit as essential for smaller businesses to protect themselves as for large enterprises.

5 December 2023
John de Santis
Blog Post

Diverse, Experienced Board a Must for ISACA to Be at its Best

Nominations and applications are being accepted for the ISACA Board of Directors for the 2024-25 term

4 December 2023
Dalitso Tony Phiri
Blog Post

The Yellow Brick Road to Certifications: ISACA’s Mentorship Program and Exam Success

Finding a mentor through ISACA's Mentorship Program can help certification candidates on their path toward passing their exam, among a range of other benefits.

1 December 2023
How to Create a Healthy Security Culture
Blog Post

How to Create a Healthy Security Culture

Incentivizing reporting, collaborating on solutions and reframing teaching points in positive fashion are all elements that can improve an organization's cybersecurity culture.

30 November 2023
Naomi buckwalter
Blog Post

The Benefits of Hiring Entry-level Cybersecurity Professionals

Many organizations are reluctant to hire relatively inexperienced people for cybersecurity roles but that approach is often misguided, according to recent ISACA Ask Me Anything expert Naomi Buckwalter.

29 November 2023
Emily Bastedo and Sergio Tringali
Blog Post

ISACA Advocacy Partnering with Policymakers to Work Toward More Trustworthy Digital Ecosystem

The ISACA Advocacy team spent recent months engaging with influential policymakers, with a focus on bolstering the cybersecurity workforce and creating a healthier digital ecosystem.

28 November 2023
Karen Heslop
Blog Post

ISACA Advisory Groups Help Shape Programs

A range of volunteering opportunities through ISACA provide professionals meaningful opportunities to strengthen the profession while also earning CPE credits.

22 November 2023
Alex Townsend
Blog Post

My Journey to Cybersecurity and My Route to ISACA’s ITCA Certification

A journey to prepare for ISACA's ITCA credential was not without its challenges but ultimately proved to be transformative.

22 November 2023
Susan Snedaker
Blog Post

Renovating Healthcare IT (or any IT): Building the Foundation for Digital Transformation

Modern systems, architectures and technologies, in addition to staff expertise in cloud, hybrid and on-premise solutions, are all important for organizations aiming to digitally transform, but getting there often requires an IT renovation.

20 November 2023
Carol Lee, CISM, CRISC, CDPSE, C|CISO, CCSP, CEH, CIPM, CSSLP; Terence Law, CISA, CFA, CISSP, CPA, Certified Banker; Tom Huang, CISA, PMP, Prince2; Lanis Lam, CISA, AWS (SAP), CPA
Blog Post

New Measures in Mainland China for Generative AI and Implications for Global AI Governance

New measures on generative AI in Mainland China have substantial implications for the evolution and use of generative AI not only in China but elsewhere around the world.

17 November 2023
Noam Koriat
Blog Post

Incorporating Agile Audit: Practical Tips

Establishing clear expectations and customizing the approach are among the steps that can facilitate a successful Agile audit implementation.

16 November 2023
Tak Wah Kwan
Blog Post

Navigating Security Threats with IT Inventory Management

An efficient, current IT inventory is a foundational component of effective IT management and puts an enterprise in position to better leverage threat intelligence.

14 November 2023
Wilson Tang
Blog Post

Using Machine Learning to Help Detect Sensitive Information

Leveraging machine learning has enabled Adobe to detect categories of sensitive documents and put in place automated real-time detection and response to properly flag any detected documents.

13 November 2023
abigael-bada
Blog Post

Sustainability in Emerging Technologies: A Focus on Blockchain, AI

Implementations of artificial intelligence, blockchain and other emerging technologies should be done with sustainability considerations in mind.

10 November 2023
Vanessa Revilla
Blog Post

Raising Security Awareness in Cross-Cultural Work

In an increasingly complex and global security landscape, chief information security officers need to be in regular contact with the board and other key enterprise stakeholders to drive effective security culture and collaboration.

9 November 2023
Luigi Sbriz
Blog Post

Is the CIO Just an IT Manager?

In a time when the rapidly evolving technology landscape is recalibrating business models, the CIO must balance internal IT activities with those that are outsourced, and map the needed controls accordingly.

7 November 2023
Anuj Choudhary, Risk and Forensics Professional, CA, CFE, CISA, CISM, CS and Mary Carmichael, CRISC, CISA, CPA, Member of ISACA Emerging Trends Working Group
Blog Post

DogeRAT: The Disturbing Malware Disguised as Your Favorite Apps

DogeRAT malware reinforces the growing sophistication and multi-faceted nature of cyberthreats, through its camouflage techniques, social engineering components, and its ability to imperil privacy and financial security.

6 November 2023
Scott Fogarty
Blog Post

Cyber Advisors, Security Services Providers Can Use Zero-Sum Game Theory Framework to Benefit Clients

The zero-sum game theory is worth considering for organizations, who should rethink the costs they face relative to the cybercriminals that often inflict damage without taking on any real risk.

3 November 2023
Benjamin Bartz
Blog Post

IT Risk and IT Audit: A Partnership

Providing leadership with pertinent data can go a long way toward building support for the cross-functional collaboration between the audit and risk functions that can put organizations in a much stronger position to succeed.

2 November 2023
Digital Trust World
Blog Post

ISACA's Digital Trust World Europe Conference

ISACA's recent Digital Trust World conference in Dublin, Ireland, featured timely expert insights on digital trust, artificial intelligence, security, risk, digital ethics, and more.

1 November 2023
Aaron Turner IANS Faculty, and Shannon Lietz Founder and CEO of ThirdScore
Blog Post

Sizing Up Some of the Spookiest Cybersecurity Incidents of 2023

2023 has been another frightful year on the cybersecurity landscape - explore some of the most perilous incidents and what security professionals can learn from them

31 October 2023
mwangi-bunde-rajarathna
Blog Post

Saluting ISACA Foundation's Cybersecurity Month Scholarship Winners

ISACA Cybersecurity Month Scholarship recipients share what motivated them to pursue careers in cybersecurity and how they see their futures in the field taking shape.

27 October 2023
realigning-goals-enterprise-training
Blog Post

Re-aligning Employees to Strategic Goals with Enterprise Training

An ISACA enterprise training instructor provides insights on some of the main benefits of team trainings and how enterprise training can enable organizations to elevate their performance.

26 October 2023
Raef Meeuwisse
Blog Post

ISACA AI Survey Results: What Do Infosec Professionals REALLY Need to Know?

It is quite hard to find quality information about artificial intelligence (AI) right now, especially when it comes to how AI should and is being approached in the field of cybersecurity. Thankfully, ISACA has just completed a survey of thousands of members of the global infosec and digital trust community.

25 October 2023
Alan Gouveia
Blog Post

Risk Quantification 101: The Fundamentals to Getting Started

Tapping into existing risk data can enable organizations to build the needed infrastructure to put in place an effective cybersecurity risk management process.

24 October 2023
Collaborative Mindset Change from Compliance to Risk
Blog Post

Collaborative Mindset Change from Compliance to Risk

Transitioning from a compliance-based focus to a risk-based approach is useful as enterprises aim to best align resources in the modern business and regulatory environments.

23 October 2023
Ignatius Ravi
Blog Post

Best Practices for Navigating Emerging Technologies: My Journey as an Auditor

Proactively learning about emerging technologies and understanding them in a business context can go a long way toward making auditors more effective in their engagements.

20 October 2023
Ranjit Bhaskar
Blog Post

In Cybersecurity, to Err Is Human, But to Err for No Reason Is a Shame

Organizations would be well-served to be more intentional about designing systems and processes with human factor engineering in mind, lessening the probability of people making mistakes that lead to cybersecurity incidents.

19 October 2023
Hakan Kantas
Blog Post

Proactive IT Risk Management in an Era of Emerging Technologies

As emerging technologies and new business models transform the business landscape, the need for proactive risk management practices should be top of mind for enterprise leaders.

17 October 2023
Joseph Cortese
Blog Post

How Cybersecurity Best Practices are Evolving to Manage Ongoing Threats

Regular penetration testing and a culture of proactive threat analysis and management can help organizations evolve their cybersecurity programs in a difficult climate for cyber defenders.

16 October 2023
Steven Sim Kok Leong
Blog Post

Quantum-Resistant Cryptography Not a Matter of ‘If’ but ‘Right Now’

Establishing crypto-agility should be a major priority for organizations as advancing quantum computing capabilities are changing the paradigm of the threat landscape.

13 October 2023
Guy Pearce
Blog Post

Data Management Proficiency: Practical Insights for Quality, Security and Trust

Evaluating quality, security and trust in the context of emerging technologies and current business practices is critical for organizations to have effective data management and governance.

12 October 2023
Simona Rollinson
Blog Post

CMMI Offers New Credentialing Pathway and Enhanced Flexibility, Resources

New CMMI credentialing pathway aligns with ISACA’s tools, systems and best practices.

11 October 2023
Scott Fogarty
Blog Post

Victory by Surveillance Isn’t Possible—To Win, Engage the Adversary

Traditional approaches to cybersecurity have not been enough to protect companies, so it's time to make attackers face real consequences for their malicious behavior.

10 October 2023
jenai-marinkovi
Blog Post

The Shifting Importance of Soft Skills in a Time of AI Systems, Large Language Models and Global AI Regulations

Integrity, decision-making capabilities, communication and other so-called 'soft skills' should not be overlooked in organizations' ongoing efforts to bolster their cybersecurity teams.

9 October 2023
Mary Carmichael
Blog Post

Beyond Barbie’s Dreamhouse: Navigating Glass Barriers in the Tech Workforce

Many of the themes that made the Barbie movie so resonant are also relevant to the tech workforce, where underrepresentation from women and minority groups remains a major liability.

6 October 2023
Future of Technology
Blog Post

IT Certification: A Powerful Career Catalyst

IT, cybersecurity, privacy, risk, audit and related digital trust professionals are looked to for the latest knowledge and insights on the impacts of emerging technology; however, they must have reliable resources to ensure they have updated and accurate information about these topics.

5 October 2023
Sarantos Kefalas
Blog Post

How To Comply with Multiple Security Standards and Frameworks

Complying with every standard or requirement in the current regulatory environment is no easy task, but implementing a global information security management system can provide a sound foundation.

4 October 2023
Kane Porter
Blog Post

Common Privacy Dark Patterns and Ways to Improve Digital Trust

ISACA’s Eliminating Deceptive Privacy Practices white paper explores what dark patterns are in a privacy context and what organizations should do to address these trust-eroding tactics.

2 October 2023
Jason Lau
Blog Post

State of Cybersecurity 2023: Navigating Current and Emerging Threats

ISACA's 2023 State of Cybersecurity report shows substantial workforce challenges remain and brings into focus the skills and backgrounds that are most heavily in demand.

2 October 2023
Naomi buckwalter
Blog Post

Six Things DevOps Wants from InfoSec

By working more openly and intentionally with developers, information security professionals can build a strong relationship that will be a win-win situation for all involved.

28 September 2023
The Career-Elevating Impact of CISA
Blog Post

The Career-Elevating Impact of CISA

CISA credential-holders share how becoming CISA-certified has shaped their career advancement and made them more effective in their roles

27 September 2023
Binita Patel
Blog Post

Lessons Learned from Microsoft’s Massive Data Exposure Incident

The need for meticulous cloud configurations was among several key takeaways in the aftermath of the recent data breach involving Microsoft AI researchers.

26 September 2023
David Sampa
Blog Post

Are AI Chatbots a Weak Security Link?

Enterprises increasingly are making use of AI chatbots, but related security risks and the potential to undermine customer trust when they do not function as intended must be accounted for.

25 September 2023
Tarnveer Singh
Blog Post

How to Mitigate Emerging Technology Risk

Understanding the business strategy and conducting risk assessments are among the building blocks for successfully mitigating enterprise risk from emerging technology.

21 September 2023
Dina Numan, Head of Advanced Governance and Management Services, ScanWave C.T.S. COBIT Lead Assessor, ITIL, CDPSE, CRISC, and Dr. Ramzi Sunna, Chairman, Founder, ScanWave C.T.S. PCI DSS QSA, BSI ISO LA, LI, ISACA CRISC, ISACA CDPSE ISACA COBIT Lead Assessor
Blog Post

Achieving Digital Trust Through IT Governance and Cybersecurity

Developing a cybersecurity strategy and governance program that supports digital trust provides a solid starting point for organizations seeking to strengthen their trustworthiness.

20 September 2023
Salary Premiums Reflect IT Skills in Hot Demand
Blog Post

Salary Premiums Reflect IT Skills in Hot Demand

Skills associated with ISACA's Information Technology Certified Associate credential are in-demand, as reflected by pay premiums for several of the skills covered by the certification.

19 September 2023
Scott Gould
Blog Post

The Secrets to Successful Engagement: ISACA’s Member-Exclusive Speaker Series

In a recent installment of ISACA's Member-Exclusive Speaker Series, Scott Gould shared insights on audience engagement, creating a welcoming community and more.

18 September 2023
ShanShan Pa
Blog Post

Balancing the Risks and Rewards of AI

Many enterprises understandably are taking a cautious approach when it comes to establishing their approach toward artificial intelligence, but delaying on meaningful action comes with its own set of risks.

15 September 2023
Kayne Mcgladrey
Blog Post

What to Know About the SEC’s New Disclosure Requirements

New disclosure requirements from the Securities and Exchange Commission likely will leave cybersecurity, risk and compliance professionals in the US with some key questions that need to be addressed.

14 September 2023
Alina Archibald, CISA, CITP, CPA, and Josh Ditto, CC, CISSP
Blog Post

Subservice Organization Controls Management

Not all vendors are subservice organizations, whose operations have a clear impact on the organizations with which they collaborate.

13 September 2023
Examining the Effectiveness of Recent Privacy Laws on Big Tech
Blog Post

Examining the Effectiveness of Recent Privacy Laws on Big Tech

While the United States does not have a comprehensive privacy regulations like the EU does with GDPR, there are signs that more mature privacy policy is beginning to take shape that could limit the harms from data misuse by big tech companies.

12 September 2023
Thomas Bell
Blog Post

Internal Auditing with an Agile Scrum Approach

By utilizing an Agile Scrum approach to internal audit, organizations can empower the audit function for more effective performance.

11 September 2023
Luigi Sbriz
Blog Post

Using Near-Miss Incidents as Risk Indicators

Oftentimes organizations fail to give risks the proper consideration until it is too late.

8 September 2023
Yoshimasa Masuda
Blog Post

Driving Digital Transformation Through Innovative Solutions and a Practical Framework

Yoshimasa Masuda, Ph.D., CISM, CGEIT, shares the history of his Adaptive Integrated Digital Architecture Framework (AIDAF) for digital transformation from innovative solution to practical framework, and its connections across industries, healthcare and academia.

7 September 2023
Noam Koriat
Blog Post

Nine Practical Tips for Using Internal Audit to Drive Organizational Innovation

Internal auditors can help to spur innovation at their organizations by taking a forward-looking mindset, embracing agile culture and keeping up to date on evolving forces on the technology landscape.

6 September 2023
Allen Ari Dziwa
Blog Post

Governance and Board Oversight Do Matter

Boards of directors have a growing set of responsibilities in today’s business climate, including keeping abreast of evolving technology trends and how the organization is preparing for a growing set of cybersecurity risks.

5 September 2023
Alex Holden
Blog Post

Contending with Artificially Intelligent Ransomware

Artificial intelligence is already impacting the ransomware landscape, with greater potential for AI to significantly impact the pace and complexity of ransomware threats in the near future.

1 September 2023
Muhammad Ali Malik
Blog Post

A Cybertransformation Program to Secure Broadcast Media Networks

Fixed start dates, a skills shortage and insufficient security maturity of broadcast devices are key challenges that broadcast media networks face in securing high-profile broadcasts.

31 August 2023
Sandra Whitehead
Blog Post

Sustainability, Inclusivity and Team Bonding Through Volunteering: CommunITy Day 2023

ISACA’s 2023 CommunITy Day is upcoming on 7 October, and the Auckland, New Zealand, chapter, has a pair of events in its sights, with a focus on sustainability and nature.

30 August 2023
Erik Prusch
Blog Post

Ramping Up for Greater Impact

A laser focus on the products, programs and resources the ISACA community finds the most value from is coming into sharper focus.

29 August 2023
Dooshima Dapo Oyewole
Blog Post

Four Mistakes to Avoid When Taking Your First Certification Exam

By avoiding some common mistakes, certification exam-takers can increase their chances for success on exam day and smooth their path to attaining valuable industry credentials.

28 August 2023
Anuj Choudhary
Blog Post

Cyber Fraud on the India Business Landscape: A Growing Threat

A recent escalation of cyber incidents in India highlight the urgent need for comprehensive, updated cybersecurity strategies on the Indian business landscape.

25 August 2023
anna-johannson
Blog Post

Six of the Best Cybersecurity Blogs

Regularly reading industry blogs can be an entertaining and useful way to keep up to date on the latest happenings and defense techniques on the cybersecurity landscape.

24 August 2023
Diana Calderon
Blog Post

Building a Strong Security Culture for Resilience and Digital Trust

Cultivating a robust security culture can enable organizations to mitigate cyber risk, strengthen trust with customers and sharpen organizational compliance posture.

23 August 2023
ChatGPT and IT Auditing: Opportunities, Threats and Challenges
Blog Post

ChatGPT and IT Auditing: Opportunities, Threats and Challenges

ChatGPT presents opportunities for IT auditors to be more efficient and productive, but a variety of security, privacy and ethical considerations should be addressed as part of auditors' approach

22 August 2023
Robin Lyons
Blog Post

Digital Trust Enhancing Identity Access Management in Cloud Environments

ISACA's Google Cloud Audit Platform Program explores issues of identity and access management, and connection points between cloud audit and digital trust.

21 August 2023
Ron Lear
Blog Post

Four New CMMI Adoption Pieces Available for Community

Several new adoption pieces will enable CMMI to be even more effective at helping organizations across numerous industries rapidly and effectively build capability and improve their performance.

18 August 2023
Jay Hira
Blog Post

You Made the Team, But Are You Really in the Game? Exploring Differences Between Diversity and Inclusion

Diversity, equity and inclusion, when properly prioritized and implemented, can be a major difference-maker in cybersecurity and other fields that struggle with underrepresentation, both in terms of performance and the ability to attract and retain talented professionals.

17 August 2023
The Business Benefits of Becoming an ISACA ATO
Blog Post

The Business Benefits of Becoming an ISACA ATO

By becoming an ISACA Accredited Training Organization, enterprises gain access to a robust community of global learners seeking highly in-demand certifications in fields such as security, risk, IT audit, privacy and governance.

16 August 2023
Richard Marcus, CISA, CRISC, CISM, TPECS and VP, Information Security, AuditBoard and John Volles, CISA, Director of Information Security Compliance at AuditBoard
Blog Post

Compliance and Information Security: Collaborating to Enable the Business

Compliance and information security functions can each make the other stronger, including by collaborating on making business cases and shared budgetary priorities.

15 August 2023
Sumedha Adavade
Blog Post

How to Assess Workplace Culture

Workplace culture can be difficult to measure, but factors such as the organization's risk habits, the tone at the top, attrition rates and employee feedback can provide useful indicators for those charged with assessing culture.

14 August 2023
Wanbil W. Lee
Blog Post

Is ESG Auditable?

Auditing ESG transcends the traditional dimensions of financial efficiency, legal matters and technical effectiveness to deal with increasingly recognized areas of importance such as environmental protection, corporate social responsibility and governance of business behavior.

11 August 2023
Elena Klevsky, Ph.D., CPA, and Melissa Walters, Ph.D.
Blog Post

How Organizations Can Help Auditors Avoid Burnout

Organizations have several measures they can take to help auditors avoid burnout on the job and improve their mental health, including allowing them to focus on the parts of the job that add the most value.

10 August 2023
Neil Lappage
Blog Post

The Role of Deepfake Technology in the Landscape of Misinformation and Cybersecurity Threats

Deepfake technology creates new urgency to revisit and reinforce security protocols, including multi-factor authentication and behavioral biometrics, which can be challenging to replicate.

9 August 2023
Jeimy J Cano
Blog Post

Embracing the ‘Pedagogy of Error’ in Cybersecurity Education

Jeimy J. Cano, the 2023 ISACA Educational Excellence Award for his educational work that empowers students to pursue careers advancing technology, shares his story and motivations in this Q&A interview.

8 August 2023
Josh Hamit
Blog Post

Top 3 Cyberthreats Facing the Financial Sector

Ransomware, supply chain threats and phishing attacks are among the leading cybersecurity challenges faced by organizations in the financial sector.

4 August 2023
Erik Prusch
Blog Post

The More I Learn, the More Excited I Am to be at ISACA

In his first 50 days, new ISACA CEO Erik Prusch has been doing a lot of studying, listening and preparing to gain a deeper understanding of how to best serve the ISACA community in the months and years to come.

3 August 2023
Erika Hamden
Blog Post

Building a New Way to Look at the Universe

Dr. Erika Hamden, the closing keynote speaker at GRC Conference 2023, visits with the ISACA Now blog to share stories from her career, and her passion for science and innovation.

2 August 2023
Patrick Trierweiler, A-LIGN Senior Consultant
Blog Post

What to Do While You Wait for Your CISA, Part 3: 6 Months Forward and the Continuous Game

Having a plan and communicating it to others can set up early-career professionals for success as they prepare to accelerate their career development.

1 August 2023
david-mazula_casper-lamprecht
Blog Post

How to Conquer Your Cloud Governance Maturity Journey

The speed of cloud adoption is continuing to increase. Organizations worldwide are rapidly migrating on-premise IT infrastructure, software and other technology to cloud services. In addition, software solution providers are building native cloud systems and converting existing offerings to the cloud.

31 July 2023
Navigating Digital Transformation While Cultivating a Security Culture
Blog Post

Navigating Digital Transformation While Cultivating a Security Culture

Scott Reynolds, senior director of enterprise cybersecurity at ISACA, and John Richards, head of developer relations at Paladin Cloud, explore the cloud landscape and its impacts on digital transformation.

28 July 2023
John de Santis
Blog Post

ISACA: The Right Place to Do the Right Thing

ISACA’s network of digital trust professionals is uniquely positioned to help organizations around the world do the right thing at a time when “the right thing” is much easier said than done.

26 July 2023
Patrick Trierweiler, A-LIGN Senior Consultant
Blog Post

What to Do While You Wait for Your CISA Part 2: Setting Up Your Foundation for Success

Engaging with a local ISACA chapter, seeking out a professional mentor and pursuing the IT Audit Fundamentals Certificate are among the steps early-career audit professionals can take while waiting until they meet the experience requirements for the CISA.

25 July 2023
Grant Hughes
Blog Post

The Value of Following a Methodical Approach for SIEM Implementation

Despite many organizations having invested in SIEM solutions, data breaches and other cybersecurity impacts continue to wreak havoc on the enterprise landscape.

24 July 2023
Shawn Kanungo
Blog Post

GRC Keynote Speaker: Time to Go Bold

Shawn Kanungo, author and opening keynote speaker at GRC Conference 2023, shares his views on disruptive technologies, innovation and the importance of being bold in this Q&A with the ISACA Now blog.

21 July 2023
Binita Patel
Blog Post

Emerging Cloud Security Threats: Fileless Attacks on the Rise

A sharp climb in fileless attacks has added to the challenge enterprises face in securing their cloud environments.

20 July 2023
CMMI-case-sudy
Blog Post

The Commitment to Continuous Improvement: A CMMI Case Study

ISACA's CMMI maturity model practices have helped Avantare focus on capabilities like ensuring quality, delivering and managing services, sustaining habit and persistence, and more, as a recent case study illustrates.

19 July 2023
Patrick Trierweiler, A-LIGN Senior Consultant
Blog Post

What to Do While You Wait for Your CISA: Part 1, Understanding the CISA and Its Requirements

ISACA’s Certified Information Systems Auditor (CISA) certification requires several years of experience, but there are several steps newcomers to the IT audit and assurance field can take to position themselves for success in the meantime.

18 July 2023
Ramona Ratiu
Blog Post

Strengthening Collaboration for Cyber Resilience: The Key to a Secure and Resilient Organization

Ongoing communication and strong relationships between the security and audit functions can lay an important foundation in an organization's efforts to strengthen its cyber resilience.

17 July 2023
Guy Pearce
Blog Post

From Sci-Fi to Reality: AI At All Stages of Your Career

Artificial intelligence is not just impactful for rising professionals in digital trust fields: AI has an increasingly important part to play at all levels of the career cycle.

14 July 2023
Alex Tray
Blog Post

Top Effective 10 Data Governance Tools

Effective data governance software helps businesses guarantee the availability and safety of their data. However, most data management tools are complex and can require rigorous training to use.

13 July 2023
Stephanie Oyler-Rankin & Shayna Davitt
Blog Post

Compliance Tips for SaaS Startups

SaaS organizations getting started with compliance can benefit from some key tips that will help them successfully navigate the compliance landscape.

12 July 2023
Future of CyberSecurity Assessments
Blog Post

The Future of Cybersecurity Assessments

Data-driven security assessments are gaining momentum and are shaping up to become a valuable component in the future of security assessments.

11 July 2023
Raef Meeuwisse
Blog Post

Decoding AI: Insights and Implications for InfoSec

Artificial intelligence is reshaping the cybersecurity landscape, but considering the technology is clueless in some important ways, humans' capacity for intuition, empathy and understanding remain key components of the equation for effective security.

10 July 2023
Yunique Demann
Blog Post

A New Way to Keep Pace with Privacy

ISACA's Privacy Regulatory Lookup Tool can help practitioners keep pace with a privacy landscape that increasingly is being shaped by new regulations taking effect around the globe.

6 July 2023
Simon Backwell
Blog Post

What Do Cybersecurity Analysts Do?

Cybersecurity analysts work in security operations centers, where they review alerts and logs in search of suspicious activities, among many other tasks to protect the enterprise.

5 July 2023
Rebecca Herold
Blog Post

Protecting Phones, Data, and Your Business from Juice Jacking Risks

Recent warnings about the security risks of using public charging stations, such as at airports, hotels and hospitals, reinforces the value of juice jack blockers and using personal charging devices.

29 June 2023
Chiaka Ben-Obi
Blog Post

Laying the Groundwork for the Future of Girls and Women in STEM

Chiaka Ben-Obi, who earned the 2023 ISACA Technology for Humanity Award for serving as a mentor for young women seeking careers in STEM fields, shares her motivation and vision for a more equitable tech workforce.

29 June 2023
leveraging-technology
Blog Post

Leveraging Technology to Help Enhance Trust in Internal Controls Amid Rising Material Weaknesses and Resource Constraints

The rise of material weaknesses leads to significant risks for enterprises and can diminish trust from key stakeholders. Understanding the causes of material weaknesses is an important precursor to developing the needed mitigation strategies.

27 June 2023
Rachel Botsman
Blog Post

Trust is Not Being Destroyed – Just Changing Form

ISACA Europe Conference: Digital Trust World keynote speaker Rachel Botsman explains why she thinks trust is not being destroyed but rather changing form.

26 June 2023
Ashok Kumar Padmaraju CISM, CCSK, AWS Security Specialist and Six Sigma Blackbelt
Blog Post

Fortifying Zoom Phone Security: A Comprehensive Threat Modeling Analysis

Zoom Phone has emerged as a robust communications tool but utilizing threat modeling and arriving at a better understanding of the attack surface is needed for the tool to reach its potential.

23 June 2023
Building effective defenses
Blog Post

Building Effective Defenses Against Social Engineering

By understanding how social engineering works and developing targeted defenses, cybersecurity practitioners can mitigate this perennially damaging threat.

22 June 2023
David Foote
Blog Post

Pay for ISACA Certifications is on the Rise

Pay for several ISACA certifications in 2023 tells a promising story for certification-holders, according to recent salary data from Foote Partners LLC.

21 June 2023
The Top 5 Benefits of Becoming an ATO
Blog Post

Top Benefits of Becoming an ISACA Accredited Training Organization

ISACA Accredited Training Organizations provide a range of benefits, including increased credibility and access to unique training materials and programs.

20 June 2023
Anuj Choudhary
Blog Post

Ransomware Attacks on the Rise in India: The Need for a Global Culture of Crisis Management

Growing instances of ransomware attacks in India are instructive both of the extent of this threat around the world and the measures that organizations need to put in place to mitigate the risks.

16 June 2023
Nandita Rao Narla, Head of Technical Privacy and Governance at DoorDash
Blog Post

TSA’s Plans to Expand Facial Recognition at Airports: A Privacy Perspective

The advancement of facial recognition technology raises an array of privacy concerns, as underscored by the recent expansion of a program through the US Transportation Security Administration.

15 June 2023
Luigi Sbriz
Blog Post

Using Agile Practices for Internal Audit

The value in modern audit is timely data that can be leveraged to improve operating processes and business continuity, tied heavily to the enterprise risk lifecycle

14 June 2023
Richard Marcus, CISA, CRISC, CISM, TPECS and VP, Information Security, AuditBoard and John Volles, CISA, Director of Information Security Compliance at AuditBoard
Blog Post

IT Risk Assessments: A Process Your CIO or CISO Will Thank You For

Identifying and quantifying risk can be made more straightforward by following six key steps for IT risk assessments.

13 June 2023
Michael Rebultan
Blog Post

Common Cybersecurity Risks to ICS/OT Systems

Organizations need to protect their industrial control and operational technology systems from cyberthreats, including through regular vulnerability assessments, network segmentation and providing ongoing training on cybersecurity best practices.

12 June 2023
Erik Prusch
Blog Post

Join Me in Welcoming ISACA CEO Erik Prusch!

Erik is the right person to lead ISACA into the future. It is clear that he has a values-driven approach, a steady presence, the right vision and a clear focus to take us forward.

12 June 2023
How ATO and Chapter Training Can Help You Pass Your Certification Exam
Blog Post

How ATO and Chapter Training Can Help You Pass Your Certification Exam

ISACA's chapters and Accredited Training Organizations (ATOs) offer prime opportunities for certification candidates to prepare for success on their certification exams.

8 June 2023
An MDDAP Use Case: How a Medical Device Manufacturer Increased Production by 62% and Reduced Staff Turnover by 70%
Blog Post

New Use Case Highlights Promising MDDAP Results

A new case study demonstrates a successful, real-life application of ISACA’s Medical Device Discovery Appraisal Program (MDDAP).

7 June 2023
Disaster Recovery and Business Continuity Preparedness for Cloud-based Start-ups
Blog Post

Disaster Recovery and Business Continuity Preparedness for Cloud-based Start-ups

Business continuity plans for start-up companies prepare them for unexpected events that may disrupt operations and can protect critical data, as well as the company's reputation.

6 June 2023
Mary Carmichael
Blog Post

ChatGPT’s ‘Perfect Storm’: Managing Risk and Eyeing Transformational Change

Organizations looking to make ChatGPT implementations successful need to be mindful of interdisciplinary collaboration that taps technological expertise, regulatory compliance, risk management and operational understanding of the powerful AI chatbot.

5 June 2023
Gopikrishna Butaka
Blog Post

Understanding and Implementing Digital Trust Effectively

As the world has become more hyperconnected and digital interactions between systems, devices and people become more complex and complicated, digital trust has become an increasingly discussed concept.

2 June 2023
Digital Trust as a Differentiator: Insights from ISACA Digital Trust World
Blog Post

Digital Trust as a Differentiator: Insights from ISACA Digital Trust World Panel

A recent ISACA conference panel in Boston explored how digital trust can become a competitive advantage and how the entire organization must rally around the concept for trust to be delivered.

31 May 2023
Matthew J Scott
Blog Post

Defensive Programming for Industrial Control Systems

Modern industrial control systems are exposed to the internet, making a proper code environment, defining rule sets and conducting verification increasingly important to protect these critical systems.

30 May 2023
Chandrasai D.
Blog Post

The 3A-3C Approach to Digital Solutions in the Pharmaceutical and Healthcare Sector

The digital health market is expanding, and cost, compliance and user comfort are essential elements to ensure related digital transformations are going to plan.

26 May 2023
Naomi buckwalter
Blog Post

Digital Trust World Conference: A Fabulous Convergence of Security, Emerging Tech and Lobster Rolls

ISACA's Digital Trust World conference in Boston left me excited about the future of the security profession despite many open questions about how AI and other emerging tech will reshape the profession.

25 May 2023
Anamika Roy
Blog Post

Identity as a Service Audit Implications and Best Practices

Identity as a Service can have major implications for audit by dictating the way that organizations manage user identities and access their applications and IT workloads.

23 May 2023
Varun Prasad
Blog Post

Securing an AI Ecosystem: The Next Big Cybersecurity Challenge

As artificial intelligence becomes an increasingly prominent part of our professional and personal lives, security and control protocols must keep pace with the evolving ecosystem.

24 May 2023
Daniel Dobrygowski
Blog Post

Where Does Digital Trust Begin? An AMA with World Economic Forum’s Daniel Dobrygowski

Daniel Dobrygowski, the head of governance and trust for the World Economic Forum, was featured in a recent Ask Me Anything discussion on ISACA's Engage community, with a focus on building digital trust and its key implications in business and civil society.

22 May 2023
Chris Fraker
Blog Post

Five Tips to Prepare for ISACA’s CDPSE Exam

Top CDPSE exam scorer Chris Fraker shares his tips for success and how the certification benefits privacy professionals and their organizations.

17 May 2023
Understanding the Risk of Robotic Process Automation
Blog Post

Understanding the Risk of Robotic Process Automation

Reviewing vendor-provided scripts and testing systems in contained environments are important measures in dealing with risk stemming from robotic process automation.

17 May 2023
Welland Chu
Blog Post

Maintaining Sovereignty in the Cloud: Controlling Your Digital Future

Cloud users' desire for for control over their data calls for digital sovereignty measures in collaboration with cloud providers.

16 May 2023
Todd Harper
Blog Post

Using Tabletops and Simulations to Build Better Incident Responders

Incident simulations can be highly effective at pinpointing gaps in monitoring and detection processes, and better understanding how to go about catching bad actors.

15 May 2023
Steven Sim Kok Leong
Blog Post

Credential Hacking: The Dark Side of Artificial Intelligence

Artificial intelligence is capable of helping cybercriminals crack passwords, but the good news is cybersecurity professionals can leverage AI to fight fire with fire.

11 May 2023
Jon Brandt
Blog Post

Digital Trust: Focus on the Forest Rather Than the Trees

Digital trust does not come about through any one product or technology but increased transparency in how technology is being developed and deployed would be a good starting point to strengthening trust in the digital ecosystem.

10 May 2023
Mark Thomas
Blog Post

Taking Digital Trust from a Lofty Goal to a Measurable Reality

Organizations can turn digital trust into an important competitive advantage, as reinforced by the major takeaways from ISACA's State of Digital Trust 2023 report.

9 May 2023
Marc Randolph
Blog Post

ISACA Virtual Conference Keynoter: Never Lose the Spark of a Startup

Marc Randolph, a national bestselling author, executive mentor, angel investor, and the co-founder and first CEO of Netflix, will be the opening keynote speaker at the ISACA Virtual Conference: Digital Trust World.

8 May 2023
Kilian Truatmann
Blog Post

The Evolution of Cloud Computing and Distributed Ledger Technology

Enterprises need to have significant trust before they can move forward with delegating data control, storage and application execution to cloud providers.

5 May 2023
Embarking on the Journey Toward Digital Trust
Blog Post

Embarking on the Journey Toward Digital Trust

Dealing with adversity in a trustworthy and transparent way can turn a problem into a big opportunity for a company to strengthen its relationship with customers.

4 May 2023
Devharsh Trivedi
Blog Post

Privacy-Preserving Security Analytics

Preserving privacy while outsourcing is a challenge, especially when factoring in considerations such as how to preserve the security and privacy of data at rest.

3 May 2023
Mary Carmichael
Blog Post

Developing Collective Risk Leadership Through CRISC

The interconnected nature of risks in today's environment calls for a holistic approach to risk management, which can be reinforced through the principles of the CRISC credential.

2 May 2023
2022 Annual Report
Blog Post

ISACA’s Digital Trust Vision Highlighted in 2022 Annual Report

ISACA's newly released 2022 annual report highlights the digital trust resources that the organization put forward along with other key organizational progress from the year.

1 May 2023
Ravikumar Ramachandran
Blog Post

The Science of Cybersecurity and its Future Challenges

Cybersecurity is a sub-discipline of computer science and a rigorous scientific approach should underpin the work of cybersecurity leaders and practitioners.

28 April 2023
Kayne Mcgladrey
Blog Post

How the Relationship Between CISOs and Legal Teams is Changing

A closer relationship between CISOs and enterprise legal teams can help CISOs deal with increasing regulatory burdens, how to approach cybersecurity insurance and addressing liability in the event of data breaches.

27 April 2023
Tan Soon Chew
Blog Post

Risk Assessment for Technical Vulnerabilities

Regardless of local regulations, risk assessment for technical vulnerability should supplement an organization’s existing comprehensive security risk assessment, not serve as a substitute.

26 April 2023
Chris McGowan
Blog Post

Pentagon Leak Case Shows that Insider Threats Remain a Prominent Risk

The recent high-profile Pentagon leak in the United States underscores the importance of defending against insider threats.

25 April 2023
Jo Stewart Rattray
Blog Post

United Nations Meeting on the Status of Women Reveals True Gender Parity is Centuries Away

Women across the globe are finding ways to fast-track change and counteract concerning projections for how long it will take to truly erase gender disparities in the tech workforce and society as a whole.

24 April 2023
Sunil Bakshi
Blog Post

Gaining More Than I’ve Given Through ISACA Volunteering

Sunil Bakshi, of India, has relished sharing his expertise and exchanging ideas with members of ISACA's global community through his ISACA volunteer activities.

21 April 2023
Joyce Chua
Blog Post

ISACA Volunteer Starts Slow, Seizes Opportunities to Grow

A self-described introvert, Joyce Chua, of Singapore, says her volunteer activities with ISACA helped her build her speaking and collaborating skill set.

20 April 2023
Chetan Anand
Blog Post

Volunteer Finds Resources He Needs ‘All Under One Roof’

Chetan Anand says ISACA has provided many of the knowledge resources he is looking for "all under one roof," and he gives back through extensive volunteering.

19 April 2023
Julia Hermann
Blog Post

Volunteer Work Provides Fresh Perspectives for InfoSec Professional

Germany-based ISACA volunteer Julia Hermann says her volunteer work with ISACA has exposed her to new perspectives that have furthered her professional growth.

18 April 2023
Han Jumashov
Blog Post

Volunteering Pays Quick Dividends for Recent University Graduate

Han Jumashov has become an active ISACA volunteer after relocating to the United States from Turkmenistan to pursue his university degree and the beginning of his professional career.

17 April 2023
Ramona Ratiu
Blog Post

Award-Winner Creates a Culture of Innovation, Adaptability and Inclusion

ISACA Chicago Chapter President Ramona Ratiu reflects on her recent ISACA Inspirational Leadership Award and shares her leadership goals going forward.

14 April 2023
Mike Hughes
Blog Post

Why Team Training Leads to Big Business Benefits

Enterprise training can ensure team members are aligned in their decision-making and approaches for more effective team performance and communication with stakeholders.

13 April 2023
Patrick Sullivan
Blog Post

How Automation Can Streamline Your Compliance Journey

Usage of compliance automation technology is rising as organizations that implement it experience a range of benefits.

12 April 2023
Gina Yarcone
Blog Post

Interactive Tabletop Scenarios: A Comprehensive Approach to Strengthen and Assess Your Incident Response Strategy

Interactive tabletop scenarios, incorporating gamification, can make a big difference in sharpening organizations' incident response preparedness.

11 April 2023
Ron Lear
Blog Post

CMMI Updates Take Performance Improvements to the Next Level

The latest iteration of the CMMI model includes security, safety, data management, people management, and managing virtual workforce best practices.

10 April 2023
Michael Rebultan
Blog Post

Introduction to ICS/OT Systems and their Role in Critical Infrastructure

Industrial Control Systems/Operational Technology must be understood and secured effectively to avoid potentially disastrous impacts on critical infrastructure.

6 April 2023
Brian Fletcher
Blog Post

How CMMI Cybermaturity Platform (CCP) can help your organization implement Zero Trust

ISACA's new eBook is a free resource to guide you on how to simplify the implementation of a Zero Trust strategy in your organization with the CMMI Cybermaturity Platform (CCP).

5 April 2023
Kim Kaplan
Blog Post

The Exciting Benefits of ISACA’s MDDAP VIP Portal

ISACA's Medical Device Discovery Appraisal Program (MDDAP) Voluntary Improvement Program (VIP) Portal launched to collaborators and stakeholders with exciting features and updates.

4 April 2023
Security Awareness
Blog Post

Security Awareness Training: A Critical Success Factor for Organizations

Reducing chances of a data breach, supporting existing systems and increasing customer confidence are among the leading benefits of effective security awareness training programs.

31 March 2023
Frances Haugen
Blog Post

‘There is Hope’: Facebook Whistleblower Takes On Misinformation, Addresses Digital Trust

Facebook whistleblower Frances Haugen, who will be a keynote speaker at ISACA's upcoming Digital Trust World Boston conference, addresses misinformation and digital trust.

30 March 2023
Samuel Zaruba Smith
Blog Post

Crypto Collapse and Democratizing Auditing

The proliferation of emerging technologies across domains and throughout all layers of an organization is leading to a democratization movement that is not yet well-understood, with IT audit playing a significant part.

29 March 2023
Michelle Dennedy
Blog Post

Insights from a Privacy Jedi

Privacy expert Michelle Dennedy recently shared her insights on emerging privacy trends and key industry challenges in an Ask Me Anything session through ISACA's Engage platform.

28 March 2023
Raef Meeuwisse
Blog Post

The Biggest AI Moment Ever for Cybercrime Just Happened

Cybersecurity professionals, beware: the theft and repurposing of powerful AI models is within cybercriminals' reach, and it could be a game-changer.

24 March 2023
Richard Marcus, CISA, CRISC, CISM, TPECS and VP, Information Security, AuditBoard and John Volles, CISA, Director of Information Security Compliance at AuditBoard
Blog Post

Compliance Automation Journey: Five Steps to Streamline Efforts, Identify Risks, and Improve Team Workflows

When implemented effectively, compliance automation can make a big difference in allowing teams to dedicate their time toward more impactful priorities.

23 March 2023
Luigi Sbriz
Blog Post

Solutions for Digital Identification

While a universal solution for digital identification of internet users might not be realistic, finding solutions that are suitable in various situations is realistic and a worthwhile goal.

22 March 2023
C. Warren Axelrod
Blog Post

A Collaborative Approach to Cybersecurity

Since attackers often benefit from cooperative measures, it only makes sense for organizations to collaborate in their efforts to thwart cyberthreats, even if that has historically proven to be challenging.

21 March 2023
Patrick Trierweiler, A-LIGN Senior Consultant
Blog Post

Five Habits to Make Compliance Smoother for Lean Teams

Smaller organizations might find keeping on top of compliance activities to be challenging but there are several key habits that can help lean teams meet compliance responsibilities without feeling overburdened.

20 March 2023
Guy Pearce
Blog Post

As in Life, Digital Trust Is a Two-Way Street

It is not only organizations that have eroded trust – people have played a role, also, and both people and organizations need to be a part of fixing what is broken.

17 March 2023
Karthik Kaligotla
Blog Post

Software-Defined Networking: The Future of Networking

Software-defined networking provides a modern solution to evolving access challenges that can be problematic for network administrators.

16 March 2023
Top Risks and Rewards of Moving to the Cloud
Blog Post

Top Risks and Rewards of Moving to the Cloud

Enterprises increasingly are moving to the cloud and seeing major benefits along the way, but it is important to weigh those gains against numerous cloud risks that need to be managed.

14 March 2023
Astrid-Bailey
Blog Post

Influencing Security Decisions with Effective Communication

Effective communication makes a big difference in bolstering leadership buy-in for security programs.

13 March 2023
Mark Tarallo
Blog Post

Assessing Culture With Help From the US Surgeon General

The importance of organizational culture is now understood to be a major factor in an organization’s overall success.

9 March 2023
ISACA Foundation
Blog Post

ISACA Foundation Takes Equity Message to White House Office of National Cyber Director

ISACA Foundation recently took its message of equity and inclusion to the White House.

8 March 2023
Muneeb Imran Shaikh
Blog Post

Data Privacy: A Public Policy Challenge

Data privacy is not just about information security, governance or customer trust - it also is a public policy challenge.

7 March 2023
Jouke Albeda
Blog Post

Improved IT Frameworks

Frameworks and IT general control guidance should be reviewed periodically to keep up with industry best practices.

3 March 2023
Frank Downs
Blog Post

LastPass Hack Highlights Importance of Applicable Acceptable Use Policies.

The recent LastPass breach reinforces that Acceptable Use Policies should not be overlooked or underestimated.

2 March 2023
Mohamed Sadat
Blog Post

Five Factors That Turn CISOs into Firefighters

Chief information security officers often find themselves doubling as firefighters - can it be avoided?

1 March 2023
Future of Technology
Blog Post

The Future of Technology Risk

Consider four ways to build stakeholder trust in the technology risk imperative.

28 February 2023
Five Powerful Quotes on the Black Experience in IT
Blog Post

Five Powerful Quotes on the Black Experience in IT

Despite historically being underrepresented in many IT fields, Black professionals have made a huge impact on digital trust disciplines.

27 February 2023
The Competitive Advantages of Privacy and Trust
Blog Post

The Competitive Advantages of Privacy and Trust

Sound practices in managing privacy and emerging technology implementations pays off for enterprises in creating trust with customers.

24 February 2023
Anastasiia Konoplova
Blog Post

Mindfulness Amid the Chaos

Anastasiia of the ISACA Kiev Chapter reflects on the difficult last year and the support the chapter has received from ISACA's global community.

23 February 2023
Patrick Offor
Blog Post

Examining Information Privacy Realities Contradiction Theory

Allowing our information privacy violation tendency to outweigh our protection tendency because of our self-interests can prove problematic to ourselves and others.

21 February 2023
Mary Carmichael
Blog Post

Making Risk Management for Agile Projects Effective

ISACA’s Incorporating Risk Management into Agile Projects white paper provides guidance for conducting risk assessment in an agile project context.

20 February 2023
Five Overlooked Benefits of Having an IT Certification
Blog Post

Five Overlooked Benefits of Having an IT Certification

Some benefits to attaining certifications are obvious but there are many other benefits beneath the surface.

17 February 2023
Tracey Dedrick
Blog Post

Smoothing the Path for an Even Brighter Future for ISACA

ISACA continues to deliver on its digital trust vision while finding new ways to serve its global community.

16 February 2023
Hakan Kantas
Blog Post

Building Resilience with ISACA

Resilience has become top-of-mind throughout the digital trust fields since the pandemic. The ISACA community can be a great place to sharpen resilience on a number of fronts.

15 February 2023
Rupert Brown
Blog Post

Data Protection and Its Impact on the Older Population

Impacts of GDPR and other data protection policies on the elderly population should not be overlooked.

14 February 2023
Tony Bai
Blog Post

FedRAMP for ISVs: How Out-of-Scope Organizations Can Demonstrate Federal Compliance

Some software vendors don’t fall within the scope of FedRAMP and must identify alternate paths to compliance.

13 February 2023
Brian Fletcher
Blog Post

Governance, Processes and Planning: Three Significant Countermeasures to Being Hacked

Governance, processes and planning are three components of cybersecurity management that can address the people vulnerability.

9 February 2023
Kayne McGladrey
Blog Post

Three Key Predictions for 2023: The Year of Risk

The rise in importance of internal risk assessments is among the key trends that could shape the risk landscape in 2023.

9 December 2022
Tamim Ahmed
Blog Post

Major Challenges Ahead for GRC Professionals in 2023

GRC professionals will need to remain attuned to changes impacting the technology, regulatory and security landscapes to be effective in the year to come.

2 February 2023
Sai Mohan and Ranganath Lyengar
Blog Post

Data Protection in Enterprises

Data protection is maturing toward a more holistic approach, with emphasis on meaningful datasets to enterprises and regulations.

1 February 2023
Charles Cresson Wood
Blog Post

Third Party Audit Reports as the New Trust Currency

The compliance audit process can give third parties confidence in an organization’s ability to manage and govern information security and privacy.

30 January 2023
Michael Kelly
Blog Post

Assessing the Risk of Emerging Technology: Will Early Assessments Match Reality?

Implementation of emerging technologies requires organizations to rethink their approaches to risk assessment.

26 January 2023
Ron Lear
Blog Post

CMMI Performance Continues to Impress, Improve

The CMMI Performance Report captures encouraging insights in business capability and performance objectives.

25 January 2023
Neha Sharma
Blog Post

Categorizing and Handling Sensitive Data

Organizations need to be intentional and diligent about how they classify and handle both regulated and unregulated sensitive data.

24 January 2023
Wanbil W. Lee
Blog Post

Recognizing the Hidden Risk and Quantifying Ethical Analysis When Governing Data

Data bias is a hidden risk in data governance. It can creep in during data collection, storage and use, and via applications used by a human or in an AI algorithm created by a human.

23 January 2023
Komitas Stepanyan
Blog Post

Modern Complexities of Cybersecurity

Can an organization be 100% protected against cyberattacks? While trying to answer this question, former US FBI Director Robert Mueller’s words can be considered: “There are only two types of companies: those that have been hacked and those that will be.”

20 January 2023
Abdul Jaleel
Blog Post

ChatGPT and Leveraging Artificial Intelligence in Auditing

ChatGPT is the latest example of how artificial intelligence can make a substantial impact for IT audit professionals.

18 January 2023
Noelle Pickler
Blog Post

ISACA Mentorship Program Galvanizing Connections

The ISACA Mentorship Program is leading to new connections and professional growth around the globe.

17 January 2023
Guy Pearce
Blog Post

Sizing Up the Global State of Privacy

ISACA's Privacy in Practice 2023 report showcases areas for improvement when it comes to executive support, skills and staffing in the privacy field.

17 January 2023
Antonio Rocha
Blog Post

Where Privacy Stands Five Years After GDPR

Five years after the GDPR regulation came onto the privacy scene, there is still much progress to make on the people, process and technology fronts for enterprises to be on sturdier ground.

17 January 2023
Hakan Kantas
Blog Post

How to Ensure Your IT Objectives Align with Organizational Goals

Aligning IT initiatives to overarching enterprise business goals is important and measurable.

12 January 2023
Five Reasons to Make 2023 the Year to Pursue a Certification
Blog Post

Five Reasons to Make 2023 the Year to Pursue a Certification

Validation of knowledge and keeping pace with the fast-moving technology landscape are among the leading motivations to pursue an IT certification in 2023.

11 January 2023
Billy Anglin
Blog Post

Ransomware Looms Large on Third-Party Risk Landscape

Due diligence and sound risk management are essential to help enterprises prepare for ransomware and other threats involving third-party relationships.

10 January 2023
Saravanan Gurumurthy
Blog Post

The Importance of Embedding a Culture of Privacy by Design

Organizations can gain a competitive advantage by taking deliberate measures to implement privacy by design.

9 January 2023
Gaelle Koanda
Blog Post

How I Survive Imposter Syndrome

Dealing with imposter syndrome can be even more challenging for those living and working in countries in which they are not native speakers.

6 January 2023
Guy Pearce
Blog Post

In Search of Great Data Candidates

Identifying the best candidates for data-focused roles can go a long way toward improving an organization's risk profile.

5 January 2023
Jamal Elmella
Blog Post

How Cyber Pathways Can Help Your Career

The Cyber Pathways Framework could have a significant impact in resolving the ongoing skills crisis in the cybersecurity field.

4 January 2022
Ravikumar Ramachandran
Blog Post

The New, Emergent CISO

The CISOs of the future will have to combine a wide range of technical and business skills to rise to the many challenges they will face.

30 December 2022
David Adams
Blog Post

The Main Challenges of Effective Risk Management

Risk management can be a tremendous asset for organizations when the right processes and methodologies are applied to overcome key challenges.

28 December 2022
Information Security
Blog Post

Addressing Selective Compatibility

Today's methods of authentication are likely to become less reliable going forward, making selective compatibility all the more relevant.

22 December 2022
Raef Meeuwisse
Blog Post

Top Cyberattacks of 2022: Lessons Learned

Major 2022 data breaches involving Optus, Uber and Neopets led to many lessons learned for security practitioners and business leaders.

21 December 2022
Ravikumar Ramachandran
Blog Post

The Future of Skills: Preparing for Industry 4.0 and Beyond

Industry 4.0 brings great potential to transform the IT professional landscape.

16 December 2022
Julie Ebersbach and Michael Powers, Ph.D., CRISC
Blog Post

Quantifying the Qualitative Risk Assessment: Using Data to Inform Judgment

The technology field is ripe for quantification support for qualitative judgments.

15 December 2022
Sean Renshaw
Blog Post

All systems are GO!

Enterprises need to shift their mindset from 'cyber incident' to 'crisis management,' especially in an era when ransomware and other threats are present dangers.

14 December 2022
Information Security
Blog Post

Talent Transformation Strategies for Security Leaders to Address the Cybersecurity Workforce Challenges

Investing in a strong security culture and adopting a growth mindset are among the approaches that can help organizations transform their strategy for dealing with cybersecurity talent shortages.

12 December 2022
Kerris Lee
Blog Post

Five Actionable Success Tips for Risk Professionals in 2023

What organizational risks should risk management professionals be sure to keep in mind as we head toward 2023? Kerris Lee provides tips for the new year for risk practitioners.

8 December 2022
Lisa Mckee
Blog Post

Five Actionable Success Tips for Privacy Professionals in 2023

More and more organizations are realizing that privacy programs must be appropriately prioritized and resourced, a reality that will only become more striking in 2023.

7 December 2022
Samantha Hart
Blog Post

Five Actionable Success Tips for Security Professionals in 2023

Creating a personal incident response plan is a good place to start when security professionals consider how they can thrive in 2023.

6 December 2022
Varun Prasad
Blog Post

Five Actionable Success Tips for Audit Professionals in 2023

Looking toward 2023, IT audit professionals will need to increasingly focus on cloud environments and privacy engineering to keep pace with the changing technology and regulatory environment.

5 December 2022
Paul Thompson
Blog Post

Dialing in the Data

Building cyber resilience can be an uphill battle for many organizations given the proliferation of data and the fast-evolving threat landscape.

2 December 2022
Information Security
Blog Post

Achieving Resilience at ASEAN-Japan’s Cybersecurity Capacity Building Centre

Much can be learned from the way the ASEAN-Japan’s Cybersecurity Capacity Building Centre deployed several procedures to reduce the COVID-19 pandemic’s effects on operations.

1 December 2022
Robin Lyons
Blog Post

Identity and Access Management: The Nonhuman View

As digital transformation sweeps across organizations, the technologies that are the foundation of that transformation need access.

30 November 2022
Information Security
Blog Post

Which Cybersecurity Roles Pay the Best?

Cybersecurity talent remains highly in-demand, leading to several roles that command high salaries.

29 November 2022
Ashief Ahmed
Blog Post

Five Mistakes to Avoid When Preparing for a Certification Exam

Avoiding some common mistakes can make for a more successful certification exam experience.

28 November 2022
Cliff Huntington
Blog Post

What Do the ISO 27001 Updates Mean for Your Business?

"After nine years of certifications, ISO has released an updated version for one of the most popular frameworks in the cybersecurity environment."

23 November 2022
Guy Pearce
Blog Post

Digital Native Organizations Are Energizing Organizational Design

Digital native organizations are ahead of the curve when it comes to enabling digital transformation and modernization.

22 November 2022
Dr. Blake Curtis, Sc.D, CISA, CRISC, CISM, CGEIT, CDPSE, COBIT
Blog Post

5G Privacy Implications

Enterprises must consider the risk of 5G adoption on the front end and be proactive about working through potential privacy and security implications.

21 November 2022
Ravikumar Ramachandran
Blog Post

How Knowledge Workers Can Convince Employers to Sponsor IT Certifications and Professional Growth

Employers can support their employees' professional development by sponsoring their professional certifications and providing ongoing training resources.

18 November 2022
Tom Schneider
Blog Post

Applying Enterprise Risk Management to Cyberrisk

The rise of ransomware has increased the stakes for enterprise risk management and cyber risk.

16 November 2022
How to Mature Your Privacy Compliance Program
Blog Post

‘Putting Out Fires’ and Maturing Your Privacy Compliance Program

As privacy regulations continue to take effect, enterprises must mature their privacy compliance programs.

15 November 2022
Sushma Uniyal
Blog Post

Audit Essentials for Driving Efficiency and Value

Each audit has a lifecycle, from planning to execution to conclusion, and each phase in the audit lifecycle requires multiple steps to be executed effectively.

14 November 2022
Tim Liu
Blog Post

The Impact of a Hybrid Workplace on Security

Although the shift to the hybrid workplace has been a sea change for IT and security teams, new advances in security concepts and solutions hold the potential to smooth out the transition.

9 November 2022
Shini Menon
Blog Post

Solving Security and Privacy Concerns in Emerging Technology

Personal data are more exposed than ever in the evolving emerging technology landscape but are often insufficiently protected from being stolen.

7 November 2022
Mark Thomas
Blog Post

Seven Key Steps to Build Digital Trust

The path to stronger digital trust includes key steps such as understanding customer expectations and going beyond checking boxes.

4 November 2022
Information Security
Blog Post

Five Quick Tips for Taking ISACA Certification Exams

ISACA certification-holders share their tips and guidance for success on ISACA certification exams.

3 November 2022
Osama Abbas
Blog Post

A Pilot’s Lofty Goal of Building Trust Through Audit

ISACA member Osama Abbas is a champion for digital trust in his role as head of audit while finding time for his aviation passion in his free time.

2 November 2022
Veronica Rose
Blog Post

Keep Your Dream of Becoming a CISA Alive

Candidates who struggle on their first try to pass the CISA certification exam can still reach their goal with perseverance and some tweaks to their preparation.

1 November 2022
Larry Alton
Blog Post

How to Safely Share Your Business’s Online Videos

Finding the right balance between security and convenience is key for businesses when it comes to sharing their videos online.

28 October 2022
Mike Tomaselli
Blog Post

Finding or Building the Right Framework for Your Organization

Organizations face a challenge in understanding which framework will deliver the most value in an era of increased regulatory and business challenges.

27 October 2022
Jack Freund
Blog Post

Cyber Ratings as Measures of Digital Trust

As the profession of cybersecurity continues to mature, it inevitably will borrow from other disciplines that have developed mature practices. The credit rating profession has much to offer cybersecurity as it attempts to support the overarching need for the creation of digital trust.

26 October 2022
Audit and Assurance
Blog Post

Smarter Testing Equals Safer Digital Experiences

Tighter alignment of testing with the software development lifecycle and better modeling of real-world adversary threats has allowed Adobe to become more DevSecOps-minded in its application security testing.

25 October 2022
Mary Carmichael
Blog Post

Risk Appetite vs. Risk Tolerance: What is the Difference?

By demystifying the risk appetite and risk tolerance terms, it is easier to explain and integrate these concepts within enterprise risk management frameworks.

4 October 2022
Luma Badran
Blog Post

How Risk Transformation Enables Enterprise Success

Risk expert Luma Badran recently led an ISACA Engage community discussion of topics including risk transformation, best practices for the three lines of defense, internal audit, operational risk management and cybersecurity insurance.

21 October 2022
Menny Barzilay
Blog Post

‘Privacy Is Not Dead, But It Is Dying’

Menny Barzilay will be a keynote speaker for ISACA Conference Asia 2022, to take place virtually 16-17 November, presenting on “The Dark Future of Privacy.” Barzilay, an internationally recognized cybersecurity expert and CTO of the Interdisciplinary Cyber Research Center at Tel-Aviv University, recently visited with ISACA Now to discuss privacy mining, deep fakes, digital trust and more.

20 October 2022
Exploring the Relationship Between IT Certifications and Salaries
Blog Post

Exploring the Relationship Between IT Certifications and Salaries

Certifications can have a big impact on IT professionals' salaries and career advancement opportunities.

19 October 2022
Tulika Ghosh
Blog Post

Cloud Governance and Security Imperatives

Organizations that can strike a balance between their strategic objectives and security needs will be well equipped for success in their cloud implementations.

18 October 2022
Michael Argast
Blog Post

The Cybersecurity Skills Gap: Dispelling Misconceptions

The workforce challenge organizations often perceive as a cybersecurity skills gap is more accurately a failure to take advantage of the people and resources that should be better utilized.

17 October 2022
Mark Thomas
Blog Post

What is the ROI from Enterprise Training?

The return on investment from enterprise training extends well beyond the financial to areas such as mitigating risk and helping organizations become more agile and resilient.

14 October 2022
David Shavgulidze
Blog Post

A COBIT 2019 Use Case: Financial Institutions in Georgia

The COBIT framework has some key applications in the financial sector as demonstrated by a recent use case in Georgia.

12 October 2022
Information Security
Blog Post

How to Transition from General IT to Cybersecurity

For IT professionals looking to transition to a cybersecurity career, there are several promising pathways to position themselves for success in cybersecurity.

11 October 2022
Blaise Woo
Blog Post

Securing Patient Data Is Paramount in the Post-Pandemic Era

Securing patient data and complying with HIPAA laws may seem like a challenge, but there are several steps your organization can take to combat a cyber incident.

10 October 2022
Joseph Cheng
Blog Post

The Social and Psychological Consequences of Ransomware Attacks

Organizations focus on the financial loss and disruption to services caused by ransomware attacks, but there are significant social and psychological effects that are often overlooked.

7 October 2022
Alonzo Longshore
Blog Post

How To Apply Process Mapping Synergy Gains for Business Continuity and Disaster Recovery

Process mapping from disaster recovery and business continuity planning can help improve enterprises' overall business resiliency.

6 October 2022
Rebecca Herold
Blog Post

Navigating Privacy and Compliance Post-Dobbs Ruling

A variety of healthcare, data privacy and security issues have emerged since the recent Dobbs ruling that have impacted and will continue to impact both businesses and individuals in the United States.

5 October 2022
New ISACA Paper Enables Enterprises to Use Cyberrisk Quantification to Improve Approach to Cybersecurity Risk
Blog Post

The Impact of Cybersecurity on Consumer Behavior

New ISACA data on consumer attitudes about cybersecurity reveal there is much work to be done for enterprises to earn the trust of customers and stakeholders.

3 October 2022
Kim Pham
Blog Post

Five Major Auditing Challenges in Cloud Computing and How to Overcome Them

Top challenges for auditing the cloud start with identifying cloud usage and controlling and monitoring user access.

30 September 2022
David Samuelson
Blog Post

Advancing Digital Trust on Capitol Hill, in Parliament and Beyond

ISACA leaders recently have taken their digital trust message to government officials from the UK, Ireland and the United States.

29 September 2022
Angelina Kahn-Dubois
Blog Post

A CISA Top Scorer’s Tips to Feel Prepared for the CISA Certification Exam

Angelina Kahn-Dubois, the top Certified Information Systems Auditor (CISA) certification exam scorer for 2021, offers tips for success on the CISA exam.

28 September 2022
‘Piecemeal Approach’ Insufficient to Create Digital Trust
Blog Post

‘Piecemeal Approach’ Insufficient to Create Digital Trust

Matt Chiodi, chief trust officer at Cerby and a member of ISACA's Digital Trust Advisory Council, and Karen Heslop, ISACA's vice president of content development, provide their perspectives on ISACA's State of Digital Trust 2022 report.

27 September 2022
Kevin Keh
Blog Post

The Importance of Organizational Resilience in an Age of Immense Change

Organizational resilience has become increasingly top-of-mind for enterprises in the era of The Great Resignation.

26 September 2022
audit and assurance
Blog Post

Audit Approaches for Enterprise Databases

Ensuring enterprises can achieve their business objectives without concerns about sensitive data security is a value-add proposition for internal audit departments looking to perpetuate their role as trusted advisors to executive management.

23 September 2022
State of Digital Trust 2022
Blog Post

Five Key Takeaways from ISACA’s State of Digital Trust 2022 Report

Key takeaways from ISACA's State of Digital Trust report show how organizations must prioritize, measure and collaborate to make strengthening digital trust a reality.

20 September 2022
governance
Blog Post

Giving Data Integrity Its Place on the Podium

Data integrity, one of the key technology risk factors identified in recent IT audit research conducted jointly by ISACA and Protiviti, is crucial to the decisions that enterprises make in the course of routine business.

19 September 2022
MDDAP
Blog Post

How MDDAP Improves Product Quality

By helping medical device manufacturers better understand and sharpen their capabilities, ISACA’s Medical Device Discovery Appraisal Program (MDDAP) is advancing device quality and patient outcomes by driving toward a culture of continuous improvement.

16 September 2022
David Samuelson
Blog Post

Digital Trust: The Key to Successful Transformation

Today’s digital economy is driven by innovation. The companies that are able to find new ways to serve their customers, often enabled by implementation of emerging technologies, are the ones best positioned to thrive.

15 September 2022
Courtney Chatterton
Blog Post

How To Communicate Risk in a Way Leadership Can Understand

The key to effectively communicating risk is aligning risks to the company's business objectives.

13 September 2022
Premkumar Subramanian Subha
Blog Post

How Secure is Your Data? A New Way of Looking at Data Privacy Compliance

Recent data privacy compliance regulations, along with existing ones, present a whole new dimension in the world of regulatory compliance requirements for banks/financial services across the globe.

12 September 2022
Jai Sisodia CISA, CCP, ITIL V3, and Mohammed Khan, CISA, CRISC, CDPSE, CIPM, Six Sigma Certified Green Belt
Blog Post

The Customer’s Responsibility in the Cloud Shared Responsibility Model

The cloud shared responsibility model model can help relieve customers’ operational burdens as the cloud service provider operates, manages and controls the host operating system, infrastructure components and actual physical security of the facilities.

9 September 2022
Safia Kazi
Blog Post

Privacy: A Key Component of Building Digital Trust

The key relationship between privacy and advancing digital trust was explored in a recent ISACA Live episode with Safia Kazi and Betsie Estes.

7 September 2022
Guy Pearce
Blog Post

AI Ethics and eXplainable AI (XAI): Much Easier Said Than Done

More artificial intelligence (AI) proponents are proposing that integrating ethics with AI will result in better customer engagement with the technology

6 September 2022
Varun Prasad
Blog Post

A Fan of Diverse Experiences

ISACA member Varun Prasad works with tech companies of varying sizes to help build digital trust by addressing the security and privacy compliance requirements of customers and other stakeholders.

2 September 2022
Kim Pham
Blog Post

Cloud Computing — What IT Auditors Should Really Know

Given the growing reliance on cloud computing, internal audit should adopt a proactive approach to cloud initiatives and position the department as a trusted advisor.

31 August 2022
Faith Wawira
Blog Post

ISACA Kenya Chapter to Support Vulnerable Children in CommunITy Day 2022

ISACA's annual CommunITy Day of global volunteering is coming up on 1 October, with chapters around the world preparing to make their impact at the local level.

30 August 2022
Jeff Burke
Blog Post

IT Audit Field Provides ‘So Many Options’ for Early-Career Professionals

Jeff Burke shares his experience as a new IT auditor and describes why IT audit is a promising career path for rising professionals.

29 August 2022
Tuan Phan and Chad Friedman
Blog Post

Mapping a Serial Rug Pull Scammer on Binance Smart Chain

Rug pull events can be detected and analyzed using publicly accessible blockchain explorers, online analytical tools and data repositories.

26 August 2022
Brian Fletcher
Blog Post

Shifting the Paradigm to Protect Your Data

ISACA's new white paper, "Defending Data Smartly," goes beyond solutions for protecting your organization’s data, also exploring challenges across information technology, compliance, privacy and governance.

25 August 2022
Max Shanahan
Blog Post

International Standards: ISACA Update on ISO Governance and Management Standards Initiatives

ISACA recently participated in meetings to review and update several ISO governance and management standards.

24 August 2022
Career and Leadership
Blog Post

Breaking Into the IT Industry: IT Degree and Certification

Earning IT certifications can make a big difference in both salary and job opportunities for early-career professionals, and can also serve as a strong complement to IT degree programs.

23 August 2022
Josh Scarpino
Blog Post

Ethical Artificial Intelligence and Machine Learning By Design: A New Standard to Doing Business

Several foundational steps can be taken for organizations by adopting an ethical artificial intelligence and machine learning lifecycle to move toward standardizing ethical technology implementations.

22 August 2022
Veronica Rose
Blog Post

Approach to Auditing a Core Banking System

Auditing core banking systems successfully requires due diligence on a wide range of control tests.

19 August 2022
Sumedha Adavade
Blog Post

A Five-Step Process to Help Organizations Achieve Operational Resilience

Operational resilience is far more than having business continuity planning in place and conducting disaster recovery drills; it requires strategic decision-making when planning, identifying, defining, working, testing, monitoring and re-defining multiple parameters.

18 August 2022
Dr. Blake Curtis, Sc.D, CISA, CRISC, CISM, CGEIT, CDPSE, COBIT
Blog Post

Title Bias – The New Form of Bigotry in The Workplace

Title bias occurs when someone treats another person differently because they don’t hold a specific title or position in an organization, and it can badly damage workplace culture.

17 August 2022
Naomi buckwalter
Blog Post

Burned Out: InfoSec Professionals Sound the Alarm

According to a recent survey, almost a third of infosec professionals want to quit the cybersecurity profession due to burnout within the next 12 months. Can we save our industry from a mass resignation before it’s too late?

15 August 2022
Stefan Hyttfors
Blog Post

Creating, Not Predicting, the Future

ISACA Europe Conference keynote speaker Stefan Hyttfors visited with ISACA Now to discuss some of his favorite themes—the future, emerging technology and trends in globalization and sustainability.

12 August 2022
Laura Zannucci
Blog Post

My CISM Exam Journey

Laura Tate Zannucci shares her experience preparing for the CISM certification exam, including tips and guidance on what proved to be successful tactics.

11 August 2022
Code Your Dreams
Blog Post

Advancing Technology as a Human Right

Code Your Dreams was recognized with the ISACA Technology for Humanity Award for leadership in empowering the next generation of civic-minded technologists.

10 August 2022
Joseph Burt-Miller
Blog Post

My Path to a Career in Cybersecurity

Dr. Joseph J. Burt-Miller Jr. says experience, certifications and degrees form the "cyber triangle" to spark career growth in the cybersecurity field.

9 August 2022
Auditors in a ‘Perfect Position’ to Further Digital Trust
Blog Post

Auditors in a ‘Perfect Position’ to Further Digital Trust

IT auditors are an important part of the digital trust equation since they are able to give organizations confidence in the processes and business relationships that they have in place.

8 August 2022
Matt Moog
Blog Post

Eight Steps to Manage the Third-Party Lifecycle

Managing third parties is a relationship that must be managed throughout the third-party management lifecycle, from identification and screening to offboarding.

5 August 2022
Priya Mouli
Blog Post

Advancing Digital Trust Through Collaboration

To address the biggest challenges in the technology field, Priya Mouli, Director at PwC’s Cybersecurity Consulting practice yhinks there needs to be more collaboration and cooperation among the public and private sectors and groups globally.

4 August 2022
Tammy Moskites
Blog Post

Sharpen Your Machine Identity Management

New technologies are regularly implemented into IT infrastructure in this era of digital transformation, placing increased importance on sound machine identity management (MIM).

3 August 2022
Luigi Sbriz
Blog Post

How Much Trust Should You Give Digital Identity Identification?

Digital identity is a necessity. It should be simple and accurate as well as easily eliminable. Users should be able to expect control over the dissemination of their personal data.

2 August 2022
Maosen Cai
Blog Post

How to Build a Data Science Team Within the Internal Audit Function

Data science is a growing and evolving force in different functional areas of business, and the internal audit function is no exception.

1 August 2022
Mark Thomas, Sr. Cybersecurity Analyst & Threat Hunter, and Sandeep Bachhas, Sr. Cybersecurity Analyst & Threat Hunter
Blog Post

Building Our Security Coordination Center (SCC) Hunting Program

When many companies think about network security, they usually think in terms of firewalls, anti-virus software, intrusion detection systems, and multi-factor authentication (MFA).

29 July 2022
Paul Phillips and Richard Hollis
Blog Post

Supply Chain Security: Where Do We Go from Here?

ISACA risk expert Paul Phillips and CEO of Risk Factor Richard Hollis discussed key challenges influencing supply chain security in an episode of ISACA Live last week. Their conversation was supported by insights from ISACA’s recent survey, Supply Chain Security Gaps: A 2022 Global Research Report.

28 July 2022
Guy Pearce
Blog Post

Data Resilience Is the Cornerstone of Digital Resilience

Digital resilience is the outcome of organizational action taken to rapidly deploy or modify digital technologies to address the negative impact of shocks—such as the pandemic—in the interests of maintaining organizational sustainability.

27 July 2022
Rebecca Herold
Blog Post

Changes Needed to US Federal Privacy Proposal for Effective Implementation

My Privacy & Security Brainiacs team has been tracking US federal bills proposed by Congress that mention privacy in some way.

26 July 2022
Ejona Preçi and Curtis Simms
Blog Post

Addressing Security Risks to Medical IoT Devices

The Internet of Things (IoT) enables millions of smart devices worldwide that are connected to the internet to collect, process and share data.

25 July 2022
Mea Clift
Blog Post

Mea Clift: ‘A Force of Nature’

ISACA member Mea Clift advances digital trust in her work but also makes time for some old-fashioned personal pursuits.

22 July 2022
Paul Thompson
Blog Post

Know Your Risks – and Your Friends’ Risks, Too

In today’s globally connected world, organizations are finding themselves at a greater risk than ever of a supply chain compromise.

21 July 2022
Chris Clements
Blog Post

Purple Teaming: The Next Gen Pen Test

It’s pen test time again. Time to get updated quotes from vendors and put something on the schedule ahead of the compliance deadline, but will this year’s results be any different than last time?

20 July 2022
Career and Leadership
Blog Post

Persevering Through a Seismic Industry Shift

Eventcombo was recognized this year with the ISACA Innovative Solutions Award “for enabling community connections and continuing education virtually during a global pandemic through innovative EventTech solutions.”

18 July 2022
Audit and Assurance
Blog Post

What Can Internal Auditors Do to Increase Cybersecurity Audit Effectiveness?

Cybersecurity has topped the list of critical risk for organizations for the fifth time in both the European Confederation of Institutes of Internal Auditing’s (ECIIA’s) 2022 Risk in Focus report and the Institute of Internal Auditor’s (IIA’s) OnRisk 2022 report.

15 July 2022
Hunter Sekara
Blog Post

Characterizing System Security Engineering Using a Business Impact Analysis

As adversaries continuously seek to disrupt, cause harm and wreak havoc on complex digital assets, enterprises must strategically plan, design and build secure, trusted systems.

13 July 2022
Deepa Seshadri
Blog Post

Cyber Incident Reporting: From Guidance to Enforcement

Imagine a day when the stock markets suddenly begin to crash, contrary to market movements, and your equity holding nosedives from a healthy green to an alarm bells-blaring red.

12 July 2022
Curtis Simms and James Paul Kakembo
Blog Post

Digital IT Forensics Evolution Through Digital Transformation

According to the National Institute of Standards and Technology, “Digital forensics is the field of forensic science that is concerned with retrieving, storing, and analyzing electronic data that can be useful in criminal investigations. This includes information from computers, hard drives, mobile phones, and other data storage devices.”

11 July 2022
Fortune Onwuzuruike
Blog Post

Cybersecurity Workforce Advancement

Cybersecurity education and training is important in the cybersecurity workforce and provides students and recent graduates with information on how to find what path to take. Paths include formal education from universities and institutions that provide programs to better equip the student who desires to be a cybersecurity professional (e.g., bachelor’s, master’s and doctoral degrees) and cybersecurity training such as boot camps, certifications preps and certificate programs.

8 July 2022
Carissa Veliz
Blog Post

AI and Digital Ethics: ‘There Could Not Be More Overlap’

Véliz recently visited with ISACA Now to share her perspectives on AI, digital ethics and more.

7 July 2022
Ravikumar Ramachandran
Blog Post

Quantum Computing and the Role of Internal Audit

Quantum computing is a very exciting discipline formed by the combination of computer science, physics and mathematics, which uses some of the mysterious aspects of quantum mechanics to enable unprecedented computational performances.

6 July 2022
Brian Fletcher
Blog Post

Ensuring You Have the Right Governance in Place for Physical and Environmental Controls

Physical and environmental controls are more than gates, guards, generators and HVAC monitoring. Getting physical and environmental controls right is a big step forward in reducing your enterprise’s risk and protecting critical assets in an unpredictable world. So how do you determine that you have the proper controls and governance oversight in place?

5 July 2022
Kevin Keh
Blog Post

Arts vs. Sciences in IT: How UX Design Can Bridge the Gap

As professionals in IT-related fields, our jobs can seem very explicit: Binary 1s and 0s and Boolean true or false is baked into much of what we do. There are exceptions of course, but often there is a right answer or a wrong answer, and little space in between.

30 June 2022
Kim Kaplan
Blog Post

MDDAP Helps Achieve Fast, Sustainable Solutions for Medical Device Quality

MDDAP’s successful development is due in part to the Case for Quality (CfQ) being launched from FDA’s own research with a wide variety of stakeholders, which revealed a problem in the industry: compliant manufacturers were still having similar types and frequency of issues as non-compliant manufacturers. While compliance was important, it alone wasn’t going to drive the desired quality outcomes.

29 June 2022
Kashifu Inuwa Abdullahi
Blog Post

ISACA Member’s Impact in Nigeria Recognized on the Global Stage

Kashifu Inuwa Abdullahi, Chief Information Technology Officer, National Information Technology Development Agency in Nigeria, was recognized this year with the ISACA Inspirational Leadership Award “for leadership in bridging the digital divide by providing computers and other IT infrastructure to rural areas and schools and for providing virtual libraries.”

28 June 2022
Anna Johannson
Blog Post

How the Right Help Desk Processes Can Strengthen Security

The IT help desk might seem like a simple portal for helping end users manage their issues. But in reality, it represents one of the first (and best) filters for identifying potential cybersecurity problems that may arise.

27 June 2022
Ajay Wadhwa
Blog Post

Next-Generation CISO: Business, Technical or Mix of Both?

Before we get to the answer to the question posed in the title, let’s look at the typical job responsibilities of a CISO.

23 June 2022
Zanele Njapha
Blog Post

Lessons in Change and Leadership from ‘The UnLearning Lady’

Zanele Njapha recently visited with ISACA Now to discuss her quirky nickname, her views on entrepreneurship and organizational change, and more.

22 June 2022
Rob McDonald
Blog Post

Reach and Teach: An Effective Way to Market and Advertise Cybersecurity Services

Now is the time for cybersecurity professionals to get in front with their message.

21 June 2022
Yiannis Pavlosoglou
Blog Post

Introducing the Principle of Need to Have Available

The principle of need to have available can be summarized as having only the permissions you need for your next set of tasks.

21 June 2022
The Overlooked Characteristics That Can Elevate the Cybersecurity Workforce
Blog Post

The Overlooked Characteristics That Can Elevate the Cybersecurity Workforce

While much has been said and written about the difficult cybersecurity skills and hiring landscape, one key characteristic that is typically overlooked in cybersecurity professionals is empathy.

17 June 2022
audit and assurance
Blog Post

Foundational Understanding of Databases Boosts Auditors’ Value

With all the areas under an IT auditor’s purview, it is challenging, perhaps impossible, to be as proficient as we would like to be in all areas.

16 June 2022
Binita Patel
Blog Post

Perimeter-less Security

“Never trust, always verify” have been the buzzwords ever since the term “zero trust” was coined. According to Pulse, 87% of decision-makers believe that zero trust security strategy will simplify their organization’s security architecture.

15 June 2022
Brian Gallagher
Blog Post

Reaching Objectives and Enabling Success: How CMMI Creates Habit Persistence

During ISACA Conference North America 2022, ISACA launched a new initiative focusing on the pursuit of digital trust, which means that this topic was present in several discussions throughout the conference.

14 June 2022
Jingcong Zhao
Blog Post

Making Continuous Controls Monitoring Work for Everyone

As a security assurance professional, you know the importance of controls testing. After all, only organizations that thoroughly test and prove their controls’ effectiveness can be confident that they’ve sufficiently mitigated their security and data privacy risks.

13 June 2022
Larry Alton
Blog Post

Customs Goes Digital: Exploring the Latest Trends

It’s been amazing to watch how almost every aspect of global life has been digitized in some shape or form over the past several years – and customs is no different. The question is, which aspects are changing? And is it for the better?

10 June 2022
Career and Leadership
Blog Post

The Great Resignation & Employee Retention in Digital Trust Professions: Closing Critical Workforce Gaps

ISACA Conference North America 2022 last month featured the launch of ISACA’s new initiative focusing on the pursuit of digital trust, which was a recurring theme throughout many of the event’s presentations.

8 June 2022
Evan Wheeler
Blog Post

Give Your IT Risk Program a Jump-start

I’m constantly fielding questions about how to start building a modern-day IT risk management program, and a quick Google search reveals that there are many differing opinions on the best approach.

7 June 2022
Mea Clift
Blog Post

Supply Chain Risk Management: Where Do We Start?

Mea Clift examines how to climb the mountain of evaluating vendors to ensure they're meeting security standards.

6 June 2022
Andrea Tang
Blog Post

Demystifying China’s Personal Information Protection Law: PIPL vs. GDPR

On 20 August 2021, the National People’s Congress (NPC) passed the final version of the Personal Information Protection Law of the People’s Republic of China (PIPL), a comprehensive privacy law that covers multiple facets of personal information protection.

3 June 2022
Ravi Shankar Vemuri
Blog Post

How Best to Protect Your Assets

How do you typically protect a special or expensive piece of jewelry? You may keep it in a bank locker or in an electronic safe in your home.

1 June 2022
Pam Nigro
Blog Post

In a World of Technology, ISACA Makes the Difference

At the beginning of this year, ISACA took on a bold new vision for the future: Be the standard-maker for digital trust everywhere.

1 June 2022
Shingi Mushangwe
Blog Post

The Governance, Assurance and Automation that Financial Services Organizations Need

In response to the recent Russian invasion of Ukraine, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced a set of expansive economic measures designed to incapacitate the Russian financial system.

31 May 2022
Gopikrishna Butaka
Blog Post

The Future of Audit in the World of Interconnected Business

The COVID-19 pandemic had changed many things; one among them is the perception of the audit process as business processes have become more interconnected and interdependent.

27 May 2022
Naomi Buckwalter
Blog Post

Five Cybersecurity Memes and What They Say About Cybersecurity Today

Cybersecurity memes on social media are often good for a laugh, but several of the more popular ones have gained resonance with security professionals for a reason...

26 May 2022
Jason Sechrist
Blog Post

Separating Fact from Fiction: Debunking Myths Around CMMC 2.0

With more than 220,000 companies supporting the US Department of Defense, the defense industrial base presents an enticing target for hackers, nation-states, and cybercriminals.

25 May 2022
Dr. Kimberlee Ann Brannock
Blog Post

Cybersecurity and Consumers

As a cybersecurity leader and scientist, I find it interesting that as I observe events all around me that all are seemingly unconnected, they are in fact connected, at times with exciting and favorable outcomes.

24 May 2022
Luigi Sbriz
Blog Post

Combining the Risk Register and the Maturity Model to Increase Total Value

Communicating the results of business controls to top management is never an easy process, especially if we want to ensure concrete information based on risk and effectiveness of controls is communicated. Generally, risk and controls rely on different methodologies; this is not ideal. Instead, we need flexible methodologies, collaboration between business processes and adequate tools.

23 May 2022
Digital Trust Requires All Hands on Deck—But the ROI Is Worth It
Blog Post

Digital Trust Requires All Hands on Deck – But the Payoff Is Big

The fields in which ISACA’s professional community works – such as audit, risk, security, privacy and governance – feed into the more encompassing realm of digital trust.

20 May 2022
Adham Etoom, CISM, CRISC, PMP, GCIH, FAIR, Government of Jordan, National Cyber Security Center, Jordan, and Ejona Preci, CISM, CRISC, ITIL, Information Security Risk Manager
Blog Post

COVID-19: An Ignitor in Information Risk Management

This makes one think about risk subconsciously as we are uncertain about when pandemics will happen as well as how we should be prepared to contain and reduce their impact.

18 May 2022
Matt Moog
Blog Post

Three Reasons Your Third-Party Management Program is Struggling

Building trust throughout an organization requires working collaboratively across lines of the business and gaining interdepartmental, cross-functional visibility.

16 May 2022
Understanding the Full Digital Trust Ecosystem
Blog Post

Understanding the Full Digital Trust Ecosystem

A Google search of “digital trust” turns up 5.73 billion results, and hundreds of recent trade press articles have covered the topic.

13 May 2022
Welland Chu
Blog Post

The Needed Societal Response to Cybersecurity Risk in the COVID Era

COVID-19 has transformed how business is conducted with the acceleration of cloud adoption and remote working. Organizations’ data is no longer kept within the perimeter of the office’s or data center’s boundary.

11 May 2022
Andre Pitkowski
Blog Post

Award Winner Weaves ISACA Into Academic Curriculum

Andre Pitkowski recently visited with ISACA Now for a Q&A interview, reflecting on his award. The following is a transcript of the interview.

10 May 2022
Bhanu Jagasia
Blog Post

Zero Trust Does Not Imply Zero Perimeter

Typically, when we hear “zero trust” these days, folks generally hear the common example of remote employees not having to VPN (Virtual Private Network) back to their enterprise network to access the cloud resource.

9 May 2022
Anantha Sayana
Blog Post

Should Information Systems Audit Evolve to Information Systems Continuous Monitoring?

Nothing in this world is static. Everything evolves, and improvements often happen when things evolve.

6 May 2022
Advancing trust in a digital world
Blog Post

2021 Annual Report Spotlights ‘Inspiring Work’ of ISACA Community

Through new learning and credentialing opportunities, enterprise resources and its ever-growing global community, ISACA was in pursuit of digital trust throughout 2021 on multiple fronts.

5 May 2022
David Samuelson
Blog Post

Building a More Trustworthy Digital World

Technology is truly driving global innovation and the world economy.

3 May 2022
Michael P. Cangemi
Blog Post

In 50 Years, the ISACA Journal Has Had and Seen it All

Congratulations to the ISACA® Journal on achieving 50 years of publications. The massive body of information published has, no doubt, positively impacted ISACA® members, their organizations, the IT governance community and society at large.

3 May 2022
Spiros Alexiou
Blog Post

Practical Advice for Agile Audit

Agile audit is in right now, and it looks like even the people who were doing everything agile opposes are now ardent supporters and push for going agile.

2 May 2022
Frank Downs
Blog Post

Failure to Patch and the Rare Case of the Java Crypto Hack

One of the often-accepted truisms in cybersecurity is to ensure that all systems supporting and protecting business operations are up-to-date and current.

29 April 2022
Security
Blog Post

Living off the Land (LotL) Classifier Open-Source Project

In security, “Living off the Land” (LotL or LOTL)-type attacks are not new. Bad actors have been using legitimate software and functions to target systems and carry out malicious attacks for many years.

28 April 2022
Certified Information Security Manager
Blog Post

Twenty Ways Information Security Has Become More Challenging in the Past 20 Years

To mark the anniversary of ISACA’s Certified Information Security Manager (CISM) we spoke with 20 CISM-holders to collect their commentary on the biggest challenges that have emerged in infosec since CISM came on the scene in 2002.

27 April 2022
CISM 20th Anniversary Infographic
Blog Post

Twenty Ways Information Security Has Changed for the Better in the Past 20 Years

ISACA’s Certified Information Security Manager (CISM) certification is now in its 20th year and to mark the anniversary, we spoke with 20 CISM-holders to collect their commentary on what has changed for the better.

26 April 2022
Brian Fletcher
Blog Post

How CISOs Can Score Some Quick Wins

Brian Fletcher, recently visited with ISACA Now to discuss how chief information security officers (CISOs) can start off by achieving some quick wins for their organizations and how organizational cyber maturity enters the equation.

25 April 2022
Brad Rhodes
Blog Post

Malicious Trends: What You Need to Know

According to the recent Cybersecurity Ventures 2022 “Cybersecurity Almanac,” organizations will spend approximately US$1.75 trillion on cybersecurity between 2021 and 2025.

22 April 2022
David Shavgulidze
Blog Post

Supply Chain Security: Analysis of the Georgian Ecosystem

According to the European Union Agency for Cyber Security (ENISA): “In cybersecurity, the supply chain involves a wide range of resources (hardware and software), storage (cloud or local), distribution mechanisms (web applications, online stores), and management software.

21 April 2022
Alex Holden
Blog Post

Proven Methodologies to Fight Ransomware

Though the topic of ransom and ransomware is extremely popular, a lot of discussions center around a few topics: prevention, insurance and recovery.

19 April 2022
Liz Pisney
Blog Post

Saluting Our Global Volunteers

When ISACA certification candidates take an exam, the content of that exam was created and reviewed by ISACA volunteers.

18 April 2022
Joanna Karczewska
Blog Post

Celebrating Women in Cybersecurity

Joanna Karczewska, a longtime ISACA member from Poland, recently visited with ISACA Now to discuss the book and her views on progress made by women in the cybersecurity field. The following is a transcript of the interview:

15 April 2022
Muhammad Asif Qureshi
Blog Post

The Evolution of GRC

Back in the day, manual processes were dominant, with telex and fax being the most common mode of communication. As a result, risk governance was also focused on these ways of business processing.

14 April 2022
Rob Clyde, ISACA board director, Executive Advisor, ShardSecure, and Chris Dimitriadis, Chief Global Strategy Officer, ISACA
Blog Post

The Trans-Atlantic Data Privacy Framework: A Significant Step Toward Reinforcing Transatlantic Cooperation, Setting a New Standard for Personal Data Protection

Global trade has been growing for decades, as most economies accelerated their globalization since the 1990s, using digital technology as a key catalyst that helped industries interconnect further and innovate.

13 April 2022
Kelly Hood
Blog Post

Level Up Your Governance to Drive Business Growth

When you search for the term “cybersecurity” online, you get approximately 17 billion images of padlocks and shields – but what is this trying to communicate?

12 April 2022
Joseph Cortese
Blog Post

What Business Leaders Need to Know About Cybersecurity Preparedness

Many cybersecurity incidents occur when organizations think they’re doing the right thing.

8 April 2022
Sandipan Gangopadhyay, CGEIT, and Stuart McGuigan
Blog Post

The Future of Complex Legacy Enterprise Transformation

The process of manual programming has never been a perfect or exact science, and the resulting defects that occur along the way have long plagued the software development lifecycle and are therefore perpetuated in legacy systems.

7 April 2022
Information Security
Blog Post

Using SWIFT as a Lesson for the Cybersecurity Community

In February 2016, the world witnessed a sophisticated cyberheist in which the computer terminals of Bangladesh Bank, which interfaced with the Society for Worldwide Interbank Financial Telecommunication’s (SWIFT) communication system, were compromised.

6 April 2022
Binita Patel
Blog Post

Addressing the Biggest Challenges in Cloud Security

Gartner has predicted that by 2026 the public cloud expenditure will exceed 45 percent of all enterprise IT.

5 April 2022
Karen Heslop
Blog Post

ISACA Seeks Input to Digital Trust Ecosystem Framework

If you do a Google search for digital trust, you’ll receive over 5.5 billion results; indeed, digital trust is a popular topic these days! Definitions of digital trust, however, vary widely.

4 April 2022
Silvina Moschini
Blog Post

Technology and the Democratization of Opportunity

Silvina Moschini visited with ISACA Now to discuss digital transformation, cloud adoption, corporate social responsibility and more.

1 April 2022
Isabel Aguilera
Blog Post

Embracing the Possibilities of the Modern Business Landscape

Isabel Aguilera recently visited with ISACA Now to provide her perspective on technology’s role in shaping today’s business environment.

31 March 2022
Joanne Joseph
Blog Post

The Pandemic Era: A Period of Business Resilience

COVID-19 has markedly impacted the mitigation measures for business continuity and IT disaster recovery adopted by businesses over the last two decades.

30 March 2022
Lukas Werner
Blog Post

What to Consider When Making the Step to the Cloud

Organizations that decide to take their entire IT landscape, or parts of it, to the cloud need to consider the different factors that need to be prioritized according to their needs.

29 March 2022
Hand typing on a keyboard
Blog Post

Edwards: From a Compliance Mindset to a Performance Mindset

Edwards was an early adopter of the MDDAP program. The company’s Draper, Utah facility completed its first MDDAP appraisal in 2017 as part of the program pilot.

25 March 2022
Dave Schmoeller
Blog Post

Using InfoSec Compliance Programs for Proactive IT Risk Management

Proactive IT risk management is crucial to maintain a successful business. This means implementing measures to identify and mitigate potential risks, continuously and reliably, before those risks can cause material (or worse, permanent) damage.

24 March 2022
Kate O'Neill
Blog Post

Aligning Business Objectives and Human Outcomes in Digital Transformation

Kate O’Neill, recently visited with ISACA Now to provide her view of human-centric digital transformation, how data should be integrated into companies’ business models and more.

23 March 2022
Naomi Buckwalter
Blog Post

Cyber Workforce: Out of the Ashes and Into the Fire

ISACA’s State of Cybersecurity 2022 report was published earlier this week, and it’s not looking too good for us good guys. For the third year in a row, the cybersecurity labor shortage looms large as the main focal point, casting its long, grim shadow across most of the report’s 40-plus pages.

23 March 2022
Raef Meeuwisse
Blog Post

Essential Tips for Staying Current on Cybersecurity Terminology

Navigating the language of cybersecurity is like trying to win an argument with someone you love. You must be open-minded, kind-hearted and committed.

21 March 2022
Veronica Rose
Blog Post

Don’t Let Collaboration Tools Become a Red Carpet for Black-Hat Hackers

2020 was a unique year and most of us couldn’t wait to call an end to it for so many reasons, including the increased trends in cyberattacks – some of which targeted collaboration tools such as in the example I noted above.

18 March 2022
Adam Kohnke
Blog Post

How Auditors Fit into the Zero Trust Journey

"Zero Trust” is one of those security buzzwords making the rounds on the inter-webs recently, but what does it mean and why should security or IT audits teams start caring about this term? Traditionally, enterprises concern themselves with forming a layered defensive...

17 March 2022
Lisa Villanueva
Blog Post

Evaluating Governance Over DevOps Practices

Auditors and related practitioners are always learning and prepared to pivot as new technologies and modes of software delivery are introduced.

16 March 2022
Larry Wlosinski
Blog Post

Improving Cybersecurity Incident Response

Incident response handling procedures could use some improvement. By utilizing and practicing incident response exercises, organizations can put in place a strong and integrated response to incidents of varying types.

15 March 2022
Donald Tse
Blog Post

Embedding Digital Trust in Fintech: Seven Practical Steps

There has long been debate about whether innovation and risk management can coexist. For some digital pioneers, risk and compliance are synonymous with being a roadblock to innovation.

11 March 2022
Molly Mullinger, CPA, Manager of Solutions Advisory Services at AuditBoard, and Shehan Jayakody, Senior Manager of Product Solutions, AuditBoard
Blog Post

Vulnerability Management: Addressing Your Weaknesses Before They Can Be Exploited

As businesses continue to extend their digital footprints to support remote workers and deliver the products and services customers demand, the risk of a breach grows exponentially.

10 March 2022
Rahul Pandey
Blog Post

Exploring HackTown: A College for Cybercriminals

It’s becoming simpler for wannabe cybercriminals to catch a portion of the billions of dollars lost through fraud happening every year. All you really need is some Bitcoin knowledge, some free tools and no moral qualms taking from others.

9 March 2022
Reshma Devi
Blog Post

Taking a Clear-Eyed View of the Road Ahead for Women in Security

ISACA member Reshma Devi recently visited with the ISACA Now blog to discuss her mindset about volunteering, her views on progress for women in the security industry and more.

8 March 2022
Sharda Shetty
Blog Post

My New Career Connection Through ISACA Mentorship Program

I have been a member of ISACA for over 10 years, and it has touched my life in many ways. When I first acquired the CISA certification in 2012, an avalanche of job offers followed!

7 March 2022
Adham Etoom
Blog Post

Good Enterprise Governance Needs CGEIT: My Journey to Pass the Exam

I earned ISACA’s CRISC and CISM certifications in 2019 and 2020, respectively. I always feel a professional obligation to give back to ISACA global community through sharing my lessons learned after passing each exam – hopefully providing practical guidelines will be beneficial to professionals who are preparing to obtain these industry-recognized credentials worldwide.

3 March 2022
Tensions Shine Spotlight on Protecting Critical Infrastructure
Blog Post

Tensions Shine Spotlight on Protecting Critical Infrastructure

Given the tense security environment caused by Russia’s current attacks on Ukraine, threats to critical infrastructure are top-of-mind throughout the cybersecurity community.

2 March 2022
Shannon Donahue
Blog Post

Volatile Times Call for Heightened Cybersecurity Preparedness

The recent attacks on Ukraine are a daunting reminder that today’s battles occur on two fronts: the physical world and the digital one.

28 February 2022
Allen Ari Dziwa
Blog Post

A Lesson for the Cybersecurity Community

With the numerous cyberattacks being reported in the news almost daily, I find it helpful to think of some words of wisdom from my grandfather.

25 February 2022
Luis Gorgona
Blog Post

Getting Creative with Maturity Models and COBIT 2019

Maturity models have become an area of personal interest in my professional practice. Maturity models can act as a common language that serves as a bridge between the business and the IT function.

24 February 2022
Gurneet Kaur
Blog Post

Why Collecting the Right Metadata is Crucial for Scaling a Security Program

At Adobe, security is a critical priority for us, and we believe in defense-in-depth, which begins with monitoring — from collecting event logs and configuration data made available by public cloud providers, to logs from EDR systems and vulnerability scanning pipelines.

23 February 2022
Wole Davis
Blog Post

Auditing in a Virtual Universe

The Industrial Revolution in the 18th and 19th centuries came with a lot of transformations and innovations that gave rise to the use of machines and fundamentally changed the ways humans live.

22 February 2022
Journal 50 Years
Blog Post

Celebrating Five Decades of the ISACA Journal

The ISACA Journal is more than just a print and digital publication – for 50 years, it has served as a reflection of ISACA’s membership, in the view of Steven Ross.

18 February 2022
Cat Coode
Blog Post

Drilling Down on Data Protection and DPO Reporting

Cat Coode, founder of Binary Tattoo and an expert in global privacy regulation compliance, recently participated in a privacy-themed Ask Me Anything thread on ISACA’s Engage platform.

17 February 2022
Jo Stewart Rattray
Blog Post

How to Navigate the Perfect Storm: Cyberthreats and Skills Shortages

Over the past two years in particular, the importance of cybersecurity has been globally recognized, and sophisticated cyberattacks have made international headlines.

15 February 2022
Governance
Blog Post

Individual Behavior, Corporate Action and Sarbanes-Oxley

In recapping the history of the Sarbanes-Oxley Act (SOX) of 2002, discussions often include lists of the corporations whose actions led to enactment of this United States legislation. The terms “corporate scandal” and “corporate fraud” are used.

14 February 2022
Information Security
Blog Post

A Workplace Sea Change: Sizing Up The Next Normal

The workplace in February 2022 looks drastically different than it did even a year ago and is likely to be reshaped even further in the year to come.

11 February 2022
Alex Bermudez
Blog Post

Many Shades of a Common Problem: Privacy Rights Requests

DSARs, IRRs, Consumer Rights’ Requests, Derechos ARCO – if you broke out into a cold sweat reading any one of those, then this blog post is for you. Privacy requests are complex and burdensome in daily operations today, and only getting more prolific.

10 February 2022
Chetan Anand
Blog Post

Insights into Environmental, Social and Governance (ESG)

Are we prepared for the Environmental, Social and Governance (ESG) challenge? Organizations are facing heightened expectations from interested parties such as regulators, customers, consumers, investors, community activists and others when it comes to ESG.

8 February 2022
Paul Thompson
Blog Post

Leveraging Cybermaturity to Right-Size Cybersecurity

We hear the word “cybermaturity” tossed around quite often these days, but what does it mean? Cybermaturity is a state describing the sophistication, or rigor, of one’s cybersecurity capabilities and processes.

8 February 2022
Justin Henkel
Blog Post

Aggravating Circumstances for an RCE Vulnerability: A Log4j Retrospective and Risk Landscape Evaluation

Information security teams were forced to respond over the holiday as an Apache Log4j zero-day vulnerability was discovered and socialized across the infosec community.

7 February 2022
Luigi Sbriz
Blog Post

Understanding the Importance of Effective Board Communication

For any cybersecurity framework to be successful, it is essential that the chief information security officer (CISO) or equivalent figure be able to simply communicate with top management the state of security in the organization, present an improvement plan, justify it with the risk assessed and request the necessary resources.

4 February 2022
Matt Stamper
Blog Post

Simplify and Contextualize Your Data Classification Efforts

In the CISO Desk Reference Guide, I noted how critical the concept of “context” is to security programs. The same holds true for our organizations and their respective privacy programs.

2 February 2022
Christopher Henry
Blog Post

Achieving Workforce Diversity in Cybersecurity

In the current global landscape of near daily announcements of cyberattacks, organizations can no longer just sit back and wait for employees to find them; they must be proactive.

1 February 2022
Gopikrishna Butaka
Blog Post

The Weakest Link in the Cybersecurity Chain: Are You Aware of It?

Recently, there was a debate on our audit team regarding the increased amount of cybercrime during the pandemic and the best ways to handle it.

31 January 2022
CA Ratan Singh Tanwar
Blog Post

My Guide to Passing the CISA Exam

Becoming CISA-certified in the first attempt is not an easy task, but it can be passed simply by following a dedicated and structured study plan.

28 January 2022
Yunique Demann
Blog Post

Plenty of Progress Still Needed on the Privacy Landscape

2021 was an eventful year for privacy with the emergence of new legislation such as the California Consumer Privacy Act, Brazilian General Data Protection Law and China Personal Information Protection Law.

26 January 2022
Dave Schmoeller
Blog Post

What Is a Risk Heat Map & How Can It Help Your Risk Management Strategy

In the early 2000s, pharmaceutical company GlaxoSmithKline (GSK) was facing a serious risk: One of its manufacturing plants did not meet the requirements of current good manufacturing practices (CGMP).

25 January 2022
David Samuelson
Blog Post

Charting a Course for Digital Trust

As we begin this new year, we’re also in the early stages of executing on a new strategic plan that will shape ISACA’s focus in 2022 and the coming years.

24 January 2022
Adham Etoom and Veronica N. Rose
Blog Post

Enablers That Propelled Our Careers to a Higher Level

Undoubtedly, ISACA is cultivating the next generation of digital trust professionals as it is a one-stop-shop for top-notch industry-recognized credentials, pieces of training that bridge the gaps between what people learn in university and the practical skills required to perform tasks at work.

21 January 2022
Michael Powers
Blog Post

Technology Control Automation: Improving Efficiency, Reducing Risk and Strengthening Effectiveness

A principal component of a sound risk management framework, particularly in highly regulated institutions, is an effective control testing program.

19 January 2022
ShanShan Pa
Blog Post

Code of Conduct: An Effective Tool for GDPR Compliance

We are three+ years out from the EU General Data Protection Regulation (GDPR) taking effect. While many organizations are still new to or struggle with GDPR, a more recent milestone could shed light on this development for privacy practitioners and implementors.

18 January 2022
Audit and Assurance
Blog Post

Is Agile Auditing a Sure Thing for Internal Audit?

Operational innovation. Business resilience. Operational disruption, possibly resulting from third-party management issues like suppliers’ solvency, compliance, service/product quality and even suppliers’ behavior (if your enterprise happens to be subject to the UK Bribery Act or similar legislation).

14 January 2022
Patrick Sullivan
Blog Post

Maintaining Your Compliance Strategy During (and After) CISO Turnover

Amidst the “Great Resignation,” employees across industries — and experience levels — are reconsidering their relationship with work.

12 January 2022
David Samuelson
Blog Post

Foundation in Place for a Promising Year Ahead

In large part, 2021 for ISACA was about putting in place a sturdy technological foundation on which our community can grow. It was a year of big challenges and bigger successes.

11 January 2022
Vimal Mani
Blog Post

A Bird’s Eye View of Cyberinsurance Plans

Most cyberattacks launched by hackers result in financial repercussions for the organization and cause disruption of its critical assets and services.

10 January 2021
Glorin Sebastian
Blog Post

Online Education From a Security Risk and Controls Perspective

The internet and the subsequent online revolution have led to the digitization of almost every aspect of human life; education is no different.

6 January 2022
Prasad Chaudhari
Blog Post

Recognizing the Customer’s Responsibility in a Shared Responsibility Model

Every industry, regardless of size, is eager to realize the benefits of the cloud. The cloud providers’ ability to move from a Capital Expenditures (CAPEX) model to Operating Expenses (OPEX) is not all about upfront cost savings, which the cloud platforms offer.

5 January 2022
Luigi Sbriz
Blog Post

Can a Risk Register Focused on Information Security Be Readable by Senior Management?

In a practical way means that it could be managed directly by the owner of the risk. However, seeing a senior manager interact directly with the risk register instead of using an executive summary does not happen often.

4 January 2022
Thorsten Stremlau
Blog Post

How to Enable DICE and TPM for Optimal Security

By 2030, more than 24 billion Internet of Things (IoT) devices will have entered our cities, workplaces and homes, according to Transforma Insights. For years, I have been working to make sure that these devices have a healthy immune system so that they can defend against malicious attacks.

30 December 2021
K-Harisaiprasad
Blog Post

Cybersecurity in Arbitration

Arbitration is a process of resolving a dispute between two or more parties through one or more arbitrators to obtain a legally binding decision outside of court. The proceedings and awards remain confidential.

29 December 2021
Assessing and Improving Information Governance Maturity Across Emerging Data and Cloud Systems
Blog Post

Assessing and Improving Information Governance Maturity Across Emerging Data and Cloud Systems

Organizations are concerned about the impact of rapid digital transformation on their data privacy, security, compliance and legal risk.

28 December 2021
Security
Blog Post

Log4Shell Update and Resources

In the past week, you’ve likely seen multiple headlines about a new major security vulnerability. Log4j is an open-source logging framework built on Java coding language that is used by approximately one-third of all webservers. On 9 December, a flaw in the code was discovered and rated a 10 out of 10 on the Common Vulnerability Scoring System (CVSS) due to its possible impact. 

23 December 2021
Glib Pakharenko
Blog Post

The Importance of VPN Technology Assurance

Virtual Private Networks (VPNs) for many years have already been in place in almost every organization. Their use has been mostly limited to functioning as site-to-site tunnels between offices and third-party organizations, providing remote access of IT specialists for incident/change...

23 December 2021
Wole Davis
Blog Post

Central Bank Digital Currency and Governments’ Quests for Control

According to National Geographic, “An adaptation is any heritable trait that helps an organism, such as a plant or animal, survive and reproduce in its environment.” Eucalyptus trees survive the wildfires of the Australian forest because of their thick, multilayered barks that act as insulation against heat.

22 December 2021
Veronica Rose
Blog Post

Qualities of a Trusted Information Systems Auditor

The information systems auditor’s journey is one of exploration because each time we encounter new risks, processes and controls, they become a part of our work.

21 December 2021
R.V. Raghu
Blog Post

Data Minimization: An Approach to Data Governance

Data has fueled the hockey stick-shaped growth of enterprises worldwide, probably leading to the much-adopted phrase data is the new oil. But recent high-profile data breaches and the rise of data protection regulations have made data into a double-edged sword to be wielded with extreme care.

20 December 2021
Kerie Kerstetter
Blog Post

Compliance Versus Risk: Why Choosing the Right Approach is So Important

Most organizations have now realized the critical importance of cybersecurity risk management.

17 December 2021
Mark Thomas
Blog Post

A Holistic Training Approach That Helps Enterprise Governance Thrive

If you have been on your professional or social networking sites in the past several months, you might have noticed that many of your colleagues are posting about their newly acquired certifications.

15 December 2021
Robert Findlay
Blog Post

The Challenging Task of Auditing Social Media

A request to audit social media is rarely confused with a pleasant sunny day at a picnic. It is fundamentally an audit of the organization’s marketing department, which comes with challenges as marketers are not always following best practices of internal controls.

15 December 2021
Chris Dimitriadis
Blog Post

Log4shell Vulnerability Highlights Critical Need for Improved Detection and Response Policies and Procedures

A zero-day vulnerability of Log4j (CVE-2021-44228), an open-source, Java-based logging utility widely used by enterprise applications and cloud services, recently came to light.

14 December 2021
Ramses Gallego
Blog Post

Three Key Priorities for Emerging Tech Practitioners in 2022

Regardless of where somebody specializes in the IT field – whether an audit, risk, privacy, governance or security practitioner – the impact of emerging technology is becoming increasingly relevant.

13 December 2021
Rob Clyde
Blog Post

Wanted: Experienced, Passionate Leaders for ISACA Board of Directors

There’s a saying when it comes to what makes an effective board of directors: Noses in, fingers out. That’s the approach the ISACA Board of Directors takes, meaning the Board is responsible for governance and oversight for the organization, but we steer clear of the operational execution.

13 December 2021
Ravikumar Ramachandran
Blog Post

Three Key Priorities for Governance Practitioners in 2022

The accelerating technological advancements and digital transformation did not reduce its pace in 2021 and it does not figure to in 2022, nor for the foreseeable future.

10 December 2021
Jack Freund
Blog Post

Three Key Priorities for Cyberrisk Practitioners in 2022

It’s that time of the year again where people are making prognostications about what will happen in the new year.

9 December 2021
Rebecca Herold
Blog Post

Three Key Priorities for Privacy Practitioners in 2022

Each year privacy professionals have more and more issues to address. Existing privacy risks never really go away. They simply lurk beneath the new issues that claim the attention of privacy pros until the time is prime to exploit those old vulnerabilities.

8 December 2021
Sushila Nair
Blog Post

Three Key Priorities for Cybersecurity Practitioners in 2022

The availability of security talent — or lack thereof — has emerged as the key limiting factor in information security’s ability to secure the modern business.

7 December 2021
Ookeditse Kamau
Blog Post

Three Key Priorities for Audit Practitioners in 2022

These past two years have been a stretch for everyone. Most are still learning how to work differently and re-evaluating their strategies to get the best out of the worst season.

6 December 2021
Adham Etoom
Blog Post

Cyber Defense Strategies 4.0 Incorporating AI Technology

In the age of Industrial Revolution 4.0, cybersecurity has become a more pressing and disturbing concern for both boards and senior management globally.

3 December 2021
Terry Cai
Blog Post

Data-Driven vs. Data-Informed: How Auditors Find the Right Balance

Data is a powerful thing. Consequently, the role that data analytics play in today’s audit profession cannot be emphasized enough, especially in light of digital transformation across different industries.

2 December 2021
Cyber maturity graphic
Blog Post

Cybermaturity: A Path to Right-Sizing Cyber Practices

The concept of cybermaturity has gained increased attention in recent years, while still not being well-understood in many circles across the industry.

1 December 2021
Aselsan MGEO Case Study
Blog Post

Case Study: How ASELSAN MGEO Improved Design and Management Processes with CMMI V2.0

Defense contractors and general manufacturers across the globe that are looking to improve overall design and management processes or upgrade their cybersecurity maturity level can do so with ease and efficiency – even during a pandemic.

30 November 2021
Molly-Mullinger_Elliott-Bostelman
Blog Post

Six Steps to a Mature Policy Management Program

When the reality of the pandemic sank in, and people shifted to remote working nearly overnight, companies had to rethink the data and technology policies written for a typical office working space. Some organizations were scrambling to make updates, while others already had a policy management program to guide them through this event.

29 November 2021
C. Warren Axelrod
Blog Post

Privacy in Greater Peril

There is a saying that states “May you live in interesting times,” but it is considered to be a curse. Unfortunately, we are living through a particularly interesting period that is turbulent, high risk and oftentimes devastating.

23 November 2021
Shini Menon
Blog Post

Imagining Audit Tech With AI

As an experienced professional who has worked with pharmaceutical, medical device, financial service, government, retail and hedge fund organizations, it did not take me many years to realize that audits and assessments were largely manual, tedious and intensive activities.

22 November 2021
Melissa Swartz
Blog Post

Changing the World on ISACA CommunITy Day

The first Saturday in October has become my favorite day of the year at ISACA. Every year, thousands of ISACA members and their families join together to perform local community service, and we track those efforts to measure the collective impact we have when we work together – even while apart.

19 November 2021
Julia Kanouse
Blog Post

Acronyms Only Scratch the Surface of What ISACA Stands For

ISACA itself is an acronym, formerly standing for the Information Systems Audit and Control Association. And of course, we’re well known for our global portfolio of IT certifications – CISA, CISM, CRISC, CGEIT, CDPSE, CET, ITCA – not to mention the COBIT framework.

18 November 2021
Greet Volders
Blog Post

COBIT’s Value for Small and Medium Enterprises

If one or more of the statements below reflects your thoughts on COBIT®, you should investigate the latest ISACA publication, COBIT for Small and Medium Enterprises (SMEs).

17 November 2021
Wickey Wang
Blog Post

Why the Cloud Market is Booming

Cloud computing and the extended cloud service industry have become mainstream in today’s IT industry

16 November 2021
Tom Conkle
Blog Post

Cybermaturity and Protecting Against Ransomware

Ransomware continues to dominate the headlines in both cybersecurity journals and mainstream media.

15 November 2021
Grad Students
Blog Post

The Latest Trends for Master’s Students In IT and How To Leverage Them

There are many reasons people in the IT industry choose to pursue further education. It could be because of the pursuit of knowledge wanting to get ahead of the trends. Or it could be because of the financial aspect – the promise of a promotion or a higher pay that comes with the master’s degree. 

12 November 2021
Ted Harrington
Blog Post

Challenge Underlying Security Assumptions

Ted Harrington runs Independent Security Evaluators (ISE), the elite security researchers who pioneered car hacking, were first to exploit the iPhone, first to exploit Android OS, pioneered medical device hacking, and run hacking event IoT Village.

11 November 2021
Anna Vladimirova-Kryukova
Blog Post

The Influence of the NIS2 Directive In and Outside of the EU

Recent years have been active for legislators all over the world when it comes to cybersecurity and privacy regulation.

10 November 2021
Julia Kanouse
Blog Post

New Opportunities Await ISACA Members in 2022

With Membership and Certification renewals right around the corner, I wanted to take a moment and preview some of what you have to look forward to in 2022!

8 November 2021
Nikolas Badminton
Blog Post

Planning for Multiple Futures at Once

Nikolas Badminton, a keynote speaker at ISACA’s EVOLVE emerging tech virtual conference, taking place 16-17 November, recently visited with ISACA Now to share his perspective on the business technology landscape.

8 November 2021

Talking to Alan Turing About Artificial Intelligence
Guy Pearce, CGEIT, CDPSE, and Maureen Kotopski
Blog Post

Talking to Alan Turing About Artificial Intelligence

Is it enough that a computer can be called intelligent if it can deceive a human into believing that the computer is human? Maybe not.

5 November 2021
Larry Wlosinski
Blog Post

Understanding the Information System Contingency Plan

There has been increasing discussion around and occurrences of ransomware, a new and very costly cyberthreat (which I discussed in “Ransomware Response, Safeguards and Countermeasures”).

4 November 2021
Tuan Phan
Blog Post

Exploring Blockchain Forensics

In technical terms, blockchain forensics is the use of science and technology to investigate and establish facts in criminal or civil courts of law.

3 November 2021
Sumedha Adavade
Blog Post

Building a Strong Risk Culture in the New Normal

The current times are challenging for many organizations in terms of adjusting their frame of mind to working in a hybrid manner (i.e., from home and in the office), keeping abreast of new guidelines from local regulatory and government authorities and managing operational risk.

2 November 2021
Phil Zongo
Blog Post

Four Levers to Drive a Cyber-savvy Culture

In 1898, The New York Times published a fascinating article, “An Old Swindle Revived,” which lamented the rising number of Americans who were falling victim to a resurgent 30-year-old scam.

29 October 2021
Sunil Bakshi
Blog Post

A Strategy for Tackling ISACA Certification Examinations

ISACA offers several certifications in technology areas related to IT governance, information security, information system audits, privacy, risk management and emerging technologies.

27 October 2021
Serena Zhao
Blog Post

Delivering Company-wide Security through Cross-collaboration

You’ve just been directed by your CISO to create a set of operational security standards. Where do you even begin?

26 October 2021
Avani Desai
Blog Post

Taking Fakeness to New Depths with AI Alterations: The Dangers of Deepfake Videos

Even if you haven’t heard the term before, chances are you’ve come across dozens of deepfake videos online and maybe didn’t know it.

25 October 2021
Larry Alton
Blog Post

Head In The Clouds: Seeing Cloud Security Risks Clearly

Businesses have transitioned huge swaths of their operations to the cloud in recent years, and the messaging around the shift has included at least one key pitch: the cloud is more reliable and more secure than legacy technology.

22 October 2021
Ioannis Routsis
Blog Post

Fascinating Numbers: How COBIT 2019 Helps Set Targets and Measure IT Performance

Since I was a child, I have been good at mathematics and my sister, who is one year older than me, has often taken advantage of this by explaining theories to me in order to do her homework. I did not mind because numbers always fascinated me.

21 October 2021
Angela Hall
Blog Post

Addressing New Operational Resilience Requirements of the EU-DORA Proposal

In 2020, the European Union (EU) published a proposal on digital operational resilience known as EU-DORA. EU-DORA, albeit a proposal only, marks a turning point in EU banking regulation as it introduces wide-ranging new requirements in several areas and combines earlier singular regulatory provisions.

20 October 2021
Volkran Evrin
Blog Post

Qualitative vs. Quantitative Risk Assessment

With the ongoing impact of the COVID-19 pandemic in today’s business ecosystem, the value of decision making by using risk-oriented thinking has emerged more clearly and precisely.

19 October 2021
Bojan Bajic
Blog Post

Key Pointers For a ‘People-First’ Transformation

So much has changed in the past decade of technology. Remember early iPhones, or the first generation of social media platforms just hitting the mainstream?

18 October 2021
Eszter Diana Oroszi
Blog Post

Patching Security Awareness: Human Traits as Vulnerabilities

October is Cybersecurity Awareness Month, a time of year when security awareness improvement actions become especially prominent.

15 October 2021
Augustus Ndamage
Blog Post

How to Prepare for and Pass the CISA Exam on Your First Try

In life, it is very easy to spot a certain model and brand of car if that is what you are yearning to have.

14 October 2021
Kevin Alvero
Blog Post

Business Continuity Planning: Finding a Better Way

Although the details change on a case-by-case basis, a large number of organizations in some parts of the world have begun to reinstate pre-pandemic business operations in some form or another.

13 October 2021
Veronica Rose
Blog Post

Pass the IT Risk Fundamentals Certificate Exam on the First Attempt

To any exam-taker, it is always magnificent after completion of your test to view the screen displaying “You Passed.”

12 October 2021
Vinh Giang
Blog Post

The Power of Goal-Setting and Re-Imagined Communication

Vinh Giang, a keynote speaker at ISACA Conference Europe 2021, recently discussed themes of perspective, empowerment, goal-setting, and positive mindset to encourage others to believe in the possibility of positive change with ISACA Now.

8 October 2021
Paul Frenken
Blog Post

Using Security Terminology Correctly

Every profession has its own language/vocabulary, whether it is the medical profession, lawor information technology.

8 October 2021
Wickey Wang
Blog Post

The Ethics of Artificial Intelligence

Artificial intelligence (AI) is intelligence demonstrated by machines as opposed to the natural intelligence displayed by humans or animals.

7 October 2021
Richard Bailey
Blog Post

Seven Tips for Protecting Your HIPAA Database

Protecting confidential data is a top priority for every industry, but when it comes to the healthcare industry, the regulations and compliance requirements that are in place require stringent data protection measures.

6 October 2021
Jouke Albeda
Blog Post

Understanding Third-Party Management

Outsourcing IT to a platform as a service (PaaS) is incredibly popular with organizations that want to focus on other essential business processes.

5 October 2021
Luigi Sbriz
Blog Post

How Can the Relationship Between Risk, Control and Maturity Create Value?

Sometimes the world of internal control is associated with the color gray—an environment of repetitive, boring and ineffective activities.

4 October 2021
Brian K. Ngac
Blog Post

When Are Virtual Chief Information Security Officers the Right Choice?

Cybersecurity executive management and leadership are a key component to securing an organization’s infrastructure and assets properly.

1 October 2021
Shivvy Jervis
Blog Post

Building the Sustainable Innovations of the Future

Shivvy Jervis, Futurist & Founder of the FutureScape 248 laba, recently visited with the ISACA Now blog to discuss the job landscape of the future, what makes innovations sustainable, her past work with the United Nations and more.

27 September 2021
Aneta Waberska
Blog Post

Five Considerations for Leveraging the Unified Compliance Framework

The compliance landscape is constantly shifting, and companies are often challenged to meet the requirements of multiple regulations and frameworks.

20 September 2021
Angela Hall
Blog Post

CRISC and My Career Path Dedicated to Risk and Controls

Throughout my years working in risk and controls, the two constants that helped propel my career have been demonstrating professional knowledge and enabling opportunities.

15 September 2021
Stephanie Urban
Blog Post

Cloud Auditing 101: How Do I Get Started?

We’re entering what feels like a new era in re-inventing how we once worked. Pre-2020 seems like a lifetime ago, and not only are organizations accelerating their cloud adoption, we as practitioners are re-examining our own careers and skills.

3 September 2021
Wickey Wang
Blog Post

An IT General Controls-Based Audit Approach for Blockchain

From an audit standpoint, there are many different focal points for blockchain. Fortunately, looking at blockchain from the perspective of IT general controls (ITGCs) makes auditing blockchain more manageable and simpler.

30 August 2021
Abdelelah Alzaghloul
Blog Post

Modernizing IT Operations for the Digital Age

The IT discipline has evolved in an unanticipated pace during the last decade, and it is still evolving, forcing both development and operations teams to adapt to this new digital age that is centered around delivering value faster, cheaper and better.

25 August 2021
Chris Dimitriadis
Blog Post

Embracing the Next Step in My ISACA Journey

My introduction to ISACA was simple enough – a friend of mine recommended I pursue the Certified Information Systems Auditor (CISA) certification back in 2003.

23 August 2021
Charisa Orwig
Blog Post

The Non-Human Path to an Effective Insider Threat Program

An insider threat program may seem like something from the Philip K. Dick story “The Minority Report,” where three precognitive individuals (precogs) identify criminals before they commit the crime and the precrime police force arrests the identified criminals to prevent the crime from occurring.

18 August 2021
Sandhya Narayan
Blog Post

Making the Security Conversation More ‘Feature-Driven’

A constantly changing security landscape driven by increasingly persistent threats, growing attack sophistication and tighter compliance requirements keeps both the security and product teams at Adobe busy.

16 August 2021
Ved Prakrash
Blog Post

The Complexity Conundrum: Simplifying Data Security

As technology continues to evolve at an accelerating pace, unprecedented situations like the COVID-19 pandemic have further cemented our digital way of living and doing business. With digitization, there has been massive data proliferation and growth of data repositories.

11 August 2021
Ookeditse Kamau
Blog Post

How IT Auditors Can Avoid Becoming Prey in the Corporate Jungle

“Survival of the fittest,” a phrase first coined by Herbert Spencer after reading Charles Darwin’s On the Origin of Species, describes what may be called the cardinal rule of the jungle. Darwin used it to describe the process of natural selection.

9 August 2021
Avani Desai
Blog Post

Leading a Business and Raising a Family: 5 Ways to Maintain the Balance as a Boss Mom

If you’re a woman—especially if you’re both a working boss and a mom—I bet you can relate to Beyoncé’s hit “Run the World (Girls),” a proud shout-out to female strength and empowerment.

2 August 2021
James Paul Kakembo
Blog Post

Key Considerations in an Era of Remote and Hybrid Workforces

COVID-19 has changed the way we live, think, work and operate in a way that was never envisioned. Many organizations have now embraced the hybrid model, with employees splitting time between in-office and remote work.

30 July 2021
Veronica Rose
Blog Post

Does Your Organization Have a Risk-Aware or Risk-Blame Culture?

In this blog post, I would like to share with you some of the scenarios to recognize if we are instead in blame culture organizations when it comes to risk management.

29 July 2021
Shawn Rhodes
Blog Post

Seeing the Impact of Change in Real Time

Shawn Rhodes, TEDx Speaker and a nationally syndicated columnist, recently visited with ISACA Now to discuss the evolving risk landscape, managing change and more.

28 July 2021
Sandra Ajimotokin
Blog Post

AI Looms as Major Variable on Cyberthreat Landscape

Artificial intelligence is one of those big, scary topics that can incite fear, excitement, or a bit of both. Security professionals such as myself wonder how increased usage of AI and machine learning will help to shape the future state of our work.

27 July 2021
Guy Pearce
Blog Post

Privacy By Design: How Far Have We Come?

One can hardly consider any part of the data value chain today – from data acquisition to data archiving or disposal – without considering privacy.

26 July 2021
Neeraj Benjamin
Blog Post

Is Blockchain the Ultimate Cybersecurity Solution for My Applications?

Blockchain technology can offer important cybersecurity benefits, such as reducing cyberattacks, and it has recently created a lot of hype as a panacea for all the current challenges related to information security.

23 July 2021
Julia Kanouse
Blog Post

New Points of Connection for ISACA's Global Community

Whether it is our chapters collaborating in new ways, the rise of virtual and hybrid conferences, or growing traction on the Engage platform, ISACA’s global community has come even closer together despite the challenges brought on by the pandemic.

22 July 2021
Sunil Bakshi
Blog Post

A Nuanced View of Risk Response

Managing risk is not easy despite it often being considered “common sense” since we do risk assessments all the time in our day-to-day life.

21 July 2021
How IoT Has Changed, and Why It’s Still Considered ‘Emerging Tech’
Blog Post

How IoT Has Changed, and Why It’s Still Considered ‘Emerging Tech’

Even though the IoT originated 15 years ago, organizations in 2021 continue to define IoT as an emerging piece of technology.

20 July 2021
Sushila Nair
Blog Post

Wanted: A Cybersecurity Upton Sinclair

The drumroll of ransomware attacks featured on the evening news, such as the recent Kaseya incident or the Colonial Pipeline incident in the US, has brought the issue further into the public’s awareness.

19 July 2021
Larry Marks

Rethinking Cyberresilience

The National Institute of Standards and Technology (NIST) Special Publication 800-160 has caused organizations to do some rethinking when it comes to cyberresilience and disaster recovery, and what this standard means to existing plans.

15 July 2021
Yotam Ben Ezra
Blog Post

Bridging the Gap Between Security and the Business: A New Approach to Business Risk Quantification

In the security arena, today’s teams have to navigate significant layers of complexity, contending with too many different standards and too many disparate technologies. When we talk about security, we have a lot of buzzwords, catchphrases, and, of course, acronyms, which too often serve to compound the confusion.

14 July 2021
Josh Hamit
Blog Post

What Do CIOs Want from IT Newcomers? Adaptability

How can recent graduates and other newcomers to IT fields make an impression on CIOs and other enterprise technology leaders who are looking to hire? Josh Hamit, vice president and CIO with Altra Federal Credit Union, recently visited with ISACA Now to describe what characteristics he finds most promising in early-career candidates.

13 July 2021
ShanShan Pa
Blog Post

Let Your Data Spark Joy

One day I was having a conversation with my friend Takaya regarding holiday plans during the global pandemic. I figured since there’s nowhere to go, I might just try Marie Kondo’s life-changing magic of tidying up. Plus, the person I was speaking with is also a privacy fanatic like me...

12 July 2021
Anna Johannson
Blog Post

How AI Can Make Your Office More Safe and Secure

It’s hardly news that artificial intelligence has amazing potential to boost organizations’ productivity and workflows

9 July 2021
A (Kind of) Quantitative Approach to Organizational Risk Tolerance
Blog Post

A (Kind of) Quantitative Approach to Organizational Risk Tolerance

At times it seems risk tolerance relates to the famous quote on congressional accomplishments, “When all is said and done, there is a lot more said than done.” This is likely because the term is often used qualitatively. That is, we describe one organization as more or less risk tolerant than another without addressing how much more or less.

8 July 2021
Ravikumar Ramachandran
Blog Post

Architecting COBIT for Governance Success

While I was in the process of implementing the ISO 27001 standard for a mission-critical healthcare system for one of the major health care organizations in India, I became COBIT-certified, and I took the opportunity to use COBIT to ensure compliance not only in an ISO 27001 audit but also in the privacy assessment that the organization was undergoing at the same time, which was conducted by a government agency.

7 July 2021
Larry Alton
Blog Post

Three Ways the IT Department Can Boost Customer Retention

When a business’s decision-makers develop a customer retention strategy, they typically involve certain critical team members such as the marketing director, in these discussions.

2 July 2021
Tuan Phan
Blog Post

Did the FBI Hack Bitcoin? Deconstructing the Colonial Pipeline Ransom

On 7 May, 2021, Colonial Pipeline, a US oil pipeline system, that mainly carries gasoline and jet fuel to the southeastern United States suffered a ransomware cyberattack that impacted the computerized equipment that managed the pipeline.

1 July 2021
Sean Ways
Blog Post

Transformation Goes Beyond Hardware, Software

Technology drives everything that we do at ISACA – whether that is powering members’ pursuit of a career-changing certification, providing an array of flexible virtual learning opportunities, offering support and resources for our global chapters – the list goes on.

30 June 2021
Benjamin Hentschel
Blog Post

Mountain Climbing and the CGEIT Exam: Relishing the Journey

Studying for a certification is not so different from any other endeavor, whether it be professional or personal. One of my hobbies for over a decade has been hiking mountains of all shapes and sizes.

29 June 2021
Ookeditse Kamau
Blog Post

Accounting for Cyber Fraud Risks During Audit Planning

With a changing global economic outlook, there has been a correlated shift in the fraud landscape, and how audit leaders should manage it. An assessment of fraud possibility is a requirement when carrying out an audit engagement, after all.

28 June 2021
Farhan Imitaz
Blog Post

Is Traditional Detection and Response Reliable?

I have been in the security industry and helped customers with their cybersecurity business challenges for the last 15 years; therefore, I have had the opportunity to witness and experience the evolution and modernization of attack vectors, the evolution of advanced tactics and techniques and the expansion of the attack surface.

25 June 2021
Avani Desai
Blog Post

How IOT Opportunities and Risks Will Evolve in a Post-Pandemic Environment

According to the World Economic Forum, the number of connected devices exceeded 50 billion last year.

24 June 2021
Amy Witkowski
Blog Post

Redefining Effective Project Management

As we undergo a digital transformation at ISACA, one key element has been strategic project management.

23 June 2021
Silvana Carpineanu
Blog Post

How Mid-Sized Businesses Can Overcome Cybersecurity Challenges

Growing cybersecurity concerns, combined with regulation and compliance challenges, are a problem for enterprises of all sizes including mid-sized companies.

22 June 2021
Digital-transformation_250
Blog Post

ISACA Talks Digital Transformation

ISACA hosted a LinkedIn Live discussion last week regarding new strategies that are being developed and implemented as part of ISACA’s ongoing digital transformation, and how those efforts will benefit members.

22 June 2021
Gary Carrera
Blog Post

How Cloud-Based Mobile Device Management Supports Remote Working

Years ago, companies managed their devices manually and often using solutions allowing capabilities for device management activities.

21 June 2021
RV Raghu
Blog Post

Rethinking Risk Response in the Digital Enterprise

What does the term risk response, or risk treatment, as it is sometimes colloquially known, suggest (especially the word “treatment”)? If you are like me, treatment probably signifies risk is something that is bad, like a disease, and hence needs to be treated, or worse is like industrial effluent that needs treatment before being released into nature.

18 June 2021
Tom Faraday
Blog Post

Metrics that Matter: Measuring Organizational Performance in a Post-Pandemic World

There’s no question that environmental, social and corporate governance (ESG) is on the minds of almost every board member and C-suite leader, but it has expanded beyond the boardroom and is now also top of mind for investors and consumers. This all happened—or at least was accelerated—as a result of the COVID-19 pandemic.

17 June 2021
Mark Thomas
Blog Post

Leverage COBIT and ITIL for Customer-Centric, Connected and Collaborative Organizations

The information and technology (I&T) industry has operated in a changing environment for decades, but it wasn’t until the recent convergence of many disruptive events that forced us to rethink our governance models.

15 June 2021
Veronica Rose
Blog Post

Practice Healthy Career Hygiene

Just like the way hygiene is comprised of conditions or practices conducive to maintaining health and preventing disease, especially through cleanliness, the practice of career hygiene is no different when it comes to preventing career risk, building career capital and maintaining a healthy career.

14 June 2021
Ron Quaranta
Blog Post

Understanding Blockchain Risks and the Coming Wave of Enterprise Adoption

In collaboration with AICPA & CIMA, ISACA published a joint white paper in April entitled “Blockchain Risk: Considerations for Professionals,” an important work that describes and provides background about specific risks related to blockchain implementation and operation.

11 June 2021
Nader Qaimari
Blog Post

The Case for Stackables in Addressing the Skills Gap

I have written before about how there are fractures in our current education system, globally, and how the skills gap continues to widen as there is misalignment between what students are taught in universities and what companies need and expect.

10 June 2021
Ulf Mattsson
Blog Post

Preserving Privacy With New Technologies

New technologies for data protection can arm innovative enterprises to win in an ever-changing, increasingly competitive digital economy.

9 June 2021
Election Security 2020
Blog Post

Serving ISACA is Baked into My Professional DNA

Many in IT fields fixate on the new technology and tools that are regularly trumpeted to help us keep pace with new challenges. While the allure of technological innovation draws our attention, we often forget that technology must complement the people and processes...

8 June 2021
Nandita Rao
Blog Post

Building a Successful Strategy for the CDPSE Exam

Evolving privacy regulations and technology require companies to implement privacy by design and by default into products.

7 June 2021
Vimal Mani
Blog Post

Cyberresilience: A Critical Cybersecurity Capability

The rapid evolution of cyberthreats leaves the gamut of risk assessment efforts undertaken by organizations inadequate in addressing cybersecurity concerns.

4 June 2021
Sourya Biswas
Blog Post

The Importance of Risk Assessments and Risk-Informed Decision Making

Recently, I wrote about the concept of “just enough security” and mentioned how “striking the balance between too much, not enough, and just enough security is no cakewalk.”

3 June 2021
Sneha Dasgupta
Blog Post

Four Things I’ve Learned as an Early-Career Professional To Help Create Trust

As an early-career professional, I have learned – through experience and an amazing set of mentors – that two of the most crucial qualities that can impact your career opportunities are: Integrity and Credibility.

2 June 2021
Guy Pearce
Blog Post

Beware the Privacy Violations in Artificial Intelligence Applications

It has been proposed that, “Privacy matters to the electorate, and smart business looks at how to use data to find out information while remaining in compliance with regulatory rules.” Since “smart business” also consists of “the electorate” as employees, at least one...

27 May 2021
Paul Phillips
Blog Post

Converting Technology Language to Business Language with Cyberrisk Quantification

Cyber risk is continuously evolving. Companies are dealing with different threat actors and events every day, which is why cyber is the fastest-growing risk for many enterprises, and why cybersecurity ranks among the top priorities for global organizations.

26 May 2021
Tracey Dedrick
Blog Post

Proud to Be Part of ISACA’s Growth and Resilience

First and foremost, it has been my great honor and privilege to serve as Chair of the ISACA Board of Directors. It has been my true pleasure to be surrounded by the sincere dedication of the staff, the board and ISACA members around the world.

25 May 2021
Chris Cooper
Blog Post

Ransomware Defense Calls for Solid Fundamentals, Rigorous Enforcement

Every 11 seconds, an employee will click on a link or open an attachment in a seemingly innocent email and his or her organization will be rapidly infected with ransomware.

24 May 2021
Sizing up the New US Executive Order on Cybersecurity
Blog Post

Sizing up the New US Executive Order on Cybersecurity

For years we have seen standards, regulations and legislation arise in the aftermath of a cyber incident or shifts on the technology landscape.

21 May 2021
Gary Carrera
Blog Post

Best Practices to Implement Secured Cloud Collaboration Tools

According to a recent study published by Gartner Inc., end-user spending on public cloud services could grow 23.1% in 2021, reaching US$332.3 billion compared to $270 billion in 2020.

18 May 2021
Tuan Phan
Blog Post

Hidden Insights from The Pulse: Emerging Technology 2021

In The Pulse: Emerging Technology 2021 report, ISACA sought feedback on specific emerging technology trends, training, and implementations, to identify and establish a baseline of what constitutes an emerging technology, as these definitions can vary from person-to-person or between organizations.

18 May 2021
Tony Luciani
Blog Post

Achieving Continuous Compliance and IT Control Automation

Every organization has to comply with regulations and control frameworks. As assurance professionals, we are often tasked with understanding the compliance requirements, validating the compliance controls’ design, and then testing the control effectiveness.

17 May 2021
Jason Yakencheck
Blog Post

Understand the Cyber Skills Shortage to Get Ahead

Cybersecurity remains a seller’s market. Threats and exploits continue to be more sophisticated and increase in frequency

14 May 2021
Nader Qaimari & David Samuelson
Blog Post

Building the Foundation for ISACA’s New Learning Pathways

Nader Qaimari, Chief Product Officer at ISACA, was interviewed by ISACA CEO David Samuelson on 7 May in a LinkedIn Live discussion on ISACA’s digital transformation and how it is supporting the evolving learning resources for ISACA’s professional community. The following is an excerpt from the conversation.

13 May 2021
Ron Lear
Blog Post

Performance and Compliance – Stop the Level Chase!

Take a maturity level-based compliance framework as a compliance example. The intention and design of these frameworks is that compliance can be boiled down to a single number, e.g. maturity level 3, which theoretically then equates to certain demonstrable performance expectations.

12 May 2021
Neil Harper
Blog Post

Bridging the Digital Divide

Niel Harper is an ISACA Global Achievement Award-winner for “contributions to capacity building across the world towards the development of affordable, open and user-centric Internet infrastructure.” Find out more about Niel’s background and achievements in the Q&A below.

11 May 2021
Guy Pearce
Blog Post

Data Resilience: A Hero’s Journey for Data Professionals

In the archetypal hero journey, once ordinary characters, such as Luke Skywalker, Frodo Baggins, Arya Stark, Katniss Everdeen or even the android, Data, leave what they know to pursue a quest, facing many extraordinary, fantastic and sometimes supernatural predicaments or dilemmas in an unknown world.

10 May 2021
Binita Patel
Blog Post

Fill in Gaps from University Studies for Early Career Success in InfoSec

The world of InfoSec is full of opportunities and challenges, but not everyone is ready to tackle them right out of school.

7 May 2021
Larry Alton
Blog Post

Practical Tips to Get the Right Cybersecurity Insurance for Your Company

Falling victim to a cyberattack isn’t an experience anyone wants to deal with. However, cyberattacks are always a potential threat and cause devastating consequences. Just in the first half of 2020, 36 billion records were exposed in data breaches. The effects of those breaches will be felt for quite some time.

6 May 2021
Avani Desai
Blog Post

How IoT-Specific Knowledge Helps GRC Professionals – And Why It Matters

In a world brimming with more smart devices than people and with a growing percentage of us tethered to the internet, GRC has become far more than an acronym buzzword.

May 5 2021
Jon Brandt
Blog Post

The More Things Change in Cybersecurity, the More They Stay the Same

Amidst a global pandemic that prompted a wide range of governmental response actions and mandates, the cybersecurity industry was largely untouched, as shown by respondent data to ISACA’s State of Cybersecurity 2021: Global Update on Workforce Efforts, Resources and Budgets.

4 May 2021
The Pace of Technology Change Doesn’t Have to Be Overwhelming
Blog Post

The Pace of Technology Change Doesn’t Have to Be Overwhelming

When I started my career in technology, I began by working on SNA networks. Mainframes, Virtual Telecommunications Access Method (VTAM), Synchronous Data Link Control (SDLC), and Token Rings were all things I learned about right away, and just when I got good at them, I was thrown into a land of Transmissions Control Protocol / Internet Protocol (TCP/IP) and multiprotocol networks.

3 May 2021
MD-annual-report-2020
Blog Post

Pandemic Calls for Flexibility, New Approaches

2020 was a year that called for great flexibility. In the face of major unforeseen challenges created by the COVID-19 pandemic, ISACA moved swiftly to ensure it still was serving the needs of its professional community, quickly making remote proctoring available for certification exams and transitioning in-person conferences to virtual events, among many major safety-minded “pivots” brought on by the pandemic.

30 April 2021
LG-benjamin-Witt_Sarah_Wonlanske
Blog Post

Governance and Ethics of Emerging Technology

As organizations explore and adopt emerging technologies, governance is rarely if ever at the forefront of their agendas.

28 April 2021
Sourya Biswas
Blog Post

In the Technology Age, You Can’t Always Trust What You Hear and See

It seems like any mention of technological advancement also can unearth a case of misuse.

27 April 2021
Kyla Guru
Blog Post

Cybersecurity’s Allure for Rising Professionals

Kyla Guru, a Stanford University student and CEO of Bits ’N Bytes Cybersecurity Education, visited with ISACA Now to discuss her passion for cybersecurity and why she considers the field to be a great fit for young professionals.

26 April 2021
Key Considerations for Business Continuity and Disaster Recovery
Blog Post

Key Considerations for Business Continuity and Disaster Recovery

Business success is often couched in terms of growing and maintaining the customer base and launching innovative products.

23 April 2021
Ookeditse Kamau
Blog Post

Reasonable Professional Care for The Next Generation of Women Leaders

As we celebrated International Women’s Day last month under the tagline “Choose to Challenge,” I took time to reflect on my own journey.

22 April 2021
Dustin Brewer
Blog Post

Secure Implementation of Emerging Technology Critical in Evolving Business Landscape

The COVID-19 pandemic changed how we utilize technology on both a personal and business level. Although some of these changes will fade away as we approach the end of the pandemic, there will be permanent effects that will linger indefinitely.

21 April 2021
Melissa Swartz
Blog Post

Creating Community and Connections with ISACA Volunteers

It is my honor to write this blog each April as we celebrate the contributions and connections we have made through the ISACA Volunteer Program.

20 April 2021
George McPherson
Blog Post

How to Prepare for the CISM Exam

Governments around the world are in the midst of the challenging task of pushing out COVID-19 vaccines in a safe, but urgent and calculated manner. Unprecedented leadership is needed to overcome logistical hurdles.

19 April 2021
William Emmanuel Yu
Blog Post

Varying Standards of Censorship and Privacy in the Age of Parler

On 6 January 2021, the US Capitol was stormed. It was subsequently determined that some of the perpetrators of this act, which resulted in loss of life, used the social media platform Parler to coordinate the attack.

16 April 2021
Yoshimasa Masuda
Blog Post

A New Framework to Drive Digital Transformation

Yoshimasa Masuda recently visited with ISACA Now to discuss his Adaptive Integrated Digital Architecture Framework (AIDAF) for digital transformation and innovation and its connections in areas including pandemic response, healthcare and academia.

15 April 2021
Mohit Kalra
Blog Post

Fingerprinting a Security Team

The central security team in a product development organization plays a vital role in implementing a secure product lifecycle process.

14 April 2021
Ronke Oyemade
Blog Post

5G Implementation: Healthcare Costs and Benefits

Normal, day-to-day life has been reshaped by the COVID-19 pandemic for more than a year, greatly impacting the lives of virtually everyone. People were and still are being advised to stay home, isolating themselves from the rest of world to reduce the spread of the virus.

13 April 2021
Genuine Parts Company Case Study
Blog Post

Genuine Parts Builds Improved Cyber Maturity with ISACA’s CMMI® Cybermaturity Platform

Genuine Parts Company determined that its initial cyber maturity assessment needed to create a baseline against a common framework that aligns with NIST CSF and the ISO 27001 controls.

9 April 2021
David Samuelson
Blog Post

Incoming ISACA Board Features Experienced Leaders, Diverse Backgrounds

Diversity is one of ISACA’s great strengths, and it comes in so many forms. Because of our global scope – ISACA has a presence in 188 countries and more than 220 chapters worldwide – our geographic diversity may be most obvious, enabling ISACA members to network and learn from colleagues from many cultures and backgrounds.

7 April 2021
Thomas Tyler
Blog Post

Managing a Remote Team Securely and Effectively

More than a year after the start of the COVID-19 pandemic, organizations across the world are still adjusting to this unprecedented event.

7 April 2021
Aina Rao
Blog Post

Shorting Third-Party Security

Last night, I watched a movie named “The Big Short.” While it was a complete dramatization of events that led to the financial market collapse of 2008, it seemed too good to be fiction.

7 April 2021
MDDAP
Blog Post

Driving Sustainable Improvement for Medical Device Quality

Medical device manufacturers seeking to better understand, measure and improve their capabilities have a new avenue to do so.

5 April 2021
Sam Meenasianv
Blog Post

So, You Read Cybersecurity Predictions For 2021: What’s Next?

By now, it’s not the cybersecurity predictions for 2021 that matter – it’s what you do with them.

2 April 2021
Minaz Khan
Blog Post

A Four-Step Approach to Adopting a Privacy Framework

Organizations with mature privacy programs are reaping more benefits than average and are finding it easier to comply with new privacy regulations, according to Cisco’s 2021 Privacy Benchmark Study.

1 April 2021
Fabiola Amedo
Blog Post

How to Overcome Obstacles on Your Path to Certification

“It ain’t about how hard you can hit, it’s about how hard you can get hit and keep moving forward; how much you can take and keep moving forward. That’s how winning is done.”

29 March 2021
Ron Lear
Blog Post

Capability is King and Performance is Paramount

Being a musician myself (jazz and classical bass trombonist), I was thinking about how playing music well during a concert is VERY similar to developing new software or system or service.

26 March 2021
Michael Argast
Blog Post

Selecting, Building, Landing and Growing Your Cybersecurity Career

I’ve been fortunate to work in a wide diversity of cybersecurity roles over my two decades in the field – from operations, services, consulting, vendors, managed service providers (MSPs) and more. I’ve hired hundreds of professionals from senior, experienced leaders to green new recruits.

24 March 2021
Sebastian Terry
Blog Post

Creating a Values-Driven, Balanced Life and Career

Sebastian Terry, an author, TV host and founder of the 100 Things philanthropic movement, recently visited with ISACA Now to discuss his approach to goal-setting and life balance.

23 March 2021
A cloud with a blue computer background
Blog Post

Overcoming Cloud Hurdles Through Effective Audits

Remote access, increased collaboration capabilities, automatic software updates, potential for cost savings – organizations increasingly are drawn to these and other major benefits of leveraging cloud services

22 March 2021
Rebecca Herold
Blog Post

Best Practices for Data Hygiene

Data hygiene consists of actions that organizations can, and should, take as a matter of following not only compliance requirements, but also as part of basic risk management program practices. Consistent, risk-specific data hygiene practices supports not only...

19 March 2021
Sourya Biswas
Blog Post

Why Executive-Focused Security Awareness Training is Important

Willie Sutton was a bank robber in the early 1900s, and a quite successful one at that. Over a long and less-than-illustrious-but-more-than-successful career, he amassed over US$2 million. Even without considering inflation, that’s a serious chunk of change.

18 March 2021
Tony Luciani
Blog Post

Four Steps to Achieve SOC 2 Compliance

SOC 2 compliance is stressful for many organizations, but achieving continuous compliance while lowering the annual frustration is within your reach.

17 March 2021
Ed Moyle
Blog Post

What Next? Near- and Long-Term Actions Following Microsoft Exchange Hack

By now, you’ve almost certainly heard about the serious and ongoing attacks being conducted against on-premise Microsoft Exchange Server implementations.

16 March 2021
Nader Qaimari
Blog Post

New ITCA Credential Aims to Fill Urgent Skills Gap for IT Candidates, Employers

We consistently hear about the shortage of cybersecurity professionals, often mentioned in the same sentence discussing the growing threat of data breaches and malware attacks.

15 March 2021
Muneeb Imran Shaikh
Blog Post

How the CISO Can Build Support from Senior Management

Trust is the cornerstone of any relationship, and it is built and nurtured progressively based on many factors.

12 March 2021
Brennan Baybeck
Blog Post

How to Thrive as a CISO: Award-Winner Brennan P. Baybeck Shares His Perspective

Brennan P. Baybeck, CISA, CISM, CRISC, CISSP, recently was named 2021 CISO of the Year in the APEX Awards, hosted by the Colorado Technology Association. Baybeck, VP & CISO for Customer Services at Oracle Corporation, was ISACA’s 2019-2020 board chair and remains an ISACA board director.

11 March 2021
Patrick Offor
Blog Post

Understanding the Link Between the Need Signal and Information Privacy Equipoise

One thing that became clear when writing an article on need signal is that we are just scratching the surface in our understanding of information privacy, both practically and from a scholarly standpoint.

11 March 2021
Babur Kohy
Blog Post

Contemplating the Dark Web and Secure Human Behaviors

Technological advances have made the job of information system auditors, risk managers and governance and security professionals difficult.

10 March 2021
Mirna Boheiri
Blog Post

CISA-Certified Professionals Are More Needed Than Ever: How I Prepared to Join the Club

The COVID-19 pandemic is revealing just how important it is for all businesses to have a robust and efficient information technology infrastructure.

9 March 2021
Celebrating the Women
Blog Post

Celebrating the Women in our Global Network of Engaged Members

In honor of International Women’s Day, the ISACA Now Blog asked women who are helping elevate the profession about their volunteer roles with ISACA and their advice about getting involved.

8 March 2021
Caitlin McGaw
Blog Post

IT Audit is ‘Boring’? Time to Fix the Perception Problem

I was recently on a social media site where professionals join a career topic discussion group and ask questions. Someone asked: What job is boring? The very first answer: “IT audit.”

4 March 2021
Avoiding the Post-Quantum Cyber Apocalypse
Blog Post

Avoiding the Post-Quantum Cyber Apocalypse

Today, the comfort of our modern living is driven by advances in information technology: think of the mobile banking apps on your phones, the proliferation of blockchain technologies, and the various electronic sensors and components that are powering your home appliances, cars and the electricity grid, hospitals, and the list goes on.

3 March 2021
Sonja Jovanovic
Blog Post

HR and Cybersecurity: Supporting Each Other in Challenging Times

Cybersecurity was not on the top of the agenda for many Human Resources professionals in early 2020.

2 March 2021
Michelle Poler
Blog Post

Become Inspired, Not Intimidated, by Technology

Michelle Poler, a creative and passionate social entrepreneur, fear-facer, and branding strategist, will be the closing keynote speaker at the ISACA Conference North America 2021, a virtual event to take place 4-6 May.

1 March 2021
Reviewing Digital Transformation Practices
Blog Post

Reviewing Digital Transformation Practices

Competitive pressures, new markets and new digital technologies are the main drivers of digital transformation.

26 February 2021
David Foote
Blog Post

How the Pandemic Has Boosted Some Tech Skills and Certifications

With the annus horribilus of 2020 now behind us, have tech certifications been affected by all the sturm und drang brought on by the double whammy of a pandemic and economic recession? The answer may surprise you.

24 February 2021
Ookeditse Kamau
Blog Post

Being a Reasonable IT Auditor During the Pandemic

Recently I have had a number of people asking me, “How are you conducting your audits with the onset of the COVID pandemic?”

23 February 2021
Maria Gregorio
Blog Post

Best Practices to Manage Risks in the Cloud

The growth in cloud computing has been exponential. Forrester predicted that the global public cloud infrastructure will grow 35% to US$120 billion in 2021. COVID-19 has served to accelerate this trend further

22 February 2021
Prithvi Bisht
Blog Post

Creatively Scaling Application Security Coverage and Depth

One of the biggest challenges and opportunities for an Application Security (AppSec) team is to scale effectively.

18 February 2021
Neil Lappage
Blog Post

Baselining Cybersecurity Skills for All IT Professionals

In the era of modern IT, it is becoming increasingly important for IT professionals to have a base-line contemporary cybersecurity skillset.

17 February 2021
Sudeep Subramanian
Blog Post

Rethinking Information Security Awareness Strategies

In 2000, it was predicted that semantic attacks that target humans and use the vulnerability in information processing capabilities of humans would be the primary attack vector of cybercriminals.

17 February 2021
Melissa Swartz
Blog Post

Congratulations to the Exceptional 2021 ISACA Award Recipients

ISACA values the contributions of our members and professionals across our industry and recognizes outstanding achievements annually through the ISACA Awards Program. Join us in celebrating the 2021 ISACA Award Recipients!

16 February 2021
Leroy Chiao
Blog Post

Freedom to Fail – and Innovate

Leroy Chiao recently visited with ISACA Now to discuss lessons he took from his time as an astronaut, his observations on the latest technology trends and more.

12 February 2021
Ronke Oyemade
Blog Post

The COVID-19 Pandemic, Digital Security and 5G Security Architecture

Normal day-to-day life was brought to a halt by the COVID-19 pandemic, which greatly impacted the lives of virtually all people worldwide in unprecedented fashion.

10 February 2021
Muhammad Mushfiqur Rahman
Blog Post

Essential Cybersecurity Components: Continuous Monitoring, Human Intelligence and Commitment

Continuous monitoring is essential in the cybersecurity ecosystem of an organization. Proper design, implementation and continuous monitoring provide just-in-time reflection of users, devices, networks, data, workloads activities and status in the organization’s infrastructure.

9 February 2021
Ryan Kelch
Blog Post

When the Mundane Becomes the Target

Cloud security in 2020 was upended from previous years – to say the least. The COVID-19 pandemic fundamentally altered human behavior, and those changes directly impacted the tech industry.

4 February 2021
Sundaresan Ramaseshan
Blog Post

Disciplined IT Hygiene During Organizational Change

Everyone knows that IT and its evolution is an undisputable partner in any organization. IT teams no longer play a supporting role.

3 February 2021
Joanna Grama
Blog Post

When to Assess Security and Privacy During the Procurement Process

Many organizations are concerned about security, privacy and vendor management for information technology (IT) services and applications, and rightly so.

2 February 2021
Sourya Biswas
Blog Post

Security in the Cloud: Not Somebody Else’s Problem

Unless you’ve been living under the proverbial rock, you likely are aware of the Capital One breach in 2019 that leaked confidential information from more than 100 million credit applications stored in the Amazon Web Services (AWS) cloud.

29 January 2021
Victor Gamra
Blog Post

How to Identify Vulnerable Third-Party Software

The year 2020 will be reflected in history as a year of many surprises. In hindsight, one trend that, though not a surprise, rattled unexpecting companies, was the explosive occurrence of cybersecurity breaches via third-party software.

28 January 2021
Nadia Bizzarri
Blog Post

Cyber Insurance for a Changing Landscape

In 2020, we adjusted to a global pandemic. Many businesses were not prepared to face this new reality but were forced to respond quickly to ensure their operations continued.

26 January 2021
Hafiz Sheikh Adnan Ahmed
Blog Post

Privacy in Practice 2021: Data Privacy Trends, Forecasts and Challenges

Data privacy, privacy management, digital privacy, data protection – the list goes on when it comes to data privacy and protection imperatives. The phrase “Data is the new oil” was coined considering the growing importance of personal and organizational data.

26 January 2021
Solving Your Most Frequently Asked Questions
Blog Post

Solving your Most Frequently Asked Questions

In late 2020 and early 2021, ISACA received more inquiries from members and customers than ever before, with unprecedented demand for certifications, including the CDPSE early adoption program.

25 January 2021
Sandy Silk
Blog Post

When IT is Your Profession, Life-long Learning Beyond Academia is Your Devotion

When you begin a new role or join a new employer, specific existing skills and experience secured the opportunity for you.

25 January 2021
Anna Johannson
Blog Post

Setting the Record Straight on 5 Cloud Security Myths

When it comes to cybersecurity in today’s digital landscape, the cloud is one of the most misunderstood elements.

22 January 2021
Jacob Young
Blog Post

Azure DevOps: Access, Roles and Permissions

As IT auditors, we are well aware that the change management process is a critical component of IT controls testing in risk-based and compliance audits.

21 January 2021
Robert Putrus
Blog Post

Cybersecurity and the Board of Directors

A key initiative that enterprises should not overlook is the need for IT teams to bridge the gap between the chief information security officers (CISOs) and their organization’s board of directors (BoD).

20 January 2021
Larry Alton
Blog Post

Eight Benefits of Seeking a Career in IT

Information technology (IT) is a field that can open up many different career paths. In IT, you could be responsible for installing and configuring hardware, managing third-party software, providing training and support to employees, auditing security systems, or possibly writing custom software.

15 January 2020
Princess Ngozi Uche Ucheoption
Blog Post

Princess Ngozi Uche: A CSX-P Pioneer

Princess Ngozi Uche, the first CSX Cybersecurity Practitioner Certification (CSX-P) credential-holder in Nigeria, has a pioneering spirit, as further evidenced by her work to help initiate an ISACA chapter in Port Harcourt.

14 January 2021
Josh Hamit
Blog Post

Accelerating to the Cloud, Responsibly

Coming out of 2020, most organizations are probably pivoting from digital transformation to digital acceleration. In only a matter of weeks, the world witnessed unprecedented adoption of digital technology that will shape consumer behaviors and business operations for years to come.

13 January 2021
David Samuelson
Blog Post

Building on the Lessons from 2020

As we begin a new year, I think it’s safe to say that many of us are ready to leave 2020 in the rearview mirror.

11 January 2021
Philip Casesa
Blog Post

Four Ways to Change the Cybersecurity Hiring Process

A few years ago, I was an IT director on the hunt for new IT talent. I went the traditional route, posting jobs, reviewing resumes and holding interviews

8 January 2021
Muhammad Mushfiqur Rahman
Blog Post

Threat Hunting and Cyberrisk Assessment Using Cyber Kill Chain

Virtually every organization needs to provide digital services to its clients. However, digitization creates enormous threats for an organization, its customers and its employees.

7 January 20201
Abdelelah Alzaghloul
Blog Post

Leveraging Marketing to Overcome the Cybersecurity Workforce Shortage

Organizations around the globe are struggling to overcome the challenge of the cybersecurity workforce shortage, and filling this gap has become a top priority as cyberthreats continue to grow.

6 January 2021
Emerging Tech
Blog Post

Five Security and Emerging Tech Insights for 2021

As we begin 2021, ISACA experts are weighing in with anticipated major trends in the worlds of cybersecurity and emerging technology that they expect to gain traction in the new year.

5 January 2021
The Rise of Fintech: Managing and Controlling your Money
Blog Post

The Rise of Fintech: Managing and Controlling your Money

Every now and then, I travel across the world of emergent technologies. My passport has been stamped so many times for my visits to the wonderland of IoT, cloud computing, virtual networking, containers, microservices, cybersecurity, virtual machines...

30 December 2020
Niral Sutaria

Artificial Intelligence Regulations Gaining Traction

Not long ago, complex artificial intelligence (AI) systems involving deep learning were mainly just theories. There were very few practical use cases. Today, many organizations are using AI to make their processes more efficient. AI has gained traction much faster than other emerging technologies.

29 December 2020
Looking to the Accelerated Digital World of 2021
Blog Post

Looking to the Accelerated Digital World of 2021

“There are decades where nothing happens; and there are weeks where decades happen.” True to this quote by Lenin and as articulated by Fareed Zakaria in his book, Ten Lessons for a Post-Pandemic World...

23 December 2020
Information security
Blog Post

IT Audit Technology Risk: Knowns and Unknowns

Knowns and unknowns. In a game of word association, some may think of the US National Aeronautics and Space Administration (NASA). It was an associate administrator from NASA’s Office of Safety and Mission Assurance who heightened awareness of known/unknown risks in a 2003 presentation on safety and mission success.

21 December 2020
Let’s Apply APT Lessons From SolarWinds Hack
Blog Post

Let’s Apply APT Lessons From SolarWinds Hack

Well, my cyber and information security friends, it’s that time again. We’re starting to get asked questions about what we do by more than just our immediate supervisors. We get comments such as “I bet you’re busy this week” and “Should I change my password on my account?”

21 December 2020
Anna Johannson
Blog Post

5 GDPR Compliance Tips for Businesses That Are Still Lagging Behind

We’re more than two years removed from the introduction of the General Data Protection Regulation (GDPR) into EU law.

18 December 2020
ISACA Community Shows Off Its Diverse Talents in 2020 #IamISACA Stories
Blog Post

ISACA Community Shows Off Its Diverse Talents in 2020 #IamISACA Stories

Beginning in April, our #IamISACA series has told the stories of the accomplished, volunteer-minded and multitalented people who make up the ISACA community. We hope you have enjoyed reading and viewing these stories as much as we have enjoyed sharing them...

17 December 2020
Eight Future Privacy Governance Imperatives That Boards Have a Duty to Perform
Blog Post

Eight Future Privacy Governance Imperatives That Boards Have a Duty to Perform

Surveys show that most people still feel they should have more control over their data and are uncomfortable with the sale of their data to third parties, implying that some privacy regulations are failing to effectively protect the privacy of their citizens.

16 December 2020
Organizational Culture: Friend or Foe in 2020?
Blog Post

Organizational Culture: Friend or Foe in 2020?

2020 has either been a year of reviews or a year of forward reflections depending on what dominated your outlook.

15 December 2020
Tuan Phan
Blog Post

A Foundational Path for Blockchain Implementation

Twelve years after its birth, blockchain technology has now become mainstream. Its market adoption can be attributed to the industry and blockchain enthusiasts who pushed for new regulations.

14 December 2020
How to Involve Senior Management in the Information Security Governance Process
Blog Post

How to Involve Senior Management in the Information Security Governance Process

Chief information security officers (CISOs) and security specialists often complain about the disinterest of senior management in information security.

10 December 2020
Paul Phillips
Blog Post

Assessing Risk in a Pandemic

To effectively assess risk in a pandemic, leaders need to focus on the risk at hand, the associated right metrics, and evaluate all elements of risk: impact, likelihood and velocity.

9 December 2020
Navigating the New Hiring Landscape
Blog Post

Navigating the New Hiring Landscape

Daisy Jardine-Viner, a cybersecurity recruitment specialist for NDK Infosec, recently shared her expertise on pandemic-impacted industry hiring trends at ISACA’s EuroCACS conference, hitting on topics including Zoom interview best practices, how the pandemic has altered hiring and what skills and credentials can best position candidates for success in this new climate.

8 December 2020
Anna Johannson
Blog Post

How Smart Technology Helps Fintech Companies Succeed

Smart technology has evolved at a rapid pace. In the beginning, smart tech reached consumers in the form of smart household appliances like thermostats, security systems and refrigerators.

7 December 2020
Sizing Up the Impact of COVID-19 and Remote Work on IT Auditors
Blog Post

Sizing Up the Impact of COVID-19 and Remote Work on IT Auditors

The year 2020 will go down in the history books as one of the most trying years in modern world history. The COVID-19 pandemic has tested nearly every nation, government, business and individual in many unforeseen ways that heavily impact daily life, with additional consequences and impacts likely into the future.

3 December 2020
#IamISACA: Weekend Studies for Weekday Successes
Blog Post

#IamISACA: Weekend Studies for Weekday Successes

As a security professional, I am used to new vulnerabilities and threats materializing every day, creating unforeseen challenges and a huge learning scope. It can be difficult, but that is what drew me to the profession in the first place.

2 December 2020
Security and Compliance: What to Expect in 2021
Blog Post

Security and Compliance: What to Expect in 2021

There is little doubt that 2020 has been one of the most challenging years many security professionals have encountered.

2 December 2020
Security Awareness as a Corporate Asset
Blog Post

Security Awareness as a Corporate Asset

A recent blog post about culture as a corporate asset discussed the importance of a healthy culture in an organization.

1 December 2020
Why Cybersecurity Is a MUST not a SHOULD
Blog Post

Why Cybersecurity Is a MUST not a SHOULD

There is no doubt that security is now a recognized need within and across organizations. This reflects the acceptance of how an organization’s behavior is dependent on shared beliefs, values, and actions of its employees, which includes their attitudes towards cybersecurity.

30 November 2020
#IamISACA: My New and Unexpected Adventure
Blog Post

#IamISACA: My New and Unexpected Adventure

I spent nearly four months this year shopping for complete strangers, thousands of miles from my home, navigating completely different food and culture than I am used to, all while attempting to build a new life in the midst of a global pandemic.

25 November 2020
Simplifying the Transition to Quantum-Safe Security with Crypto Agility
Blog Post

Simplifying the Transition to Quantum-Safe Security with Crypto Agility

The quantum computing threat to public-key encryption is enormous. Large-scale quantum computers are on the not-too-distant horizon.

24 November 2020
Security by Design: Are We at a Tipping Point?
Blog Post

Security by Design: Are We at a Tipping Point?

The much-publicized Target breach of 2013—where 70 million customers lost their personal data, 40 million credit and debit card details were stolen, more than US$250 million was spent to manage the breach and the chief executive officer (CEO) and chief information officer (CIO) were replaced—does not even place among the top 15 breaches of this century.

20 November 2020
Ivana Bartolett
Blog Post

How the Concept of Privacy is Shifting

Ivana Bartoletti, a privacy and digital ethics expert recently visited with ISACA Now to share her perspective on major trends in privacy, digital ethics, AI and more.

19 November 2020
Enterprise Security Morphing and Evolving Into Security Intelligence
Blog Post

Enterprise Security Morphing and Evolving Into Security Intelligence

The ongoing global crisis brought about by the COVID-19 pandemic has caused a huge shift in society and how we conduct our daily lives.

18 November 2020
#IamISACA: CISM Connects the Dots in My Professional Development
Blog Post

#IamISACA: CISM Connects the Dots in My Professional Development

At the beginning of my career, I was partly lucky, but later on also quite selective in deciding to work for organizations and bosses that embraced empowerment and supported individual development of their people, as I myself was always a strong advocate of servant leadership and continuous education.

18 November 2020
Deepa Seshadri
Blog Post

Approaching Risk Management in the New Normal

As we approach the end of 2020, it has become clear that the COVID-19 pandemic is not a passing storm or something that we can wait out before returning to a familiar business routine; it is the new normal.

16 November 2020
Securing the IoT Landscape of Tomorrow
Blog Post

Securing the IoT Landscape of Tomorrow

Security consultants and practitioners have insight into how organizations of various sizes, across both the public and private sectors, are preparing for Internet of Things (IoT) deployments during this unusual pandemic year.

13 November 2020
Raising the Bar Beyond Privacy Compliance
Blog Post

Raising the Bar Beyond Privacy Compliance

In the context of privacy by default, privacy compliance is not nearly enough.

12 November 2020
#IamISACA: I Love What I Do
Blog Post

#IamISACA: I Love What I Do

Doing your job well with knowledge and commitment requires you to love what you do. I started my career almost 19 years ago, but information security as a profession came into my life 10 years ago.

11 November 2020
Change Is Good
Blog Post

Change Is Good

Shortly after its launch in 2014, I bought a Microsoft Surface Pro 3. If you studied for the Certified Information Systems Auditor (CISA) exam using the review manual or online review course, studied for the Certified in Risk and Information Systems Control (CRISC) exam using the online review course, took the Certified in the Governance of Enterprise IT (CGEIT) exam or read an “IS Audit Basics” column anytime since 2016, you likely read words penned on that computer.

10 November 2020
Working from Home with Remote Video Technology Audit and assurance
Blog Post

Working from Home with Remote Video Technology

Working from home has gone from being a luxury to a necessity because of the COVID-19 pandemic. Usually, we talk about disrupting technology, but this time, we have an external non-controllable factor that is causing the disruption.

9 November 2020
One Year In: Tech Update From ISACA’s CTO
Blog Post

One Year In: Tech Update From ISACA’s CTO

Just over one year ago, I came on board as ISACA’s first chief technology officer. I knew I had an exciting challenge in front of me. ISACA members are extremely sophisticated technology professionals, and I needed to make your experience with us elegant, quick and on your terms.

6 November 2020
Alex Holden
Blog Post

Battling Ransomware: US Hospitals Under Fire

In 2010, I moved away from the financial industry into the world of cybersecurity consulting. My first consulting project was within the healthcare industry, and so was my next big project, and hundreds of projects in which I have participated since.

5 November 2020
Don’t Just Fight Privacy Fires: Plan Ahead to Prevent Them
Blog Post

Don’t Just Fight Privacy Fires: Plan Ahead to Prevent Them

As privacy concerns continue to increase, most of us spend our days fighting fires. With more privacy regulations continuing to be released, it’s difficult to understand the key differences and know what is most important.

3 November 2020
#IamISACA: Diagnosing the Need for a Career Change
Blog Post

#IamISACA: Diagnosing the Need for a Career Change

Just a few short years ago, having completed my bachelor’s degree in physiotherapy, I was on track to become a doctor in the lake city of Udaipur, India, where I am from. But by the time I completed my doctorate, I realized that something was missing in my career and my life.

3 November 2020
Successful Second Annual CommunITy Day Changes the World!
Blog Post

Successful Second Annual CommunITy Day Changes the World!

A global pandemic did not stop the dedicated and passionate ISACA members, staff and their families around the world from giving back to their local communities on ISACA’s second annual CommunITy Day

2 November 2020
Keeping Up with Change with Agile
Blog Post

Keeping Up with Change with Agile

The phrase “the only constant is change” rings true for every single one of the organizations I have been a part of.

30 October 2020
The 8 Most Common Cybersecurity Weaknesses to Watch for in Small Businesses
Blog Post

The 8 Most Common Cybersecurity Weaknesses to Watch for in Small Businesses

As a cybersecurity expert, you know that all it takes is a single weakness, or a single vulnerability to compromise the integrity of a business.

29 October 2020
#IamISACA: Curious About the Cloud and Addicted to Hockey
Blog Post

#IamISACA: Curious About the Cloud and Addicted to Hockey

It’s hard to believe I have been working in the financial services industry for 20 years. My primary focus over the last 12 years has been building enterprise, operational, and IT risk management programs from the ground up, including enablement of audit readiness.

28 October 2020
#IamISACA: Respecting Technology’s Power – and Its Limits
Blog Post

#IamISACA: Respecting Technology’s Power – and Its Limits

I’m currently working as the Head of Internal Audit at SAVE, the company managing the airport of the most beautiful city in the world, with an astonishing history of self-government and leadership in commercial, cultural and diplomatic relationships...

28 October 2020
Implementing the Right to be Forgotten When the Internet Never Forgets
Blog Post

Implementing the Right to be Forgotten When the Internet Never Forgets

The internet never forgets, or so the adage goes. But what started off as a catchy saying or something that might be relevant to a technology subculture has evolved into a global reality, especially with dropping storage costs, access to cheap internet and, more importantly, the propensity of the human race to share data willy-nilly.

28 October 2020
Anna Johannson
Blog Post

How Law Firms Can Avoid Cybersecurity Fiascos

With each passing month, we’re seeing steep increases in the number of cyberattacks waged against businesses, particularly small businesses.

27 October 2020
Cloud Native Security: A Blue Ocean
Blog Post

Cloud Native Security: A Blue Ocean

Digital transformation is driving massive workloads across to the cloud as organizations move beyond a traditional brick and mortar model. Cloud provides the flexibility to execute at speed, time to market and embrace change in the digital landscape.

23 October 2020
Why Build a Cybersecurity Culture?
Blog Post

Why Build a Cybersecurity Culture?

One of the best ways for an organization to reduce cyber risk is to build a culture of cybersecurity. This entails creating a mindset in employees that the risk is real and their daily actions impact that risk.

22 October 2020
#IamISACA: Activating My Spirit of Ubuntu
Blog Post

#IamISACA: Activating My Spirit of Ubuntu

My friends often ask why I am so passionate about volunteering. Answering this question requires me to look back over my life’s experiences. In the quest to find my purpose, I found great wisdom in Mahatma Gandhi‘s words, with one of my favorite sayings being, “The best way to find yourself is to lose yourself in the service of others.”

21 October 2020
#IamISACA: My Endless Journey in IT
Blog Post

#IamISACA: My Endless Journey in IT

In the early 2000s, studying Computer Science and Engineering was a hotcake field; everyone wanted to study it in Bangladesh. Only those who are truly passionate about IT stayed on this journey, and the rest left. Fortunately, I am one of those who has continued.

21 October 2020
Key Considerations for Robotic Process Automation
Blog Post

Key Considerations for Robotic Process Automation

Robotic Process Automation (RPA) is a modern trend in which a typically simple (i.e., requiring no real intelligence) sequence, that up until now involved a human operator, is replaced with a virtual robot.

20 October 2020
Valerie Lyons
Blog Post

Mind the Gap: Bridging the Divide Between Digital Ethics and Privacy

When Gartner highlighted “digital ethics and privacy” as one of its top 10 strategic technology trends for 2019, it noted that “any discussion on privacy must be grounded in the broader topic of digital ethics and the trust of consumers, constituents and employees.”

19 October 2020
Adam Kohnke
Blog Post

Auditing with Microsoft Azure

Writing about Azure audit and its associated audit program is a logical follow-up to a previous ISACA Journal article I wrote on auditing Amazon web services (AWS).

16 October 2020
Chloe Haywood
Blog Post

Cybersecurity Hiring Trends Now and in a Post-Pandemic World

There’s no doubt the coronavirus will permanently change the world we live in. For most of us, the past seven months have been a bumpy ride. Demonstrating adaptability (combined with a big dose of resilience) will be key to keeping the wheels turning career-wise in 2021.

15 October 2020
#IamISACA: Learning My Way to a New Career Path
Blog Post

#IamISACA: Learning My Way to a New Career Path

I was approached by my company a few years back with an opportunity to build a cybersecurity program. At the time, I was working in our internal audit department and cybersecurity risk was a rising and prominent concern for our company.

14 October 2020
Dustin Brewer
Blog Post

Adapting to Emerging Technology

A pentester, security operations center (SOC) analyst, IT auditor, risk analyst and system administrator walk into a bar.

13 October 2020
How COVID-19 Is Changing Risk Management
Blog Post

How COVID-19 Is Changing Risk Management

One of the most visible results of the COVID-19 pandemic is the transition from traditional office-based work to remote work-from-home (WFH) arrangements for global enterprises.

9 October 2020
Cloud Security Breaches: Who is Ultimately Responsible?
Blog Post

Cloud Security Breaches: Who is Ultimately Responsible?

Cloud security breaches consistently make news headlines. Yet, the stories of these breaches are often framed with vague explanations — a “misconfigured database” or mismanagement by an unnamed “third party.”

8 October 2020
#IamISACA: Calligraphy is My Meditation
Blog Post

#IamISACA: Calligraphy is My Meditation

Starting my career in information security and privacy compliance roles has made for a fascinating journey. I am currently working in the fintech sector, which is a relatively young sector in the digital economy. I am learning disruptive technologies first-hand and also learning about start-up culture.

7 October 2020
Prioritizing People Perils During a Pandemic Prioritizing people
Blog Post

Prioritizing People Perils During a Pandemic

With the COVID-19 pandemic continuing to plague the world, it goes without saying that as technology and transformational program leaders, we should be managing our “people” risk a lot closer.

6 October 2020
Rajul Kambli
Blog Post

Governance for Effective Digital Transformation

Many successful organizations have been transforming their processes to adapt to the changing environment.

2 October 2020
Embedding Security in the Agile Product Development
Blog Post

Embedding Security in the Agile Product Development

Outline security requirements at the beginning of the project, review the design to check if the requirements have been incorporated and perform security testing before go-live. If this sounds familiar, it should.

1 October 2020
Empathy and Flexibility Can Help Us Navigate a Chaotic 2020
Blog Post

Empathy and Flexibility Can Help Us Navigate a Chaotic 2020

Oof. What a year. 2020 has certainly been a year of contradictions. In some ways, it is a year that has trudged along at a glacial pace.

30 September 2020
#IamISACA: Bringing ISACA Closer to Home
Blog Post

#IamISACA: Bringing ISACA Closer to Home

In 2009, I was certified as a CISA and became an ISACA member, joining the Lagos Chapter in the west region of Nigeria. Five years after, I relocated to Port Harcourt in the south of Nigeria. At the time, there was no nearby ISACA chapter.

30 September 2020
IT Audits: Running to Stand Still
Blog Post

IT Audits: Running to Stand Still

The work life of an IT auditor can be a thankless one. As the IT department becomes busier, it is increasingly difficult to get IT audit reports over the line. When they are completed, what is the reward?

29 September 2020
Pursuing a Multicloud Security Strategy
Blog Post

Pursuing a Multicloud Security Strategy

If your organization is like most, you know that cloud is here to stay. Even if your organization is new to cloud, as a security practitioner, you know that it’s not a matter of “if” but “when” key business processes will find themselves becoming increasingly more dependent on externally-hosted services and cloud technologies.

28 September 2020
Make Security Awareness an Experience
Blog Post

Make Security Awareness an Experience

In a lot of countries, October is ”Cybersecurity Month,” and organizations like to time their security awareness programs around this period. As we approach October, it is important to start thinking about security awareness training and how best to engage employees.

25 September 2020
Jason Kang
Blog Post

CGEIT Preparation Tips and the Timelessness of Good Governance

My preparation for the CGEIT certification exam took about five months of self-study, deep-dive research on the weekends and answering practice questions.

24 September 2020
Ookeditse Kamau
Blog Post

Building a Privacy Focus Area Using COBIT and the NIST Privacy Framework

As ICT professionals we are overwhelmed with quite a number of frameworks, but it is the nature of the specialization in the field that prompts the need for them.

23 September 2020
#IamISACA: Uplifting Others: The Measure of My Life
Blog Post

#IamISACA: Uplifting Others: The Measure of My Life

The life of a human being should be measured and valued by what it does for others. That is what my parents taught me.

23 September 2020
The Blurred Lines of Information Privacy Attitudes in the COVID-19 Era
Blog Post

The Blurred Lines of Information Privacy Attitudes in the COVID-19 Era

The paradox and the naked reality is that people are simultaneously needing to protect their personal information by not participating in online transactions, while also needing to participate in online transactions to obtain goods or services...

22 September 2020
‘No Other Option’ Than Ethical Hacking
Blog Post

‘No Other Option’ Than Ethical Hacking

FC, a well-known ethical hacker and social engineer, has been working in the information security field for over 20 years and excels at circumventing access controls.

21 September 2020
IT Governance Value and the Pandemic
Blog Post

IT Governance Value and the Pandemic

Today, more than ever, people, business and information & technology are related: I&T are essential resources to facilitate the survival of people and business.

18 September 2020
What I Learned About Risk During the Pandemic: Meme Edition
Blog Post

What I Learned About Risk During the Pandemic: Meme Edition

The internet is rife with memes that speak to how nobody could have seen what was coming in 2020. From the futility of buying a 2020 calendar to the pretentiousness of answering the question of where you are going to be in five years, they are endlessly funny and help to ease us through these difficult times. v

17 September 2020
#IamISACA: This Time, I’m Here to Stay
Blog Post

#IamISACA: This Time, I’m Here to Stay

The first time I became an ISACA member, I did not stay long. I became a member in 2015 simply because there was a need for an IT auditor at my organization, but that reason was not enough to keep me in ISACA.

16 September 2020
Like Cold Weather, Handle Election Security with Layers
Blog Post

Like Cold Weather, Handle Election Security with Layers

What I’m going to tell you in this blog post is nothing new, and no secret to most cybersecurity professionals, but it nonetheless bears repeating leading up to the November US election, and really taking to heart.

15 September 2020
Taking Steps to Win the Battle Against Misinformation
Blog Post

Taking Steps to Win the Battle Against Misinformation

As a risk professional working in county government in the state of Kansas, I am on the frontlines of helping to secure the upcoming 2020 US election.

15 September 2020
The Secret to Passing Cybersecurity Certification Exams
Blog Post

The Secret to Passing Cybersecurity Certification Exams

Getting ready to take a certification exam in the cybersecurity realm – whether it’s CISM, CRISC, CISSP, CSX-P or another blue-chip certification – can be quite stressful.

14 September 2020
Ron Lear
Blog Post

CCPA: Nine Months In

Protecting consumer data privacy has been a critical issue for years, but California was the first US state to actually enact a law.

11 September 2020
Privacy as a Differentiator: Going Beyond Regulations
Blog Post

Privacy as a Differentiator: Going Beyond Regulations

The array of proposed and adopted privacy laws across the globe, including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), reflect growing concerns around privacy.

10 September 2020
Common Misconceptions About Agile Auditing
Blog Post

Common Misconceptions About Agile Auditing

Before the pandemic disrupted our lives, I attended a fascinating webinar in which the head of a very large internal audit shop shared lessons learned from the department’s Agile journey.

9 September 2020
Making Our Mark on ISACA CommunITy Day 2020
Blog Post

Making Our Mark on ISACA CommunITy Day 2020

How will we come together as a global community to do local volunteer service during a pandemic? As a member of the ISACA St. Louis Chapter, we just unanimously agreed that all chapter events are virtual-only for the 2020-2021 plan year. Can we pull off CommunITy Day again this year?

4 September 2020
Making Our Mark on ISACA CommunITy Day 2020
Blog Post

Making Our Mark on ISACA CommunITy Day 2020

How will we come together as a global community to do local volunteer service during a pandemic? As a member of the ISACA St. Louis Chapter, we just unanimously agreed that all chapter events are virtual-only for the 2020-2021 plan year. Can we pull off CommunITy Day again this year?

4 September 2020
Responding to and Protecting Against Ransomware
Blog Post

Responding to and Protecting Against Ransomware

There have been many recent successful ransomware attacks, and there is frustration that in today’s cybersociety, information security safeguards and best practices are not being followed by local governments, financial services, law enforcement, academia, government agencies, healthcare organizations and businesses and commercial enterprises.

3 September 2020
Choosing the Ideal API with Security in Mind
Blog Post

Choosing the Ideal API with Security in Mind

Application programming interfaces, or APIs for short, provide very secure and standardized ways for applications to work together and deliver greater information and functionality for end users

2 September 2020
#IamISACA: Reaching the Top, and Finding a New Challenge
Blog Post

#IamISACA: Reaching the Top, and Finding a New Challenge

After more than 10 years as an IT and IS auditor and consultant for one of the Big 4 audit and advisory companies worldwide, I gained world-class experience by working in a high-ranking professional environment on challenging local and international engagements.

2 September 2020
#IamISACA: Striving for Excellence
Blog Post

#IamISACA: Striving for Excellence

The 2008-2009 recession gave me the opportunity to look beyond the obstacles and to find out what opportunities lie after a crisis. With that in mind, today’s COVID-19 pandemic reminds me how a crisis turned into an opportunity to land in information security and to become involved with ISACA.

2 September 2020
COVID-19: A Pilot for the Future of Work
Blog Post

COVID-19: A Pilot for the Future of Work

Daniel Susskind visited with ISACA Now to discuss how AI will impact the professional landscape, how COVID-19 factors in and more. The following is a transcript of the conversation, edited for length and clarity.

1 September 2020
Deploying a Data Security Defense
Blog Post

Deploying a Data Security Defense

Data security has always been a top priority, but the COVID-19 pandemic has made it even more prominent.

31 August 2020
CDPSE Spotlights Relationship Between Privacy and Security
Blog Post

CDPSE Spotlights Relationship Between Privacy and Security

Few organizations are driving more meaningful change than ISACA for our professions and our careers.

28 August 2020
Larry Alton
Blog Post

Ad Threats: What Are They and Why Do They Matter?

Ad fraud has been around for many years, but it’s not the only risk businesses and advertising networks face.

27 August 2020
Veronica Rose
Blog Post

Become Engaged with the ISACA Community

In addition to ISACA being a top-flight professional global community with great resources for IT professions of all levels, it is a highly collaborative community.

26 August 2020
#IamISACA: Finding Joy in a Varied Career Path
Blog Post

#IamISACA: Finding Joy in a Varied Career Path

When I was a child, I dreamt of touring the world, seeing new places and meeting new people. Those were the days when my parents could barely afford to send me anywhere beyond our hometown in India, which was in the picturesque state of Goa, some 600 kilometers south of Mumba...

26 August 2020
Governance and Innovation Are Not Competitors
Blog Post

Governance and Innovation Are Not Competitors

I have sometimes heard teams complain that governance is getting in the way of their progress. Usually this is because of out-of-date governance or a misunderstanding by the teams as to what governance is telling them.

25 August 2020
In Budget Season, Don’t Forget to Account for Training
Blog Post

In Budget Season, Don’t Forget to Account for Training

With the budget season approaching for many organizations and everyone under a pandemic alert of some sort, it is time to look at what is essential to invest in within your operation’s audit, risk or security department for next year. We know there are always non-negotiable activities and criteria for each budget year.

24 August 2020
Integrating GDPR Into the Threat Intelligence Program
Blog Post

Integrating GDPR Into the Threat Intelligence Program

When the EU General Data Protection Regulation (GDPR) went into effect in May 2018, management attention to controls around data breaches—mitigation controls and incident management—became the most important issues that an organization can face based on financial penalties.

21 August 2020
Practical Tips for Managing Privacy Risk
Blog Post

Practical Tips for Managing Privacy Risk

Privacy risk is the likelihood that someone will experience problems resulting from data processing and the impact of these problems should they occur.

20 August 2020
#IamISACA: 400,000 Miles and Counting
Blog Post

#IamISACA: 400,000 Miles and Counting

I love off-roading. I have traveled all over my country of Brazil and various countries in Latin America in my 1996 Land Rover Defender, which has more than 400,000 miles on it. My trusty Land Rover might not be the fastest or most comfortable...

20 August 2020
#IamISACA: Transforming My Career, One Credential at a Time
Blog Post

#IamISACA: Transforming My Career, One Credential at a Time

My interest in cybersecurity was seeded with the “love letter” computer worm that infected millions of computers in 2000, spreading through emails. People received unsuspecting emails with attachments labeled “I Love You.”

20 August 2020
Using Gamification in Cybersecurity Incident Response Tabletop Exercises
Blog Post

Using Gamification in Cybersecurity Incident Response Tabletop Exercises

If you are looking for innovative, fun and proven methods of gamification-based learning to apply in organizations that can be used without any restrictions in the development and execution of cybersecurity incident response tabletop exercises (TTEs), Lego Serious Play (LSP) is a worthy choice.

19 August 2020
Muneeb Imran Shaikh
Blog Post

Applied Collection Framework: A Risk-Driven Approach to Cybersecurity Monitoring

Cybersecurity or network security monitoring is incumbent upon organizations through various regulations or laws prevalent in respective countries or regions. The purpose of network security monitoring is to establish and maintain a command and control center that monitors...

18 August 2020
Framing Your Audit Reports in the Language of Business
Blog Post

Framing Your Audit Reports in the Language of Business

Of the many excellent resources released by ISACA over the last few years, without doubt one of the more seminal documents is the COBIT 2019 Design Guide. Why? Because it enables IT governance professionals to support the enterprise strategy, the detailed plan for ...

17 August 2020
Vikum Thebuwana
Blog Post

A Clear and Practical Approach to Risk Assessments

As information security professionals, we conduct risk assessments for companies, projects, new businesses and start-ups, etc. To complete this task, we follow guidelines from trustworthy sources, not limited to online searches, consultancies and security...

14 August 2020
The Quilted Landscape of US Consumer Data Privacy
Blog Post

The Quilted Landscape of US Consumer Data Privacy

Consumers are aware of data trade-offs. Creation of a customer account can make online shopping checkout faster; setting up a free social media account can make connecting with others easier. These conveniences are available often in exchange for data that entities use to better...

13 August 2020
IT Governance and the COVID-19 Pandemic
Blog Post

IT Governance and the COVID-19 Pandemic

COVID-19 has left a deep impact on society. It still affects the way we live and the way we work. Companies changed their delivery models, and many more people are now working remotely to adhere to new social distancing protocols. No organization was...

12 August 2020
#IamISACA: From Rock Star to Speak Star
Blog Post

#IamISACA: From Rock Star to Speak Star

Although I play guitar in a band, I’m far from being a “rock star” (well, my mom thinks I’m one), and I don’t think the term “speak star” exists (although it should!) But I decided to title my story this way because the title of an article is like the intro of a song or the name of a presentation: it should catch you from the start.

12 August 2020
#IamISACA: Making Time for What Matters to Me
Blog Post

#IamISACA: Making Time for What Matters to Me

I was 13 when I decided to become a computer programmer. Before then, I was sure that I would be an electrical engineer, like my father. However, that changed when I saw a TV spot about “Basic programming” on the local TV channel.

12 August 2020
Changing a Risk-Averse Mentality
Blog Post

Changing a Risk-Averse Mentality

Caspar Berry is the opening keynote speaker at the GRC Conference 2020, a virtual event to take place 17-19 August. After starting his working life as an actor in BBC drama Byker Grove alongside Ant and Dec, Berry studied economics at Cambridge before making the decision to move to Las Vegas and become a professional poker player.

11 August 2020
How to Prepare for the Digital Hiring Process of the Future
Blog Post

How to Prepare for the Digital Hiring Process of the Future

For years we have known when applying for a job that computer software was screening our resumes to determine whether it would make it to the hands of a recruiter. What if I told you that technology now has a more integrated role in the hiring process?

10 August 2020
Local Outreach, Global Impact: ISACA CommunITy Day 2020
Blog Post

Local Outreach, Global Impact: ISACA CommunITy Day 2020

So often as a volunteer manager, I hear, “I would like to get more involved, but I am not sure how.” Or “I want to make a difference but do not have much free time.” Now I hear, “How can I participate during a global pandemic?”

7 August 2020
Transforming Your Team: The Value of Group Training
Blog Post

Transforming Your Team: The Value of Group Training

Training is an essential cornerstone of maintaining our ongoing professional relevance. While conferences and webinars should be a staple in any individual or company training repertoire, a perhaps ...

6 August 2020
The Fine Art of Stepping on the Same Rake
Blog Post

The Fine Art of Stepping on the Same Rake

For more than half a decade I presented a talk about learning from current events in a “stepping on a rake” series. While the title changed slightly from year to year, the material ...

5 August 2020
#IamISACA: Three Countries and Three Lessons Learned
Blog Post

#IamISACA: Three Countries and Three Lessons Learned

I originally am from the Philippines and started my career there, working with the biggest telecommunications company in the country. Then I was given a chance to be part of a team of seven Filipinos who were sent to the State of Qatar to build the first certified commercial Security Operations Center (SOC) there.

5 August 2020
Revamped ISACA Awards Program Enhances Prestige and Engagement
Blog Post

Revamped ISACA Awards Program Enhances Prestige and Engagement

As a volunteer on the 2020 ISACA Awards Working Group and past ISACA Michael Cangemi Award recipient, I am excited to help ISACA recognize the incredible contributions our colleagues and organizations make, and the positive impact we, as the global IT community, have on the world.

4 August 2020
RiskEngaging ISACA’s Community Virtually
Blog Post

Enterprise Risk Summarized Effectively

A risk management process always starts in top-down mode. The enterprise risk management’s (ERM's) long journey begins between methodologies and fears of not achieving business objectives. Roughly speaking, we design a model, define metrics and establish how data are collected.

3 August 2020
James Azarowicz
Blog Post

Be Prepared and Don’t Panic to Steer Your Career Through Challenging Times

Imagine you’re driving down the highway and, all of a sudden, your hood flies open, blinding your view of the road. What is the first thing you should do?

31 July 2020
Culture as a Corporate Asset
Blog Post

Culture as a Corporate Asset

Culture is described as the sum of the shared assumptions, values and beliefs that create the unique character of an organization. Culture, if managed well, can deliver value to stakeholders through the behavior and actions of employees.

30 July 2020
#IamISACA: Overcoming Challenges By Always Learning New Things
Blog Post

#IamISACA: Overcoming Challenges By Always Learning New Things

I have faced many challenges in my career in project management when implementing technology projects, including the last couple of years working on implementations of cybersecurity frameworks, standards and regulatory requirements to achieve good IT governance.

30 July 2020
Internal Audit Evolution by Unnatural Selection
Blog Post

Internal Audit Evolution by Unnatural Selection

I get it. You feel like the world is moving at a faster pace. Blockchain teases with the potential of revolutionizing the financial world. Artificial intelligence technologies are expected to be as ubiquitous as electricity, helping us with many decisions and making predictions.

29 July 2020
Digital Transformation and Human Error
Blog Post

Digital Transformation and Human Error

There was a time back in 2016/2017 when the whole world seemed abuzz with news that robots were about to take over the world, an outcome that would leave many of us humans...

28 July 2020
Controlling the Cloud
Blog Post

Controlling the Cloud

The cloud has been and continues to be an important enabling technology for many, both professionally and socially, during the COVID-19 pandemic. We have built a virtual world and now we are putting...

27 July 2020
The Bedrock of a Post-COVID-19 Security Operations Center
Blog Post

The Bedrock of a Post-COVID-19 Security Operations Center

Given the profound impact of COVID-19, a constantly evolving threat landscape, constraints of operating a Security Operations Center (SOC) remotely, increased remote workforce, disparate managed and unmanaged endpoints, an avalanche of phishing, malicious campaigns masquerading in the name of COVID-19...

24 July 2020
Jo Stewart-Rattray
Blog Post

Carrying Forward John Lainhart’s COBIT Legacy

Back in late 2018, a small group of COBIT enthusiasts were set to meet at ISACA Global in Schaumburg, Illinois, USA, to commence work on what an information security offering for the latest version of COBIT would look like. We were to be led by my dear friend, mentor and one of the founding fathers of COBIT back in 1995, John Lainhart.

23 July 2020
#IamISACA: Feminism and Food Make Me Who I Am
Blog Post

#IamISACA: Feminism and Food Make Me Who I Am

Going back to my childhood, I have always been interested in feminism, and that has only grown stronger as an adult. I am always eager to talk about it and explain when someone does not understand issues related to inequality. To me, feminism is not just about women's rights...

23 July 2020
Welland Chu
Blog Post

Quick Questions for IoT Manufacturers

Despite good intentions from the manufacturing community to improve security, the decision of whether and how security is implemented always comes down to economics.

22 July 2020
One In Tech: Leveling the Playing Field in the Digital World
Blog Post

ISACA Foundation: Leveling the Playing Field in the Digital World

Just to give a little history, it was about four or five years ago that ISACA brought together a number of women leaders to talk about the underrepresentation of women in the tech space, and as we started those conversations and we developed a program – it started off as something different, but it eventually became what we know today as SheLeadsTech.

21 July 2020
The Twitter Hack: How Did They Do It?
Blog Post

The Twitter Hack: How Did They Do It?

On 15 July, Twitter was hacked in an epic way. One-by-one, a number of accounts were targeted and compromised, including verified accounts of famous users including Elon Musk, Bill Gates, Barack Obama, Kanye West and Joe Biden, and a number of Twitter accounts...

20 July 2020
What Is the Difference Between Requirements and Controls?
Blog Post

What Is the Difference Between Requirements and Controls?

Practically speaking, there tends to be a great deal of confusion around the topics of requirements vs. controls. We are all very familiar with the various marketing strategies for complying with the US National Institute of Standards and Technology (NIST), Payment Card Industry...

17 July 2020
#IamISACA: A Toast to Work-Life Balance
Blog Post

#IamISACA: A Toast to Work-Life Balance

Long before I became an IT management professional or a wine aficionado, I dreamed of being an engineer. Machines and computers were all I could think of as a kid, and understanding the logic behind them was my passion for a long time. I studied software engineering...

16 July 2020
#IamISACA: Adapting to Change
Blog Post

#IamISACA: Adapting to Change

I started my career in the finance department during a time when manual accounting systems were mostly used. My true passion since childhood, however, was in IT. I read IT books about programming and networking in my leisure time and started taking courses step by step...

16 July 2020
Tailoring Enterprise Information Security Training and Awareness for Remote Working
Blog Post

Tailoring Enterprise Information Security Training and Awareness for Remote Working

The ongoing COVID-19 outbreak has compelled most organizations to roll out work from home arrangements. In the changed times, work no longer means being inside the office facing your computer. The increase in at-home working also puts organizations at a greater risk of cyber-attacks because home networks are generally not as securely configured...

14 July 2020
Data Ownership Questions in Light of COVID-19
Blog Post

Data Ownership Questions in Light of COVID-19

What was clear when writing my recent Journal article, “Data Rights: Single vs. Multiple Ownership?,” is the knowledge that data ownership rights, data source and data quality are unquestionably critical to any data analytics and visualization, at least to a reasonable person...

13 July 2020
How the CSX-P Certification Has Bolstered My Credibility in Audit
Blog Post

How the CSX-P Certification Has Bolstered My Credibility in Audit

As an IT or systems auditor, my job is all about assessing and testing controls designed and in place to protect the company’s treasure trove of information. In my case, health insurance claims data of our members is the Holy Grail to be protected. When I go into an audit, my credibility sets the tone for an open and honest dialogue throughout the engagement.

10 July 2020
Christopher Gerg
Blog Post

Beware, Coronavirus-Themed Ransomware is Here

It’s important to recognize how essential grocery stores, hospitals, clinics and supply chain organizations are in light of COVID-19, and it’s equally important to recognize technology as their critical infrastructure. Without it, countless organizations would be left inept, disorganized and overwhelmed.

9 July 2020
#IamISACA: Building an IT Audit Community From the Bottom Up
Blog Post

#IamISACA: Building an IT Audit Community From the Bottom Up

I started work at the State Audit Office (SAO) of Georgia in late 2013 as an intern. At that time, SAO had no IT audit function, but one was needed to keep up with the government due to rapid development of government electronic systems. I was tasked to learn more about IT audit and build a qualified team.

8 July 2020
#IamISACA: Satisfaction Through Volunteering
Blog Post

#IamISACA: Satisfaction Through Volunteering

Life is all about tackling and winning over challenges that come your way. In that spirit, I want to share some of my experiences with ISACA (mostly with the Chennai, India Chapter) and from my personal life – and how these two became connected.

8 July 2020
Leveraging Cybersecurity to Increase Diversity, Equity and Inclusion
Blog Post

Leveraging Cybersecurity to Increase Diversity, Equity and Inclusion

As an industry, cybersecurity has always been challenged by a shortage of supply when it comes to talent. This is further complicated by a lack of diversity, an issue that when addressed well has always proven to deliver stronger teams and better results.

7 July 2020
Seven Ways AI is Improving the Job Market – Not Killing It
Blog Post

Seven Ways AI is Improving the Job Market – Not Killing It

Artificial intelligence is not a thing of the future anymore. We live in a world where AI is working diligently in the shadows of every major industry. The industrial revolution of the past built the world we are enjoying today, and it was done using the strength...

6 July 2020
Preserving Privacy in Video Analytics Solutions in Smarter Cities
Blog Post

Preserving Privacy in Video Analytics Solutions in Smarter Cities

Video analytics in smarter cities pose a challenge for security and privacy professionals that are focused on preserving the privacy of the public, while balancing their organization’s desire to utilize information. As with all analytics, these principles come with competing needs.

2 July 2020
#IamISACA: Calligraphy is My Meditation
Blog Post

#IamISACA: Carrying on My Father’s Volunteering Legacy

After voting precincts began relying upon computers, my father stopped volunteering as an election worker. That’s right about when he passed the torch to me and I signed up.

1 July 2020
#IamISACA: Embracing Cross-Cultural Connections
Blog Post

#IamISACA: Embracing Cross-Cultural Connections

I worked for a company a long time ago that sent us to a training about cultural differences between the US and UK. Most of our senior managers were in the UK or in the U.S. and we thought, we both speak English so why can’t we communicate?

1 July 2020
Emily Tsitrian
Blog Post

Becoming the Boss: Guidance for New Supervisors in an Era of Remote Work

Emily Tsitrian, senior manager of professional services at Castlight Health, presented last week at the Pride Summit in her session, “Boss Up! How to Become the Boss.” Tsitrian visited with ISACA Now following her session to share some of her guidance on transitioning to becoming a supervisor, especially in current times in which remote work has become increasingly commonplace.

30 June 2020
Open-Minded Approaches to Addressing the Cybersecurity Skills Gap
Blog Post

Open-Minded Approaches to Addressing the Cybersecurity Skills Gap

It is more important than ever that organizations become creative in their approaches to addressing under-resourced security staffs. If you look at ISACA’s State of Cybersecurity 2020 report, which predates COVID-19, 62% of companies are understaffed and 57% have unfilled security positions.

26 June 2020
Risk IT Revitalized
Blog Post

Risk IT Revitalized

I had the privilege of being on the task force that created the original version of ISACA’s Risk IT Framework several years ago. At the time, I felt Risk IT was an important contribution to the profession...

25 June 2020
#IamISACA: IT Leader By Day, Belly Dancer By Night
Blog Post

#IamISACA: IT Leader By Day, Belly Dancer By Night

I took up belly dancing at the same time I started preparing for my CISA exam 16 years ago. It is great exercise, and concentrating on the music and the movements takes my mind completely off the problems and stressful decisions that I face in my daily work as the leader of a big team of highly skilled IT auditors.

24 June 2020
#IamISACA: Never Too Late to Start a New Dream
Blog Post

#IamISACA: Never Too Late to Start a New Dream

In 1984, when I was 16 years old, I had the opportunity to take computer science as an additional school subject. The classes were presented after regular school hours, and this opportunity opened up the new world of computers to me.

24 June 2020
NIST and COBIT: Working in Harmony for More Reliable and Secure Technology
Blog Post

NIST and COBIT: Working in Harmony for More Reliable and Secure Technology

The events of 2020 have shown us, more than ever before, how profoundly circumstances can change, seemingly in a moment. Information and technology are constantly on the move, and we have seen technology revolutions on every front, from mobile devices to changing office environments – even in our spacecraft!

24 June 2020
COVID-19 Underscores Value of Resilient Supply Chains
Blog Post

COVID-19 Underscores Value of Resilient Supply Chains

My supply chain focus started when I was the vice president controller for a shoe retailer in the US, and we were hit with an unexpected new tariff on our Chinese products for a piece of metal that was used to keep the holes in place for shoelaces to go through.

23 June 2020
The Importance of Privacy-Focused Monitoring In Light of COVID-19 Work Disruption
Blog Post

The Importance of Privacy-Focused Monitoring In Light of COVID-19 Work Disruption

The COVID-19 pandemic has increased the already-robust adoption rates for employee monitoring software. Prominent publications, including The Washington Post and The New York Times, have reported on this trend, and they have documented employees’ general unease about the practice.

22 June 2020
Harnessing the Power of Technology in the Fight Against COVID-19
Blog Post

Harnessing the Power of Technology in the Fight Against COVID-19

The turn of a new decade has brought an interesting twist to the old debate on the pros and cons of technology. The unprecedented coronavirus pandemic (hereafter referred to as COVID-19 or the pandemic) has not only exposed the fragility of humanity but also a spiral of challenges that may affect our interconnected world for years to come.

19 June 2020
Understanding the Human Side of Cybersecurity
Blog Post

Understanding the Human Side of Cybersecurity

Dr. Jessica Barker, the closing keynoter speaker at ISACA’s EuroCACS 2020 conference, to take place 28-30 October in Helsinski, Finland, is a leader in the human nature of cybersecurity. She has been named one of the top 20 most influential women in cybersecurity in the UK and in 2017 she was awarded as one of the UK’s Tech Women 50.

18 June 2020
#IamISACA: Becoming Richer Through Travel
Blog Post

#IamISACA: Becoming Richer Through Travel

When Norway decided to go into lockdown for COVID-19, I was actually sitting in Singapore, preparing to travel to the island countries of Palau and Micronesia, where I had lined up a couple of weeks of diving the reefs and chatting up the locals.

17 June 2020
#IamISACA: Hitting Reset in the Back Garden
Blog Post

#IamISACA: Hitting Reset in the Back Garden

Due to the blending of home and work life, and especially with the need to educate my three sons from home during the COVID-19 pandemic, it has been harder to ensure some sort of separation at the end of a work day.

17 June 2020
Privacy by Design—Opinions Matter
Blog Post

Privacy by Design—Opinions Matter

In response to the global health emergency and, after much national soul-searching, the Irish government reluctantly decided to cancel this year’s Leaving Certificate, the set of final exams that a student takes in secondary school here in Ireland.

16 June 2020
Nonsense Compliance
Blog Post

Nonsense Compliance

A project manager just completed a cybersecurity project on time and on budget. He schedules the last meeting with his sponsor, the chief information security officer (CISO). While plugging in the beamer for his final presentation, he thinks back at those frenzied few weeks he went through and sighs in relief.

15 June 2020
Leveraging AI to Provide Better IT Service Management Using COBIT
Blog Post

Leveraging AI to Provide Better IT Service Management Using COBIT

I started my own Watson Assistant project last year. This was after I was informed of how successful IBM’s help desk, which is based on Watson Assistant, was. As an assurance specialist, I naturally decided to work on something along the same lines.

12 June 2020
#IamISACA: Defying Assumptions and Embracing Opportunities
Blog Post

#IamISACA: Defying Assumptions and Embracing Opportunities

My introduction to ISACA came in 2013 when I hired Emil D’Angelo out of retirement to help me bring information security up to regulatory acceptable levels at the bank where we worked. A lot of you will know Emil as a past ISACA board chair and a very active and passionate member of the ISACA family.

11 June 2020
Digital Businesses Need Tailored Security Solutions and Services
Blog Post

Digital Businesses Need Tailored Security Solutions and Services

Many enterprises prefer to outsource their IT security and believe their cybersecurity operations will be managed well. Typical security device management services that are offered by leading managed security service providers (MSSPs) are broadly categorized into the below clusters...

10 June 2020
Jack Freund
Blog Post

Achieving Proper Risk Communication

The goal of communication is multifaceted. It is typically expressed as one or more of the following: to inform, to persuade, to request and/or to build relationships.

9 June 2020
What Background Makes a Good DPO?
Blog Post

What Background Makes a Good DPO?

The enactment of the EU General Data Protection Regulation (GDPR) formalized the role of the Data Protection Officer (DPO) role to ensure there was senior leader in the organization who was responsible and accountable for driving the privacy program and upholding the rights of data subjects and their data.

8 June 2020
COVID-19 Response Still Needs Data-driven Decisions
Blog Post

COVID-19 Response Still Needs Data-driven Decisions

Effectively gathering, using, storing and archiving data have become major concerns in all industries. Timely and trustworthy data are critical for effective decision-making since the new coronavirus continues to spread.

5 June 2020
Disruptive Technology and the Role of the Auditor
Blog Post

Disruptive Technology and the Role of the Auditor

Heraclitus said, “The only thing that is constant is change.” This reflects on today’s ever-changing world with disruptive technologies overturning the way organizations were traditionally run.

4 June 2020
#IamISACA: From ISACA to Fly Fishing, I’m All In
Blog Post

#IamISACA: From ISACA to Fly Fishing, I’m All In

I’m not the type to do something half-way. When I take an interest in something, I dive in deep, try to learn all I can and be the best I can be.

3 June 2020
#IamISACA: Playing the Long Game and Making a Difference
Blog Post

#IamISACA: Playing the Long Game and Making a Difference

Many people have a galvanizing moment when they are certain about their career goals. That definitely isn’t what my path in cybersecurity looks like. In fact, I originally majored in vocal performance, but decided after two years of study that my career outlook as an opera theater performer didn’t meet my goals for a stable career and family.

3 June 2020
Larry Marks
Blog Post

CCPA’s Impact on Encryption

The California Consumer Privacy Act (CCPA) is having an impact on the security professionals, auditors, managers and boards responsible for ensuring its effective implementation.

2 June 2020
Driving True Empowerment for Security Teams
Blog Post

Driving True Empowerment for Security Teams

Traditional wisdom tells us that organizational commitment is important to the practice of security. Meaning, for an organization to establish and maintain a robust security posture, the organization needs to have what COBIT refers to as the right “tone at the top” – in this case, one that engenders and facilitates security.

1 June 2020
Sizing Up COVID-19's Impact on Security Professionals and Their Organizations
Blog Post

Sizing Up COVID-19's Impact on Security Professionals and Their Organizations

Sizing Up COVID-19's Impact on Security Professionals and Their Organizations

29 May 2020
On Respect for the Individual and the Individual’s Data
Blog Post

On Respect for the Individual and the Individual’s Data

Google’s holding company, Alphabet, has been investing in its Verily Life Sciences initiative over the last seven years with the aim of revolutionizing healthcare.

28 May 2020
Phil Zongo
Blog Post

Building a High-Value Cyber Resilience Strategy: Five Essential Tips

The idea of cyber resilience remains a distant dream for many enterprises. Faced with a barrage of high-profile data breaches, most impacting highly respected organizations, some business leaders now harbor deep-seated beliefs that cyber threat actors are undeterrable and cyber resilience...

27 May 2020
#IamISACA: A Gateway to Amazing People and Lasting Relationships
Blog Post

#IamISACA: A Gateway to Amazing People and Lasting Relationships

The thing that always amazes me the most about working so closely with our global community is how alike we all are. When you get the amazing opportunity to see people from every country imaginable working alongside one another...

27 May 2020
Employing Privacy Frameworks in Uncertain Times
Blog Post

Employing Privacy Frameworks in Uncertain Times

The current global crisis is disrupting and disabling many core business functions. For many, in-office work has transitioned to remote work, requiring virtual conferencing tools and the sharing of sensitive information with a dispersed workforce.

21 May 2020
RA(CI) Light
Blog Post

RA(CI) Light

For decades, IT practitioners have made use of RACI charts. You’ve seen them, those grids that assign roles to tasks or practices. COBIT has had RACI charts in several versions and continues to make use of them in COBIT 2019.

21 May 2020
Brian Gill
Blog Post

A Global Pandemic: Cyber Threats and Remote Employees

COVID-19 changed the lives of nearly everyone in the world in a matter of weeks. From work life to home life, essentially every aspect has been altered in some way.

20 May 2020
#IamISACA: Pursuing Clarity of Thought in a Cluttered World
Blog Post

#IamISACA: Pursuing Clarity of Thought in a Cluttered World

In the frenetic pace of life, it is important that at times we just stop and take a deep breath, clear the mind and refocus our energies on what is important. Being a spouse, parent, volunteer and professional are all important aspects of my life that demand attention and devotion.

20 May 2020
#IamISACA: Why Mentoring Women in Cybersecurity Matters to Me
Blog Post

#IamISACA: Why Mentoring Women in Cybersecurity Matters to Me

My experience as a mentor in a career comeback program for Malaysian women who want to return to the cybersecurity workforce has been very meaningful to me.

20 May 2020
How I Passed the CISM Exam on the First Attempt
Blog Post

How I Passed the CISM Exam on the First Attempt

In March 2019, I passed ISACA’s CRISC exam and became certified the next month. This achievement motivated me to pursue another ISACA certification – the Certified Information Security Manager (CISM).

19 May 2020
Don’t Get Caught Without Good Governance When the Tide Goes Out
Blog Post

Don’t Get Caught Without Good Governance When the Tide Goes Out

In my many weeks of working from home recently due to the COVID-19 pandemic, I’ve been on regular peer group calls listening to the challenges that my colleagues have dealt with in getting their companies situated to effectively work remotely.

18 May 2020
Industry 4.0: Future-Proofing Your Career
Blog Post

Industry 4.0: Future-Proofing Your Career

A panel of cybersecurity, audit, emerging technologies and governance experts shared their perspectives and advice Wednesday at ISACA’s first virtual conference as part of North America CACS 2020.

15 May 2020
Using Network Segmentation to Combat Ransomware
Blog Post

Using Network Segmentation to Combat Ransomware

In the latest ISACA Journal issue, we published a two-part article titled “Avoid Having to Run Somewhere from Ransomware.” The article included a deep dive on what ransomware is, how it infiltrates most systems, our suggestions for the top 10 ways to...

14 May 2020
#IamISACA: Defining Our Success Metrics
Blog Post

#IamISACA: Defining Our Success Metrics

Do you believe that where we come from helps us shape our own success? Personally, I do. Actually, I think this has a great deal of impact on what we are able to achieve in life.

13 May 2020
Managing Risk in a Pandemic: Novel Today, Standard Practices Tomorrow
Blog Post

Managing Risk in a Pandemic: Novel Today, Standard Practices Tomorrow

COVID-19, a novel coronavirus, has come as a shock to many across the globe, changing practically every aspect of our functioning daily lives.

12 May 2020
Snedaker Susan
Blog Post

As Telehealth Becomes Common, Security Considerations Increasingly Important

The COVID-19 pandemic has changed almost every aspect of our daily lives. What we’re seeing in healthcare today is unprecedented.

8 May 2020
#IamISACA: Finding Mentors Who Value You
Blog Post

#IamISACA: Finding Mentors Who Value You

Throughout my career, I have had a couple managers whom I consider my mentors. One mentor I had is the one who brought me into security. I was a programmer when she approached me one day and asked if I wanted to join her security test team, doing pen testing.

7 May 2020
#IamISACA: Making Lifelong Friends Through Volunteering
Blog Post

#IamISACA: Making Lifelong Friends Through Volunteering

I first became interested in volunteering at ISACA in 1999 when then-London Chapter President Gerry Penfold asked me to update and run the chapter website.

7 May 2020
From “Meh” to an EPIC Career in Cybersecurity
Blog Post

From “Meh” to an EPIC Career in Cybersecurity

If you’ve selected IT as a profession, then you’ve chosen life-long learning as a discipline. Like so many STEM fields, the rate of change and advancement in technology is awe-inspiring. And if you hold or aspire to a leadership position in the cybersecurity profession, then the phenomenon of impostor syndrome comes with the territory.

6 May 2020
Telework Successfully During (And After) the COVID-19 Pandemic
Blog Post

Telework Successfully During (And After) the COVID-19 Pandemic

For state/province/national leaders, coronavirus is forcing a trade-off between public health and privacy as well as balancing the saving of human lives at the cost of temporarily limiting individual liberties.

5 May 2020
Shannon Donahue
Blog Post

CDPSE Credential Calls Attention to Need for Technical Privacy Professionals

ISACA recently opened its early-adoption opportunity for its new Certified Data Privacy Solutions Engineer (CDPSE) certification. CDPSE is the latest in ISACA’s well-respected line of credentials and offers a unique certification opportunity to professionals who participate in the design...

4 May 2020
#IamISACA: Innovating and Being a Change Agent in an Amazing Technological World
Blog Post

#IamISACA: Innovating and Being a Change Agent in an Amazing Technological World

The start-up has changed my life. The day before my wedding, one of our clients at the company I had worked for at the time experienced an important security incident.

1 May 2020
#IamISACA: Looking on the Bright Side of Life
Blog Post

#IamISACA: Looking on the Bright Side of Life

There are a lot of causes of stress for those of us working in the security industry. For me, the biggest concern is that a lot of decision-makers are unaware of the consequences that can be caused by inadequate budgeting or investment in security, especially in industries where the consequences can be the loss of human lives.

1 May 2020
Utilize IT Governance for Stronger Enterprise Alignment
Blog Post

Utilize IT Governance for Stronger Enterprise Alignment

Ineffective governance has a substantial impact on business alignment and risk management. Malformed alignment can result in improper identification of sensitive data, critical services and substandard security controls.

1 May 2020
Baybeck David
Blog Post

Celebrating a Milestone While Transforming ISACA for the Next 50 Years

ISACA Board Chair Brennan P. Baybeck and ISACA CEO David Samuelson recently had a conversation about ISACA reaching its 50-year anniversary in 2019 and how that milestone inspired the organization to reach even greater heights in the future.

30 April 2020
Managing Your Career in Strange Times: Five Steps to Take Now
Blog Post

Managing Your Career in Strange Times: Five Steps to Take Now

There is no crystal ball right now. For business, work, our lives, the world – these are unprecedented times. How should we be thinking about career management right now?

30 April 2020
Managing Our Ever-Growing Data Requires Empowering Users
Blog Post

Managing Our Ever-Growing Data Requires Empowering Users

As data costs have decreased, data retention and complexity have grown. Organizations have identified the need to capture data and retain it in response to legislation, regulation and opportunity. Has the value of our data increased relative to the growth in data volume?

29 April 2020
Security in the Smart Home
Blog Post

Security in the Smart Home

Tech companies have pushed smart home devices and technologies for years. And while we’ve finally reached a point where smart solutions are considered mainstream, we haven’t quite reached total adoption.

28 April 2020
The New Normal: GDPR and Audit
Blog Post

The New Normal: GDPR and Audit

I am writing this blog under COVID-19 lockdown on the eve of my 25th wedding anniversary. Besides feeling somewhat guilty that I am at home while others are out in the frontline, working from home has left me more time to contemplate this milestone as, well, there is no commute and no colleagues to gossip with at the water cooler or when grabbing a coffee.

27 April 2020
IT Professionals Make Important Privacy Partners
Blog Post

IT Professionals Make Important Privacy Partners

When asked to describe my responsibilities as a chief privacy officer, I often say my primary function is to be an advocate for the individuals whose personal data my organization collects, maintains and processes.

24 April 2020
Headshot of Josh Hamit
Blog Post

CISM ‘A Natural Fit’ for My Career in Information Security Management

Josh Hamit, vice president, chief information officer at Altra Federal Credit Union, was among a recent set of professionals achieving Certified Information Security Manager (CISM) who helped CISM surpass the milestone of 50,000 certification-holders since its inception.

23 April 2020
Communicating the Value of IT Governance
Blog Post

Communicating the Value of IT Governance

A network patch management tool to be procured is often seen mainly as an expense by the finance department, and therefore queried subjectively or even rejected.

22 April 2020
Five Organizational Cybersecurity Dangers Amplified by COVID-19
Blog Post

Five Organizational Cybersecurity Dangers Amplified by COVID-19

The global pandemic has impacted businesses on an unprecedented level. Only in a handful of instances in the past 100 years have companies and organizations been forced to such extremes to maintain business operations.

21 April 2020
Thank you, ISACA Volunteers!
Blog Post

Thank you, ISACA Volunteers!

ISACA Volunteer Appreciation Week is once again upon us (19-25 April 2020), and we take a moment to reflect on the advancements ISACA has made in the last year thanks to the expertise and dedication of thousands of dedicated volunteers.

20 April 2020
Nader Qaimari
Blog Post

A Needed Wakeup Call for Online School Safety

Right now, as millions of kids all over the world are in the midst of crisis learning done digitally, we are creating the perfect cybersecurity storm. Think about it. While many parents are also working at home, they hardly have the time to conduct their own work, let alone watch over their kids as they do everything online.

16 April 2020
Dave Bowden
Blog Post

Adding Value to the Organization By Bridging the Privacy Gap

Dave Bowden, CISM, CIPT, CIPM, PMP, CSM, VP - Information Security, Data Privacy, Compliance & Information Technology, Zwift, Inc., and a member of ISACA’s privacy advisory group, recently visited with ISACA Now to discuss the state of the privacy field and how different stakeholders in an organization can come together to create comprehensive privacy solutions.

16 April 2020
#IamISACA: An Introvert Networks Her Way to a New Career
Blog Post

#IamISACA: An Introvert Networks Her Way to a New Career

As a self-proclaimed introvert, Lisa DiNezza often has shied away from professional networking and seeking mentors.

13 April 2020
#IamISACA: Connecting Across the Globe
Blog Post

#IamISACA: Connecting Across the Globe

Ramona Ratiu says it is “absolutely amazing” how the challenges faced by security professionals are so similar no matter where in the world people are located.

13 April 2020
#IamISACA: Early Involvement Paying Dividends in My Career
Blog Post

#IamISACA: Early Involvement Paying Dividends in My Career

If it had not been for Scott Moody, I would have never gotten this far in my career.

13 April 2020
#IamISACA: Embracing My Underdog Journey
Blog Post

#IamISACA: Embracing My Underdog Journey

In 2017, I was invited to Chicago to receive the Michael Cangemi Best Article/Book Award, one of ISACA’s highest global honors that recognizes major contributions to the field of IS audit, security and governance publications.

13 April 2020
#IamISACA: Finding Balance in the Wild
Blog Post

#IamISACA: Finding Balance in the Wild

Photography is an art form – it takes creativity, imagination and an eye for detail. I really enjoy it, and I especially love wildlife photography.

13 April 2020
#IamISACA: No Quenching My Adventurous Spirit
Blog Post

#IamISACA: No Quenching My Adventurous Spirit

Before I became an IT auditor, I spent seven years traveling and during that time I got shot twice, once in El Salvador and once in Chicago. I laugh about it now, but I wasn’t laughing about the experience at the time, and it did change my outlook on life.

13 April 2020
#IamISACA: On the Frontlines of Change
Blog Post

#IamISACA: On the Frontlines of Change

Establishing my career in IT risk and assurance as a Jordanian woman has been a fascinating journey.

13 April 2020
#IamISACA: Pivoting to My Passion
Blog Post

#IamISACA: Pivoting to My Passion

The cybersecurity training program through SheLeadsTech, AnitaB.org and City Tech is the reason why I’m in the position that I’m in right now. It really solidified this is the industry that I want to work in.

13 April 2020
#IamISACA: Security a Multigenerational Family Passion
Blog Post

#IamISACA: Security a Multigenerational Family Passion

Naganat Guru’s fascination with security has made an impression on his children, who are now following their owns paths in the field.

13 April 2020
#IamISACA: Upskilling and Getting Uncomfortable to Get to the Next Level
Blog Post

#IamISACA: Upskilling and Getting Uncomfortable to Get to the Next Level

I’ve been in security for about 14 years. I started my career in help desk, moved up to desktop support, then server support, built a help desk team and security team, and here I am now.

13 April 2020
Incoming Board of Directors Highlights ISACA’s Transformation
Blog Post

Incoming Board of Directors Highlights ISACA’s Transformation

In our 50th anniversary year last year, we took stock of ISACA as an organization—what was going well and what we could do better as we strive to be a modern association dedicated to providing world-class learning, membership and enterprise services to our growing community.

10 April 2020
Powerful WordPress Security Tips to Protect Your Site
Blog Post

Powerful WordPress Security Tips to Protect Your Site

WordPress is, without a doubt, the most popular content management system on the web. But this also means it’s one of the most frequently targeted content management systems around. This means cybersecurity is of the utmost importance for people and businesses with WordPress websites.

9 April 2020
Organizational Cybermaturity Comes to the Forefront During COVID-19
Blog Post

Organizational Cybermaturity Comes to the Forefront During COVID-19

The worldwide pandemic has touched everyone at different levels. Across the globe, people are taking additional steps and implementing new routines into their daily lives in order to help slow the spread of the coronavirus. 

7 April 2020
How COBIT® 2019 Can Help Businesses Thrive in Uncertain Times
Blog Post

How COBIT® 2019 Can Help Businesses Thrive in Uncertain Times

With the current world health crisis, more organizations are making the shift to remote working environments for their employees. At ISACA, we are living this today as ISACA’s office is closed and all staff are working remotely.

6 April 2020
Privacy and Respect Under COVID-19
Blog Post

Privacy and Respect Under COVID-19

Many actions have been taken to address the COVID-19 pandemic. Some involve penalties for the spread of misinformation in Bosnia and Herzegovina, the derogation of some human rights in an emergency in Romania, Armenia and Latvia and companies like Palantir and Clearview AI negotiating partnerships with US state agencies for infection monitoring by surveillance, geolocation and facial recognition.

3 April 2020
Engaging ISACA’s Community Virtually
Blog Post

Engaging ISACA’s Community Virtually

Being part of ISACA’s professional community offers not only networking, career advancement and continuing education but also personal relationships, inspirational leaders and mentors. As social distancing has become a global reality for us all at least temporarily, it is more important than ever to focus on the people in our community...

2 April 2020
Location, Organizational Culture Make an Impact When Addressing Privacy Regulations
Blog Post

Location, Organizational Culture Make an Impact When Addressing Privacy Regulations

25 May 2018 came and went. So did 1 January 2020. And businesses around the world didn’t stop (although the current COVID-19 pandemic has certainly presented new challenges). What GDPR did was push organizations across the world to think more, think large and hold themselves accountable. That might seem like old news.

31 March 2020
What Do You Think About When You Hear the Words “Cybersecurity” and “Breaches”?
Blog Post

What Do You Think About When You Hear the Words “Cybersecurity” and “Breaches”?

Cybersecurity refers to the technologies and processes implemented to help protect computers and networks from unauthorized access or attacks. A breach is an incident in which confidential information is viewed, stolen or utilized by an unauthorized individual.

27 March 2020
Learning is Evolving, Whether We Like it or Not. So Is ISACA.
Blog Post

Learning is Evolving, Whether We Like it or Not. So Is ISACA.

No doubt, these are challenging times. Aside from dealing with all the stress at home, where those of us with kids are seeing them face anxiety adjusting to a normal they were never prepared for, we also, as adults, are learning to work differently.

26 March 2020
Securing Citizens’ Data in an Era of Connected Societies
Blog Post

Securing Citizens’ Data in an Era of Connected Societies

Southeast Asia has some of the biggest cities in the world, such as Manila, Jakarta and Bangkok, with close to 47% of the local population living in cities. As governments strive to build future cities, where infrastructure and public delivery are connected and seamlessly enabled by digital advancement...

25 March 2020
Five Steps to Realize Your Data-Driven Digital Transformation Strategy
Blog Post

Five Steps to Realize Your Data-Driven Digital Transformation Strategy

In today’s “data is the new oil” era, no one can say an organization is able to achieve digital transformation without data. Executives and even the board level are talking about data-driven business strategy when they develop business objectives and goals.

24 March 2020
The Importance of Preparing for a Ransomware Attack Hits Close to Home
Blog Post

The Importance of Preparing for a Ransomware Attack Hits Close to Home

As a cybersecurity professional, I work with organizations every day to enhance the various aspects of their cybersecurity programs, from foundational capabilities such as data classification to more tactical functions like incident response. I’ve seen the real-world impacts that various types of attacks have on an organization and the efforts that go into recovery.

19 March 2020
Ookeditse Kamau
Blog Post

Building A Governance System: A Review of Information Flow and Items Component

The COBIT 2019 framework defines seven components of a governance system that individually and collectively contribute to the good operations of the enterprise system over information and technology. Among those components is information flow.

17 March 2020
Organizational Security Spending Trending Toward Services
Blog Post

Organizational Security Spending Trending Toward Services

Since the emergence of information security online, organizations have poured millions of dollars into products promising to increase speed of incident recognition, response times and overall operational efficiencies. To a certain extent, the idea that automation and enablement work hand-in-hand has proved out over the past several decades.

12 March 2020
Learning From Technology’s Past
Blog Post

Learning From Technology’s Past

When I think of technological progress, in a lot of cases we are seeing new views and takes on existing ideas. Ideas keep coming back around, just like “The Song That Doesn’t End.”

11 March 2020
We Need More Women Working in AI
Blog Post

We Need More Women Working in AI

A study by the World Economic Forum and LinkedIn found that only 22 percent of AI professionals are women. Research by the AI Now Institute found that women make up only 15 percent of the AI research staff at Facebook and only 10 percent at Google

6 March 2020
A Look Back at RSA 2020 Conference leadership and careers
Blog Post

A Look Back at RSA 2020 Conference: ISACA Attendees Share Their Takeaways and Tips

Several ISACA experts attended the RSA 2020 Conference last week in San Francisco, California, and took advantage of the wealth of onsite sessions and opportunities to meet with others in the tech community. A few shared some reflections from the conference with ISACA Now—both around industry trends and takeaways, and about the first-timer’s overall conference experience.

5 March 2020
In It Together: Expert Advice on Creating Strong Teams at RSA Leadership and Careers
Blog Post

In It Together: Expert Advice on Creating Strong Teams at RSA

ISACA’s recently released 2020 State of Cybersecurity survey report revealed some sobering findings around hiring and retention for cybersecurity teams.

5 March 2020
Evaluating Security Incident Management Programs
Blog Post

Evaluating Security Incident Management Programs

The dynamic operational landscape that is created as businesses drive competitive advantage through technology renders a static risk management program ineffective. As enterprises innovate, information technology groups are challenged with revisiting the suitability of architecture, security platforms and/or software deployment to meet business-driven changes.

4 March 2020
Susan Snedaker
Blog Post

Business Continuity – Pandemic Preparation

The recent outbreak of a new virus, COVID-19, or the coronavirus, has many businesses scrambling to develop or review their business continuity plans. While there is much unknown about COVID-19 and whether it will turn into a pandemic, there are many things business can do today to ensure their businesses continue to operate if it does occur.

3 March 2020
A Compliance-First Mentality Increases Enterprise Risk
Blog Post

A Compliance-First Mentality Increases Enterprise Risk

Risk, in the context of cybersecurity, constantly looms in the minds of all information security professionals. From the introductory IT help desk professional to the seasoned chief information and security officers, threats, and their potential impact, can cause serious concern and stress if they remain unknown variables.

17 February 2020
Innovating IT Audit To Keep Up With New Technologies
Blog Post

Innovating IT Audit To Keep Up With New Technologies

IT is continuing to progress. Personal and business computing solutions are increasingly elaborate and far-reaching. And concepts such as the Internet of Things (IoT), machine learning (ML) and artificial intelligence (AI) have begun to be applied in a practical way.

28 February 2020
Three Essentials To Thrive in a High Pressure CISO Role
Blog Post

Three Essentials To Thrive in a High Pressure CISO Role

A recent Ponemon Institute report predicted that the role of the chief information security officer (CISO) will continue to rise in significance. This is underpinned by the growing realization by executives that just one serious security incident or data breach could derail the growth and profitability of their companies because of impact to brand and the cost to remediate, the incurring of fines and legal fees, and/or customer lo

27 February 2020
Differentiating Key Terms in the Information Security Hierarchy
Blog Post

Differentiating Key Terms in the Information Security Hierarchy

The following terms may be familiar, but they can be used incorrectly. Many of these will be referred to as “policies,” even if that’s not what they truly represent. Having a better understanding of these terms enables your organization to create better governance documentation.

26 February 2020
Solving the Cybersecurity Skills Gap Requires a Mindset Change
Blog Post

Solving the Cybersecurity Skills Gap Requires a Mindset Change

ISACA’s State of Cybersecurity 2020 research on hiring and retention requires us to confront a challenging reality: We simply aren’t making enough progress.

24 February 2020
Blog Post

Who and What Are Worthy of Trust?

It has become extraordinarily difficult to distinguish between whom or what you can trust, and who or what is out to get you. Indeed, the 29 December 2019 issue of The New York Times included a section highlighting “A Decade of Distrust,” which featured the following quote from Michiko Kakutani...

20 February 2020
Digital Transformation: Proper Preparation Prevents Poor Performance
Blog Post

Digital Transformation: Proper Preparation Prevents Poor Performance

Without proper planning, backcountry winter camping in Canada can be deadly. With temperatures that can easily drop below -25 degrees Celsius (-13 degrees Fahrenheit) during polar vortex conditions while you are out there with little more than snowshoes (or backcountry skis), a tent, backpack and a sleeping bag (and enough nutrition to handle minor emergency situations), any mistakes or omissions from your kit...

18 February 2020
Key Touchpoints on the Job Candidate Journey

Key Touchpoints on the Job Candidate Journey

When I work with companies as an executive recruiter, I advise them on how they can improve their recruiting and hiring process by mapping different parts of the candidate journey, and how to make an impact through critical candidate touchpoints.

14 February 2020
Your Audit Reports Have Consequences
Blog Post

Your Audit Reports Have Consequences

A report is defined as a spoken or written description of an event or situation. As such, reports can have positive or sometimes negative impacts upon people or subsequent events. Can you remember the first time your brought back a bad school report to your parents or guardian?

12 February 2020
Expanding Opportunity in Cybersecurity Through Deeper Collaborations Between Schools, Providers and Employers
Blog Post

Expanding Opportunity in Cybersecurity Through Deeper Collaborations Between Schools, Providers and Employers

Ever since I started working in education, from K-12 to higher ed, and now to the professional sector, I envisioned this transformative trifecta that could lead to the ultimate educational outcome – employability.

10 February 2020
Making Risk Assessments Relevant
Blog Post

Making Risk Assessments Relevant

Organizations track risk for good reason. Risk is a way of measuring the effects of uncertainty, and the resulting opportunities and potential pitfalls. When risk is measured, it can be managed, and organizations that actively manage risk are better positioned for success, today and in the future.

5 February 2020
New Look Marks a New Era for ISACA
Blog Post

New Look Marks a New Era for ISACA

If you’re a return visitor to the ISACA website, the site probably looks very different than your last visit, but it’s still packed with the valuable resources that keep you coming back.

31 January 2020
Five Common Privacy Problems in an Era of Smart Devices
Blog Post

Five Common Privacy Problems in an Era of Smart Devices

I gave an Internet of Things (IoT) security and privacy keynote half a dozen times throughout the world last year, along with as many executive presentations. These presentations described the lack of security and privacy engineering within the devices themselves and related contributing factors.

28 January 2020
CCPA’s Do Not Sell: It’s Here, But What Does It Mean?
Blog Post

CCPA’s Do Not Sell: It’s Here, But What Does It Mean?

So, the California Consumer Privacy Act (CCPA) went into effect – and, the world didn’t burn. Companies have many issues to contend with, but one in particular has presented challenges to businesses that sell personal information.

22 January 2020
Complacency Presents a Glaring Career Risk
Blog Post

Complacency Presents a Glaring Career Risk

Alison Levine, First American Women's Everest Expedition Team Captain and a New York Times bestselling author of “On the Edge,” will be the opening keynote speaker at ISACA’s 2020 North America CACS conference

16 January 2020
Another Buzzword Demystified: Zero-Trust Architecture
Blog Post

Another Buzzword Demystified: Zero-Trust Architecture

I recently attended a security conference with multiple speakers covering a wide variety of topics – one of the topics, “Zero-Trust Architecture” (ZTA), was being addressed by one of the vendors, and I decided to sit-in to listen.

14 January 2020
Using AI as a Defensive Tool
Blog Post

Using AI as a Defensive Tool

In a previous Journal article, I wrote about artificial intelligence (AI) and talked about the massive amount of digital data that are being accumulated, how new digitally oriented technology is affecting us, the sources of online data (e.g., personal, private), how data are used and how a career in AI can be useful to those interested in developing the skills to use AI.

13 January 2020
Storing for the Future: How Data Centers Will Advance in 2020
Blog Post

Storing for the Future: How Data Centers Will Advance in 2020

The idea that data is an incredibly valuable resource in the modern business landscape isn’t new—but best practices for managing that data seem to change almost by the year.

10 January 2020
In the New Year, Don’t Fall Back Into the Same Bad Cybersecurity Habits
Blog Post

In the New Year, Don’t Fall Back Into the Same Bad Cybersecurity Habits

Around this time each year, many people aim to follow through on their New Year’s resolutions with the hope of finally being able to break that bad habit, which can prove trickier than we would like.

7 January 2020
Who Will Harness AI More Effectively in the New Decade: Cybercriminals or Cybersecurity Professionals? Risk
Blog Post

Who Will Harness AI More Effectively in the New Decade: Cybercriminals or Cybersecurity Professionals?

We know artificial intelligence will loom large in the new decade, and we know cybersecurity will be critically important as well. How those two forces intersect sets up as one of the most fascinating – and consequential – dynamics that will shape society’s well-being in the 2020s.

3 January 2020
Key Steps to Ensuring CISO Effectiveness
Blog Post

Key Steps to Ensuring CISO Effectiveness

n the classic movie “The Wizard of Oz,” protagonist Dorothy Gale leaves Kansas and enters a new world, the land of Oz.

Innovating Yourself as an IS Auditor
Blog Post

Innovating Yourself as an IS Auditor

As new technologies are developed, we have to stay up to date with them. More so than almost any other practitioner interfacing with information technology, auditors have to work hard at continual education.
Five Revealing Security Incidents of 2019, and What We Can Learn from Them
Blog Post

Five Revealing Security Incidents of 2019, and What We Can Learn from Them

Every year has its share of security gaffes, breaches, and hacker “shenanigans.” As we enter into the new year, it is inevitable that we will see articles in the mainstream and trade press recapping the worst of them.
Connecting COBIT 2019 to the NIST Cybersecurity Framework
Blog Post

Connecting COBIT 2019 to the NIST Cybersecurity Framework

Among the most exciting projects I’ve worked on has been the integration of NIST’s Cybersecurity Framework with COBIT.

Leveraging Emerging Technology for Better Audits
Blog Post

Leveraging Emerging Technology for Better Audits

My first role post-graduation was working as a financial statement auditor. We used tick mark pencils on printed workpapers, and we manually footed (recalculated) balances.
Government Officials Must Become Better Attuned to Data Privacy Regulations
Blog Post

Government Officials Must Become Better Attuned to Data Privacy Regulations

Data privacy and security is more important than ever before. Despite existing policies, the number of data breaches is on the rise and unencrypted personal information is getting into the wrong hands.
Addressing the Challenges of New Privacy Laws
Blog Post

Addressing the Challenges of New Privacy Laws

US State of California Senate Bill 327 Information Privacy: Connected Devices (SB 327) goes into effect January 2020.
Artificial Intelligence: A Damocles Sword?
Blog Post

Artificial Intelligence: A Damocles Sword?

In Greek mythology, the courtier Damocles was forced to sit beneath a sword suspended by a single hair to emphasize the instability of kings’ fortunes. Thus, the expression “the sword of Damocles” to mean an ever-present danger.
Who Am I? CRISC Equips Professionals and Organizations with a Valuable Identity
Blog Post

Who Am I? CRISC Equips Professionals and Organizations with a Valuable Identity

As a risk practitioner, have you ever tried to describe what you do for a living to a family member or a friend?

AI Practitioners: Our Future Is in Your Hands
Blog Post

AI Practitioners: Our Future Is in Your Hands

Imagine it is sometime in the 22nd century and that the future you is preparing for a complex surgical procedure at the local robot-run hospital, where it has become commonplace for robots to perform sophisticated, repeatable tasks, such as heart surgery, on human patients.
When Everything Old is New Again: How to Audit Artificial Intelligence for Racial Bias
Blog Post

When Everything Old is New Again: How to Audit Artificial Intelligence for Racial Bias

You may not know it, but artificial intelligence (AI) has already touched you in some meaningful way.

AI and Healthcare: A Life-Saving Combination
Blog Post

AI and Healthcare: A Life-Saving Combination

Artificial intelligence (AI) and machine learning are common terms in the world of emerging technology. Although still sounding futuristic to some people, AI is already being deployed everywhere from fantasy football weekly recap emails, to retail environments, to advanced, state-sponsored surveillance systems.
Overcoming Legacy Thinking a Key Strategy for Actively Shaping The Future
Blog Post

Overcoming Legacy Thinking a Key Strategy for Actively Shaping The Future

The rapidly increasing pace of technology change and digital disruption leads to an unprecedented pace at which organizations must address opportunities and risks that could make or break their success. In the new decade of the 2020s, technology-driven exponential change will accelerate even more sharply. Unfortunately, most organizations are ill-prepared for what is to come, and will remain so unless they replace their reactionary approach to the technology landscape with an anticipatory one.
How Big Data Aids Cybersecurity
Blog Post

How Big Data Aids Cybersecurity

The increasing reliance on big data and the interconnection of devices through the Internet of Things (IoT) has created a broader scope for hackers to exploit.
Ignorance is Not Bliss When It Comes to Defending Against the Dark Web
Blog Post

Ignorance is Not Bliss When It Comes to Defending Against the Dark Web

The dark web ecosystem continues to evolve as a place where cybercriminals can sell and access stolen data, purchase black-market items such as guns, drugs and hacking software, and connect with like-minded individuals.
Infosecurity-ISACA Conference Highlights: Hands-On Experiences and Dialogue Around Emerging Technologies, 2020 Predictions and Women in Tech
Blog Post

Infosecurity-ISACA Conference Highlights: Hands-On Experiences and Dialogue Around Emerging Technologies, 2020 Predictions and Women in Tech

Theresa Payton set the tone for the first day of last week’s Infosecurity ISACA North America Expo & Conference in New York City, delving into the multifaceted landscape of emerging technologies with the audience of information security professionals, and also sharing anecdotes from one of her most high-profile jobs, as White House CIO under the George W. Bush administration—including a story of negotiating with a cyber criminal on the dark web at her kitchen table over three nights.
Information Governance: You Have to Start Somewhere
Blog Post

Information Governance: You Have to Start Somewhere

Deborah Juhnke, senior consultant with Information Governance Group LLC, cited a definition of information governance as “an organization’s coordinated, interdisciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information.”
What Do You Expect in the Next Decade of Tech?
Blog Post

What Do You Expect in the Next Decade of Tech?

What are some of the major changes you expect to see in the technology landscape in the next decade?
How Blockchain is Revolutionizing the Travel and Hospitality Industry
Blog Post

How Blockchain is Revolutionizing the Travel and Hospitality Industry

The potential of blockchain technology has inspired hype and buzz for years.
Feeling Like A Fraud: Imposter Syndrome
Blog Post

Feeling Like A Fraud: Imposter Syndrome

“Imposter Syndrome can be defined as a collection of feelings of inadequacy that persist despite evident success.
Value Professional Networking Early in Your Career
Blog Post

Value Professional Networking Early in Your Career

Depending on your personal interests, social skills and professional goals, professional networking may or may not be your favorite activity. Whether or not you enjoy networking, it should be a priority in your professional life – especially earlier in your career as you are building your professional network.
What I Wish I Knew When I Started in IT Audit
Blog Post

What I Wish I Knew When I Started in IT Audit

Who among us does not sometimes reflect on our journey and certain days that remain nailed to our memory, either because they were too tough to forget or too good to be true?

7 November 2019
Information Security for Biomedical Devices
Blog Post

Information Security for Biomedical Devices

Though device manufacturers have worked to improve the cybersecurity of their medical devices, there is still a long way to go. Improvements aside, there are distinct steps the IT information security department can take to reduce risk and improve cybersecurity for medical devices.
AI or GDPR?
Blog Post

AI or GDPR?

Consider an organization adopting artificial intelligence (AI) as being represented by a self-driving car.

For Tech and IT Startups, Coworking Spaces Make the Most Sense
Blog Post

For Tech and IT Startups, Coworking Spaces Make the Most Sense

When most people think about coworking spaces, they immediately picture a bunch of freelancers and solopreneurs working on independent ventures at shared desks. But coworking spaces are more versatile than this.
Rising Complexity, Higher Stakes for Enterprise Risk Management
Blog Post

Rising Complexity, Higher Stakes for Enterprise Risk Management

Cyber risk has understandably become a focal point for enterprise risk managers, but the risk landscape is multi-layered and extends beyond the realm of cybersecurity. In addition to contending with a daunting array of cyberthreats, enterprises are determining how much risk they are willing to accept in deploying emerging technologies, working through a heightened focus on customer privacy and adjusting to changes in the regulatory environment.
The Role of Data Strategy in Optimizing Organizational Processes
Blog Post

The Role of Data Strategy in Optimizing Organizational Processes

The relevance of data cannot be over emphasized in today’s world, where change is the only constant. Decisions that managers and executives tend to make emanate from the availability of data analysis.

Technology Emboldening Innovators on the Ground, in the Air and Beyond
Blog Post

Technology Emboldening Innovators on the Ground, in the Air and Beyond

A future in which passengers order air taxis, victims of serious accidents tap neurotechnology to rise above limitations and AI/machine learning-fueled space exploration allows astronauts to trek deeper into the universe – for longer periods – was boldly presented on Monday, 28 October, at the Dare Mighty Things technology conference in Chicago, Illinois, USA.
Practical Recommendations for Better Enterprise Risk Management
Blog Post

Practical Recommendations for Better Enterprise Risk Management

Based upon my experience in Enterprise Risk Management, I was not surprised to see respondents to new State of Enterprise Risk Management research from ISACA, CMMI Institute and Infosecurity identify risk identification and risk assessment to be the most employed risk management steps in their organizations
CISOs and CMOs Joined At The Hip in the Era of Big Data
Blog Post

CISOs and CMOs Joined At The Hip in the Era of Big Data

Senior leaders in business and government ought to take note of ISACA’s State of Cybersecurity 2019 research, which details the findings of a global survey of cybersecurity professionals.
Senior IT Audit Leaders Discuss Cybersecurity Data Analytics
Blog Post

Senior IT Audit Leaders Discuss Cybersecurity Data Analytics

Senior IT audit leaders met to discuss a wide variety of topics, including audit analytics, IT audit’s role in cybersecurity and incident management, and agile/DevOps shops, at the recent IT Audit Leaders Summit in Geneva, Switzerland, as part of EuroCACS/CSX 2019. Participants shared opinions and best practices, and strategized on the path forward with new technologies and business practices.
Securing the SWIFT Cross Border Payment System Within Banks
Blog Post

Securing the SWIFT Cross Border Payment System Within Banks

A series of cyber-attacks involving the SWIFT banking network have come to light in recent years. The first public report of these attacks came from the Bangladesh Central Bank, and we have also seen attacks at State Bank of Mauritius, Cosmos Bank (India) and City Union Bank (India).
Is Your Organization Supporting Paths to Develop Women as Leaders?
Blog Post

Is Your Organization Supporting Paths to Develop Women as Leaders?

Is your organization supporting women in reaching leadership positions? Why is this important?
David Samuelson
Blog Post

Saluting the Spirit of Volunteerism That Made CommunITy Day a Success

On ISACA’s first CommunITy Day on 5 October, 2019 – a day in which our global professional community came together over one day to volunteer in their local communities – the passion, creativity and industriousness of ISACA’s professional community was on full display.
Establishing Credibility with More Experienced Clients and Business Partners
Blog Post

Establishing Credibility with More Experienced Clients and Business Partners

I graduated college with all the confidence in the world. However, I then entered Corporate America, and I had a rude awakening.
A Seat at the Table: Internal Auditors as Operational Partners and Organizational Strategists
Blog Post

A Seat at the Table: Internal Auditors as Operational Partners and Organizational Strategists

IT auditors new to the profession may hear references to a time when the internal audit function was viewed as the “police.” Years ago, it was not uncommon for organizations to perceive internal audit’s responsibilities of assessment and evaluation as being similar to that of a policing function.

ISACA’s SheLeadsTech™ Second Day of Advocacy in DC: Paving Pathways for More Women and Girls in Tech
Blog Post

ISACA’s SheLeadsTech™ Second Day of Advocacy in DC: Paving Pathways for More Women and Girls in Tech

More than 60 women and men gathered on Capitol Hill in Washington, DC, on 7 October for the SheLeadsTech program’s second annual Day of Advocacy.
Big Data Analytics Powering Progress in Animal Agriculture
Blog Post

Big Data Analytics Powering Progress in Animal Agriculture

There has been significant progress in technologies that can be utilized in the livestock industry. These technologies will help farmers, breeders associations and other industry stakeholders in continuously monitoring and collecting animal-level and farm-level data using less labor-intensive approaches.
ISACA Well-Positioned to Advance Learners’ Journeys
Blog Post

ISACA Well-Positioned to Advance Learners’ Journeys

I am the product of a liberal arts education. On the surface, what I learned in school has very little relevance to my day to day right now, yet, when you dig deeper, the communication and critical thinking skills that education instilled in me helped in ways beyond measure.
Regulatory Landscape Provides Added Incentive for Enterprises to Explore Blockchain
Blog Post

Regulatory Landscape Provides Added Incentive for Enterprises to Explore Blockchain

The increasing emphasis on data privacy gained widespread attention last year with the enforcement deadline of the General Data Protection Regulation (GDPR).
Cybersustainability: Ensuring Digital Strategies That Protect Data
Blog Post

Cybersustainability: Ensuring Digital Strategies That Protect Data

Increasingly, security professionals use language that makes a distinct comparison between our physical environment and our digital infrastructures.

Will Women in Tech Benefit from Millennials Weighing in or Exiting Out of Overdemanding Tech Cultures?
Blog Post

Will Women in Tech Benefit from Millennials Weighing in or Exiting Out of Overdemanding Tech Cultures?

The tech industry has been burning through talent and losing IP for decades, but this is usually after years or even decades of contributions. Some suggest it is based on work-life balance challenges, but a recent ISACA study, Tech Workforce 2020: The Age and Gender Perception Gap, highlights how millennials factor into this equation, too.
Tips for the Novice IT Auditor
Blog Post

Tips for the Novice IT Auditor

Norman Ralph Augustine once said, “Two-thirds of the Earth’s surface is covered with water. The other third is covered with auditors from headquarters.” This highlights the rise of the auditing profession and the importance that more and more companies are placing on internal and external audits due to increasing regulatory requirements.
How the CISM and CISSP Certifications Can Complement One Another
Blog Post

How the CISM and CISSP Certifications Can Complement One Another

In 2003, I had just completed my MSc in Information Security. I was excited about my future career prospects as I believed I had obtained at least the minimum level of knowledge needed to enter the information security field.
Are We Asking the Right Questions When It Comes to the InfoSec Skills Shortage?
Blog Post

Are We Asking the Right Questions When It Comes to the InfoSec Skills Shortage?

Chatting with a colleague recently about local economic issues, she made a remark which I found profoundly interesting at the time.
How 20 Minutes Can Lead to a More Inclusive Tech Workforce
Blog Post

How 20 Minutes Can Lead to a More Inclusive Tech Workforce

If perceptions were always reality, why would a company that has hired professionals after conducting reasonable background checks be wary of internally orchestrated fraud and other white-collar crime?
Who Should the CISO Report To? It Depends
Blog Post

Who Should the CISO Report To? It Depends

The information security challenges faced by enterprises are dependent on the unique characteristics of the business. This means there is no one “right” answer for where the CISO sits on the org chart.

The 2010s: A Decade of Growth and New Focal Points for ISACA
Blog Post

The 2010s: A Decade of Growth and New Focal Points for ISACA

The 2010s have seen remarkable growth at ISACA.
I Know What I Know (If You Know What I Mean)
Blog Post

I Know What I Know (If You Know What I Mean)

Edie Brickell (incidentally the wife of singer/songwriter Paul Simon) had a modest 1988 hit titled “What I Am.” The opening lines of the song contain the lyrics “I'm not aware of too many things. I know what I know if you know what I mean.”
What Capital One Got Right
Blog Post

What Capital One Got Right

The massive cyber breach of Capital One, reported in late July, quickly brought a chorus of condemnation of the company from a wide circle of pundits, concerned customers, competitors and potential investors. Lost in the media fray was Capital One’s exceptional incident response.
How Company Culture Helps Shape the Risk Landscape
Blog Post

How Company Culture Helps Shape the Risk Landscape

In today’s environment, companies all over the globe are experiencing culture risk.
Sizing Up Email Security Protocols
Blog Post

Sizing Up Email Security Protocols

Given the many instances of email security compromises, it has become vital to provide additional security to emails from the domain administrator level. Security protocols such as Domain-Based Message Authentication, Reporting and Conformance (DMARC), Domain Keys Identified Mail (DKIM), Sender Policy Framework (SPF) and Brand Indicators for Message Identification (BIMI) to prevent address spoofing are considered below.
Has GDPR Been a Success So Far?
Blog Post

Has GDPR Been a Success So Far?

Since 25 May, 2018, the General Data Protection Regulation (GDPR) has been providing unified rules for data processing, requiring wider protection for the rights and interests of data subjects, and establishing important guidelines around the flow of information in the European Union.
vThird-Party Vendor Selection: If Done Right, It’s a Win-Win
Blog Post

Third-Party Vendor Selection: If Done Right, It’s a Win-Win

The benefits that can be realized from using third parties to support the delivery of products and services are always part of any good sales pitch by prospective vendors. Often these benefits include reductions in operational spend, scalability, improved delivery time, specialized capabilities, and the availability of proprietary tools or software, all of which equate to a competitive advantage for companies leveraging third-party relationships effectively.
US Government Innovates Cyber Job Fulfillment
Blog Post

US Government Innovates Cyber Job Fulfillment

Cybersecurity professionals believe their teams are understaffed, many teams have unfilled positions, open positions often take six months or more to fill, and job candidates often are not qualified for the positions for which they applied, as evidenced in the last several State of Cybersecurity annual surveys conducted by ISACA.
CISOs Must Address Their Blind Spot for Effective Oversight of ICS Security
Blog Post

CISOs Must Address Their Blind Spot for Effective Oversight of ICS Security

Cybersecurity resilience of Industrial Control Systems (ICS), Building Management Systems (BMS) and other Operational Technology (OT) systems is falling behind, a critical challenge considering the potential impact of a cyberattack on ICS and OT could result in the loss of lives and/or major environmental damage.

How to Prepare for Taxation in a Digitalized Economy
Blog Post

How to Prepare for Taxation in a Digitalized Economy

While IT professionals and auditors are not required to be tax experts, they do need to have a certain level of mindfulness with regard to taxation within the digitalized economy going forward as tax collection is slowly but surely becoming part of the natural business ecosystem where taxation happens by default.
Improve ROI From Technology By Addressing the Digital Risk Gap
Blog Post

Improve ROI From Technology By Addressing the Digital Risk Gap

All too often, IT and risk management professionals seem to be speaking a different language—that is, if they even speak at all. Bridging the Digital Risk Gap, the new report jointly authored by RIMS, the risk management society®, and ISACA, promotes understanding, collaboration and communication between these professionals to get the most out of their organizations’ technological investments.
How Responsible Are Cloud Platforms for Cloud Security?
Blog Post

How Responsible Are Cloud Platforms for Cloud Security?

These days, just about every software platform or app available has some kind of cloud functionality.
Five Ways to Identify Early Leadership Opportunities as a Young Professional
Blog Post

Five Ways to Identify Early Leadership Opportunities as a Young Professional

It has been said that leadership cannot be learned and that it is an innate ability. While that may be true to a degree, there are steps young professionals can take to hone their innate leadership abilities through experience early in their careers.
Interesting Times Ahead: Why Young Professionals Should Consider Careers in Information Security
Blog Post

Interesting Times Ahead: Why Young Professionals Should Consider Careers in Information Security

About 10 years ago, when I was deciding on my major in university, I was very anxious about where my decision would lead me. I eventually chose Management of Information Systems, and fast forward 10 years later, I’m working as an information security consultant at a Big 4 firm.
Cybersecurity a Central Ingredient in Evolving Digital Business Models
Blog Post

Cybersecurity a Central Ingredient in Evolving Digital Business Models

About the only thing shifting as fast as the cyber threat landscape is the typical enterprise’s org chart.
Digital Transformation Oversight Extends Beyond Technology
Blog Post

Digital Transformation Oversight Extends Beyond Technology

Digital transformation. Digitalization. Digitization. Three business terms in common use today that describe the differences in scope of the organizational digital effort, in this case in order of decreasing scope.
Know Who Your Customers Really Are or Prepare for Trouble
Blog Post

Know Who Your Customers Really Are or Prepare for Trouble

Recently in the UK, the women’s national football team manager, Phil Neville, called for all social media accounts to be verified and accountable as the result of a spate of racist postings, and asked for a boycott of social media until the situation is addressed.
Auditing Green IT
Blog Post

Auditing Green IT

Sustainability has become a key focus in the 21st century.

Trsar Family Helps Ensure ISACA’s Growth in ‘Good Hands’
Blog Post

Trsar Family Helps Ensure ISACA’s Growth in ‘Good Hands’

As ISACA celebrates its 50th anniversary in 2019, we are telling stories of the members, volunteers and staff who have contributed to ISACA’s growth and global impact. Below is an excerpt from a feature article on the ISACA staff father-son duo of Terry Trsar and Tim Trsar.
Keys to More Effective Vendor Risk Management
Blog Post

Keys to More Effective Vendor Risk Management

Certain industries have a better conceptual understanding of their supply chain than others. For instance, in manufacturing, it’s very clear that raw materials come in one end and out the other comes a completed, processed product for consumption.

Ethics in IT: An Emerging Frontier in the Enterprise Governance of IT
Blog Post

Ethics in IT: An Emerging Frontier in the Enterprise Governance of IT

Trust. Privacy. Transparency. Three words that have invaded our technology lexicon. In an age of fashionable falsehoods, it is probably not surprising that these words permeate almost any aspect of our lives in technology, in government and even in our organizations.

Improving Cybersecurity Awareness Through Hacking
Blog Post

Improving Cybersecurity Awareness Through Hacking

Cybersecurity awareness is a topic that most organizations and leaders know is important, but is typically treated as a check box requirement to remain compliant with regulations or mandates placed on the enterprise. Most leaders will argue that cybersecurity awareness training is very important but only marginally effective.
How Cybersecurity Can Better Support Digital Transformation Business Goals
Blog Post

How Cybersecurity Can Better Support Digital Transformation Business Goals

Consumers are demanding we offer outstanding user experiences and technology interfaces, and we need to strategize how we both safeguard and leverage ever-growing portfolios of data and systems to differentiate ourselves from our competitors.

Learning to Secure AI
Blog Post

Learning to Secure AI

The trends appear to be presenting themselves all over the place; TV commercials, online ads, corporate product announcements, etc., are all saying the same thing: Artificial intelligence (AI) adoption and use are exploding.
Exploring COBIT 2019s Value for Auditors
Blog Post

Exploring COBIT 2019s Value for Auditors

COBIT 2019 is a terrific resource for a wide range of business technology professionals.
In the Age of Cloud Physical Security Still Matters
Blog Post

In the Age of Cloud Physical Security Still Matters

As a security consultant, I’ve had the opportunity to assess the security postures of clients of all shapes and sizes. These enterprises have ranged in sizes from a five-man startup where all security (and information technology) was being handled by a single individual to Fortune 500 companies with standalone security departments staffed by several people handling application security, vendor security, physical security, etc. This post is based primarily on my experiences with smaller clients.
The Role of Ethics in Risk Management
Blog Post

The Role of Ethics in Risk Management

Most people are aware of and talking about risk management. However, barring a handful of high-profile and sophisticated IT organizations, for most enterprises, it is more talk vs. the actual implementation of risk management practices.
The Film Industry and IT Security
Blog Post

The Film Industry and IT Security

For those in the ISACA community who are fans of popular culture, you might have noticed in recent years that, in many cases, film and TV stars are beginning to look more like you and I, and less like the muscle men of our youths.
Ethical Considerations of Artificial Intelligence
Blog Post

Ethical Considerations of Artificial Intelligence

Have you ever stopped to consider the ethical ramifications of the technology we rely on daily in our businesses and personal lives?

The Key Point Everyone is Missing About FaceApp
Blog Post

The Key Point Everyone is Missing About FaceApp

Much has been written in recent weeks about the widely publicized privacy concerns with FaceApp, the app that uses artificial intelligence (AI) and augmented reality algorithms to take the images FaceApp users upload and allow the users to change them in a wide variety of ways.

Auditing a Migration Plan When Transferring from On Site to the Cloud
Blog Post

Auditing a Migration Plan When Transferring from On Site to the Cloud

Have you ever audited a computer system’s migration plan when transferring it from on site to the cloud? Here are some recommendations to keep in mind based on lessons learned from migration practices:
Applying Chaos Theory to Security
Blog Post

Applying Chaos Theory to Security

It has become almost impossible to face cybersecurity issues just by using the presently available countermeasures; hackers always find aways to bypass them.

The Digital Age: A New World of Purpose-Driven Opportunity
Blog Post

The Digital Age: A New World of Purpose-Driven Opportunity

Jon Duschinsky, an entrepreneur, social innovator and firm believer in leading a purpose-driven existence, will be the closing keynote speaker at ISACA’s EuroCACS/CSX 2019 conference, to take place 16-18 October in Geneva, Switzerland. Duschinsky recently visited with ISACA Now and shared his thoughts on why being purpose-driven is more realistic than ever in today’s digital age. For more of Duschinsky’s insights, listen to his recent appearance on the ISACA Podcast.
Modernized Maritime Industry Transports Cyberthreats to Sea
Blog Post

Modernized Maritime Industry Transports Cyberthreats to Sea

If there is one universal truth we have learned from developments on the cybersecurity landscape in recent years, it is that none of us are free from cyberthreats. Attackers identify and exploit vulnerabilities wherever they might exist, regardless of the target’s geographic location, whether the target is an individual or an enterprise, or which industry sector the target represents.
ISACAs Global Impact To Be Celebrated on ISACA CommunITy Day
Blog Post

ISACAs Global Impact To Be Celebrated on ISACA CommunITy Day

On 5 October 2019, ISACA will conduct its inaugural ISACA CommunITy Day, a day of global service for ISACA members (through their chapters) and staff to give back to their local communities
FaceApp Puts Privacy Back Under Spotlight
Blog Post

FaceApp Puts Privacy Back Under Spotlight

There has been a heightened surge of questions about data privacy in recent weeks, especially in light of the app called FaceApp.

Measuring Risk Quantitatively
Blog Post

Measuring Risk Quantitatively

Quantitative risk has become a growing field of interest for information security professionals.

Establishing a Foothold in the Professional World as a Young Professional
Blog Post

Establishing a Foothold in the Professional World as a Young Professional

Extracurricular activities have filled my schedule for as long as I can remember. I was always involved in academic clubs and societies, and in most I held leadership positions.
How To Land Your First Job in Cybersecurity
Blog Post

How To Land Your First Job in Cybersecurity

Taking that first step on the career ladder is a difficult challenge in pretty much any industry. Even for entry-level opportunities, employers generally look for some level of previous industry experience. The question is, how do you get experience without having experience?

2 August 2019
Where to Begin Addressing the Policy-to-Execution Gap
Blog Post

Where to Begin Addressing the Policy-to-Execution Gap

How do you transform security and privacy compliance requirements into practical steps that can be executed by a team?
Assessing Public Sector Cyber Risk
Blog Post

Assessing Public Sector Cyber Risk

The past decade has seen a significant advance in cyber risk assessment maturity.
Capital One Data Breach | Cybercrime | ISACA Blog
Blog Post

Capital One Data Breach | Cybercrime | ISACA Blog

What We Should Learn from the Capital One Data Breach. ISACA reviews how learnings presented an opportunity to understand & improve our own security operations.

Peer Recognition of Outstanding Achievements Within ISACA Community
Blog Post

Peer Recognition of Outstanding Achievements Within ISACA Community

The prestige of the ISACA Awards Program is evident by the high caliber of recipients who are nominated and selected by their peers. Consider the eight Global Achievement Award recipients honored at North America CACS in 2019.
Addressing the Vulnerabilities of IoT Devices
Blog Post

Addressing the Vulnerabilities of IoT Devices

My recent Journal article on the Internet of Things (IoT) was inspired by an article I read on a botnet takedown that involved the digital recording devices that many people have connected to their television.
How to Approach Mitigating Third-Party Risk
Blog Post

How to Approach Mitigating Third-Party Risk

Vendor management comprises all processes required to manage third-party vendors that deliver services and products to organizations.
COBIT 2019 and Marathons
Blog Post

COBIT 2019 and Marathons

Training is important for marathon runners, but there are a number of specific factors that go into marathon runners achieving their personal best. Take a look at the examples below (and for you non-runners, your COBIT and digital transformation muscles will be exercised soon enough):
Transitioning GDPR Preparations Into Operations
Blog Post

Transitioning GDPR Preparations Into Operations

While organizations may think that they have done everything needed to prepare for GDPR, they may not have thought about how they arrive at assurance over GDPR, especially considering that being prepared for GDPR is different from having GDPR as part of operations.
Cyber Lessons for Enterprises from the Equifax Breach and Record Fine
Blog Post

Cyber Lessons for Enterprises from the Equifax Breach and Record Fine

Government regulators and representatives of Equifax announced a settlement on penalties and consumer restitution related to the 2017 data breach that exposed sensitive information belonging to 148 million people.
The Need for Speed
Blog Post

The Need for Speed

In the 1980's movie Top Gun, the protagonist utters the phrase, “I feel the need, the need for speed!” Peter “Maverick” Mitchell was an F-14 Tomcat pilot, an interceptor jet capable of flying more than twice the speed of sound.
NIST Risk Management Framework: What You Should Know
Blog Post

NIST Risk Management: What you Should Know | ISACA Blog

In late December 2018, NIST published a second revision of SP800-37, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy.
Taking Precautions With Smart Home Gadget Security
Blog Post

Taking Precautions With Smart Home Gadget Security

Smart home gadgets have been among the most popular holiday, housewarming and any-occasion gifts for the last few years. Whether it’s an interconnected home security system, a pet camera, or a voice-activated assistant like the Amazon Echo, homeowners and renters alike love having these tech gadgets in their homes.
Reimagining the Enterprise Landscape Through Advanced Technology
Blog Post

Reimagining the Enterprise Landscape Through Advanced Technology

Stafford Masie, CEO of Google Africa (2006–09) and Non Executive Board Member at ADvTECH, will be the closing keynote speaker at the 2019 Africa CACS conference, to take place 19-20 August in Johannesburg. Masie, an inventor, mentor and keen observer of how to humanize technology, recently visited with ISACA Now to discuss how enterprises in Africa and beyond can take advantage of the major technological forces of the day, such as artificial intelligence and advances in fintech. The following is a transcript, edited for length and clarity:
Defining the ROI of Automation
Blog Post

Defining the ROI of Automation

In his opening remarks to the general session of the Institute of Internal Auditors (IIA) 2018 Midyear Meetings in Orlando (Florida, USA), IIA Global Board Chairman Naohiro Mouri said that throughout his international travels while in office, he rarely heard from audit practitioners about the “pain of automation” despite the oft-cited benefits of automation technologies and their potential to revolutionize the internal audit function.
Getting Creative to Solve Security Challenges in Healthcare
Blog Post

Getting Creative to Solve Security Challenges in Healthcare

A recent article about information security challenges in healthcare pointed to the lack of resources many security teams report.
Practically Implementing DevSecOps
Blog Post

Practically Implementing DevSecOps

The explosion of DevSecOps has caused a lot of excitement and worry within the cybersecurity community. It is no longer of question of should an organization implement DevSecOps, but rather when and how?

Vendor Selection for ISO 27001 2013 Certification
Blog Post

Vendor Selection for ISO 27001 2013 Certification

The Information Security Management Systems Certification (ISO 27001:2013) helps organizations prove they are managing the security of clients’ and stakeholders’ information, and can generate the need for three types of vendors: certification body, internal audit and implementation.
Are the British Airways and Marriott GDPR Fines a Tipping Point?
Blog Post

Are the British Airways and Marriott GDPR Fines a Tipping Point?

For many months, infosec and privacy colleagues alike have been telling me that the FUD (fear, uncertainty and doubt) about the terrifying levels of EU fines under the European Union General Data Privacy Regulation (GDPR) have disappeared from the boardrooms and executive management meetings.
Stripping Off the Monster Tag from IT Governance An Inclusive Approach
Blog Post

Stripping Off the Monster Tag from IT Governance An Inclusive Approach

It is said that anything with two heads is a monster. I usually think of this saying when carrying out IT governance reviews, as inclusive governance seems to be a missing link.
Rebuilding Institutions for an Online World
Blog Post

Rebuilding Institutions for an Online World

Author and journalist Jamie Bartlett will be the closing keynote speaker at the Infosecurity ISACA North America Expo and Conference, which will take place 20-21 November 2019 in New York City. Bartlett recently visited with ISACA Now to discuss his outlook on how technology is reshaping society, beginning with his contention that the internet is killing democracy. The following is an edited transcript of the interview:
Coincidence or History?
Blog Post

Coincidence or History?

On 23 October 1969—just a few months after Apollo 11 landed on the moon—the Electronic Data Processing Auditors Association (EDPAA), later to become ISACA, was incorporated.

Don’t Forget These Factors When Considering a Certification
Blog Post

Don’t Forget These Factors When Considering a Certification

Part of growing as a young professional is being willing to continually learn and knowing your education should never stop.

1 July 2019
Five Ways to Jump-Start Your Career in the Tech Workforce
Blog Post

Five Ways to Jump-Start Your Career in the Tech Workforce

Are you a student or an early-career professional seeking to kick-start your career in tech? Do you feel a bit overwhelmed by the possibilities out there, unsure of yourself, and lacking a clear idea not only of where you'd like to go, but how you can get there?
Securing Your Data The Crown Jewels of Your Enterprise
Blog Post

Securing Your Data The Crown Jewels of Your Enterprise

Every organization has data that is vital for its organizational growth. Typically, most organizations build security around infrastructure, network and applications. But with data leakage becoming more prevalent, organizations are now considering data to be their crown jewel.
Continuous Security Validation
Blog Post

Continuous Security Validation

No corporate executive should feel secure. Every day, we keep hearing about yet another company getting hacked or losing sensitive data.
Extracting More Value from IoT Using COBIT 2019
Blog Post

Extracting More Value from IoT Using COBIT 2019

The time for making predictions about the number of IoT devices in future years and waiting for that time to come is long gone (however, if you really want to know, one source predicts there are going to be 75 billion IoT devices in 2025).
50th Anniversary Q&A with ISACA CEO David Samuelson
Blog Post

50th Anniversary Q&A with ISACA CEO David Samuelson

David Samuelson was appointed chief executive officer of ISACA on 1 April of 2019, the year of ISACA’s 50th anniversary. Samuelson recently visited with ISACA Now to discuss the meaning of joining the organization during its milestone year and how ISACA can draw upon its decades of industry leadership to become even more impactful in the future. The following is an abbreviated transcript of the Q&A interview.
How Small and Medium Businesses Can Leverage Cybersecurity for Client Value: Six Ways to Get Started
Blog Post

How Small and Medium Businesses Can Leverage Cybersecurity for Client Value: Six Ways to Get Started

Small and medium-sized businesses (SMBs) lack the resources of a large business, in both finances and personnel, making it more difficult to extract client value from a robust cybersecurity program.
How to Properly Review an SOC Report
Blog Post

How to Properly Review an SOC Report

As a follow-up to a blog post previously published by The Mako Group’s Chief Audit Executive, Shane O’Donnell, let’s dig a little deeper into what you should be reviewing when you receive your vendors’ SOC 1, SOC 2 or SOC 3 reports.
Brennan Baybeck
Blog Post

ISACA’s Future Brimming With Opportunity

As my relationship with ISACA unfolded through various volunteer roles for the past 25 years, I have had the privilege of seeing the organization evolve – through good times and challenging times – just as many of us have experienced in our personal lives and careers.
Patch Management Practice
Blog Post

Patch Management Practice

Unpatched systems represent a very serious IT security threat with potentially extremely important consequences, as documented in a large number of high-profile breaches that exploited known unpatched vulnerabilities.
Drive Your Own Destiny in Achieving Goals
Blog Post

Drive Your Own Destiny in Achieving Goals

An individual would be hard-pressed to debate that behaviors and habits individuals exercise in their personal lives have no bearing or effects on their professional career.
Three Steps to Begin Transforming Your Cybersecurity Program
Blog Post

Three Steps to Begin Transforming Your Cybersecurity Program

The nature of risk management has changed over the past 2 decades. Previously isolated IT infrastructures are more connected with the outside world, and organizations face an ever-expanding threat landscape.
Rethinking Cost Analysis in the Era of Cloud Computing and Emerging Tech
Blog Post

Rethinking Cost Analysis in the Era of Cloud Computing and Emerging Tech

Have you thought about cost analysis in the era of cloud operation, combined with other emerging technologies? There is an orthodox way of considering cost analysis: Costs can be fixed, variable or some combination of the two. However, when it comes to analyzing IT costs, traditional cost analysis in the era of emerging technologies is inadequate.
A Look at CIS Controls Version 7.1
Blog Post

A Look at CIS Controls Version 7.1

CIS Controls Version 7.1, released in April 2019, was developed by Center for Internet Security (CIS), which consists of a community of IT experts.
Increasing Your Organizaton’s Cybermaturity
Blog Post

Increasing Your Organizaton’s Cybermaturity

Managing cyberrisk is critically important for organizations. Interconnectedness, digitization, the focus on utilizing data and providing enhanced client experiences expand the attack surface and expose an organization to increased cyberrisk.
ISACA at Infosecurity Europe: Expert Speakers and New Research at Europe’s Largest Infosec Event
Blog Post

ISACA at Infosecurity Europe: Expert Speakers and New Research at Europe’s Largest Infosec Event

ISACA expert speakers, past board directors and chapter leaders provided insight and new research while ISACA representatives highlighted ISACA certifications and training solutions at Infosecurity Europe 2019, 4-6 June in London.
Integrating Human and Technical Networks in Organizational Risk Assessments
Blog Post

Integrating Human and Technical Networks in Organizational Risk Assessments

The US government’s recent efforts to ban the introduction of specific foreign IT vendors’ equipment in government networks is emblematic of the growing concern among organizational leaders posed by global supply chains, highlighting the broad interdependencies between technical and human systems
Innovation Is About People
Blog Post

Innovation Is About People

I was a member of an innovation team because of my expertise in servers, Active Directory and general information security practices.

MIT CISR Research Forum: Designing for Digital Leverage
Blog Post

MIT CISR Research Forum: Designing for Digital Leverage

The MIT CISR Research Forum (Europe), hosted by Heineken, recently was held in Amsterdam. As a partner of MIT CISR, ISACA was represented at the event. Presentation titles on the agenda like “Quick Look: What Is Your Digital Business Model?” by Joe Peppard, “Digitized Is Not Digital” by Jeanne Ross, “Managing Organizational Explosions During Digital Transformation” by Nick van der Meulen, and others, provided a good general sense of what the event would be all about.
The Role of Culture on IT Governance
Blog Post

The Role of Culture on IT Governance

It was 150 years ago that Sir Edward Tylor first referenced culture (in an anthropological sense) in his book Primitive Culture.

Why Don’t We Apply Due Diligence in Selecting Social Media Providers?
Blog Post

Why Don’t We Apply Due Diligence in Selecting Social Media Providers?

I’ve reviewed many social media implementations across a large variety of companies and, among the many concerns from a security perspective, is the total lack of due diligence over their selection.
Digital Ethics Rising in Importance
Blog Post

Digital Ethics Rising in Importance

The innovative capabilities of technology – as well as the potency of that technology – is advancing at a remarkable pace, creating new possibilities in today’s digital economy.

Build, Nurture Your Professional Network – And Start Early
Blog Post

Build, Nurture Your Professional Network – And Start Early

It can be surprising for professionals entering the workforce to realize that grades and knowledge is not the ultimate definer of your success.

28 May 2019
ISACA Opens Doors for Young Professionals with Early Leadership Opportunities
Blog Post

ISACA Opens Doors for Young Professionals with Early Leadership Opportunities

The value of being an active member in a professional organization such as ISACA cannot be overstated.

Sharpening the Axe
Blog Post

Sharpening the Axe

Internal auditors are under increasing pressure to add value to what is valued while, at the same time, helping to protect their enterprises from risk such as cyberattacks.
Tapping into ISACA’s Network to Shed Light on the Psychology of Information Security
Blog Post

Tapping into ISACA’s Network to Shed Light on the Psychology of Information Security

I was always fascinated by the complexity of the technology discipline. The truth is, it’s very broad. ISACA helps to define some of the career pathways for young professionals through its educational resources and certification program. This made me think about where I saw myself adding value to the industry.
David Samuelson
Blog Post

ISACAs Past Future Come Together at North America CACS

ISACA’s 50th anniversary year is about simultaneously honoring our past while visualizing how our professional community will innovate the future. Last week’s experience at our North America CACS conference in Anaheim provided tremendous inspiration on both fronts.
A Deeper Look Into the WhatsApp Hack and the Complex Cyber Weapons Industry
Blog Post

A Deeper Look Into the WhatsApp Hack and the Complex Cyber Weapons Industry

On 13 May, the Financial Times reported the discovery of a major security flaw in the popular messaging app, WhatsApp. The pervasive vulnerability, which affected both Apple and Android devices, allowed malicious actors to inject commercial spyware by ringing up unsuspecting targets using WhatsApp’s VOIP-based call function.
The Role of Incident Management in Identifying Gaps During Stabilization Period
Blog Post

The Role of Incident Management in Identifying Gaps During Stabilization Period

Deploying an enterprise resource planning (ERP) system is challenging, and identifying gaps that could lead to risk is one of the most important aspects of stabilization.
Controls in the Cloud Moving Over Isnt As Easy As Flipping a Switch
Blog Post

Controls in the Cloud Moving Over Isnt As Easy As Flipping a Switch
Securing Major League Baseball - On and Off the Field
Blog Post

Securing Major League Baseball - On and Off the Field

Three strikes and you're out is one of the more well-known sayings in baseball, but it only takes one devastating cyberattack to inflict huge damage on Major League Baseball or any of its 30 teams.
The Evolution and Power of Disruptive Technology Insights From an Executive Panel at NA CACS
Blog Post

The Evolution and Power of Disruptive Technology Insights From an Executive Panel at NA CACS

At ISACA’s North America CACS conference Tuesday morning, an executive panel spoke on the past 50 years of tech disruption—and where technology is taking us in the future.
A Spectrum of Professions The World Needs Us
Blog Post

A Spectrum of Professions The World Needs Us

From the days of determining how to secure and derive value from early computers to today’s challenges as organizations enact digital transformation, it has been a remarkable 50 years for ISACA’s professional community.
IT Audit Stay Relevant or Perish
Blog Post

IT Audit Stay Relevant or Perish

“Victory awaits him who has everything in order – luck, people call it. Defeat is certain for him who has neglected to take necessary precautions in time. This is called bad luck.” –Roald Amundsen, The South Pole
Driving or Driven by Disruption The AI Maturity Model
Blog Post

Driving or Driven by Disruption The AI Maturity Model

On 25 April 2019, Microsoft passed the trillion-dollar market cap threshold and passed Apple as the most valuable company in the world.
The Features and Challenges of IoT-Based Access Control
Blog Post

The Features and Challenges of IoT-Based Access Control

Employees and guests can use IoT-based access control for convenient access. Through their mobile device, they can be connected to a facility’s access control through digital ID securely.
ISACA-Infosecurity Keynoter Theresa Payton Design Security for Humans
Blog Post

ISACA-Infosecurity Keynoter Theresa Payton Design Security for Humans

Theresa Payton, former White House CIO and a prominent cybersecurity expert, will deliver the opening keynote address at the Infosecurity ISACA North America Expo and Conference, to take place 20-21 November 2019 in New York City. Payton recently visited with ISACA Now to reflect upon her time in the White House and provide analysis on how the technology and cybersecurity landscapes have evolved in her time since leaving the role. The following is a transcript of the interview, edited for length and clarity.
The Importance of Cyberresiliency
Blog Post

The Importance of Cyberresiliency

Cybersecurity is an endless process of chasing and preventing known attacks; anticipating attacks; and monitoring, alerting, patching, remediating and implementing solutions. It is becoming a maintenance function that trails hackers and other bad actors.
Putting Cyber Threat Intelligence Feeds to Good Use
Blog Post

Cyber Threat Intelligence Feeds | ISACA Blog

Cyber risk is business risk. Business are digitizing and governments are putting in place policies to promote digitalization and smart-city projects. While this helps citizens and organizations to adopt technology advancement, the continuous increase in cyberattacks, in both frequency and sophistication, pose significant challenges for organizations that must defend their data and systems from threat actors.
Stakeholder Management: Push or Pull? (Or Is it More About Building Trust?)
Blog Post

Stakeholder Management: Push or Pull? (Or Is it More About Building Trust?)

Managing projects for the best possible outcome is a bit art and a bit science. From a high-level view, stakeholder management includes: identifying the people that could impact a project, understanding the expectations of the stakeholders and their impact on a project, and developing strategies for effectively engaging the decision-making project stakeholders.
Navigating Change An Imperative for Technology Professionals
Blog Post

Navigating Change An Imperative for Technology Professionals

The fast-changing technology and regulatory landscape calls for members of ISACA’s professional community to continually refresh their knowledge and training.
Building an Audit Program for AWS
Blog Post

Building an Audit Program for AWS

When I produced my auditing Amazon Web Services (AWS) Journal article for volume 3, I was just wrapping up my very first audit against an AWS environment.
Five Software Programs To Improve the Security of Business Websites
Blog Post

Five Software Programs To Improve the Security of Business Websites

Cybersecurity may soon become an issue of higher concern than physical safety. We already share too much personal information online without paying attention.
The ISACA Way How I Earned the CISM CISA CRISC and CGEIT in 10 Months
Blog Post

The ISACA Way How I Earned the CISM CISA CRISC and CGEIT in 10 Months

Earlier this year, when I earned the last one of the Fab 4 of ISACA certifications – CISM, CISA, CRISC and CGEIT – I decided to write a post about my experience and the lessons I learned along the way. I hope this will be useful for anyone preparing to obtain these industry-recognized credentials.
GRC Keynoter Patrick Schwerdtfeger Endless Insights Within Organizations Reach
Blog Post

GRC Keynoter Patrick Schwerdtfeger Endless Insights Within Organizations Reach

Patrick Schwerdtfeger, closing keynote speaker at the GRC Conference 2019, to take place 12-14 August in Ft. Lauderdale, Florida, USA, is a business futurist specializing in technology topics such as artificial intelligence, blockchain and FinTech. Schwerdtfeger recently visited with ISACA Now to discuss how these and other components of digital transformation will reshape the business landscape going forward. The following is a transcript of the interview, edited for length and clarity:
How to Get Your Employees to Care About Cybersecurity
Blog Post

How to Get Your Employees to Care About Cybersecurity

With each highly publicized data breach or cyberattack, it becomes increasingly evident that businesses can’t sit back and hope their security strategy is strong enough to withstand an assault.

The Impact of the Thailand Cybersecurity Law
Blog Post

The Impact of the Thailand Cybersecurity Law | ISACA Blog

In the past 5 years, the cybersecurity agenda has been raised and discussed and in many forums because cyberattacks have been developed for various purposes, and the number of cybersecurity incidents or data breaches have increased dramatically every year.

The Gap Within the Skills Gap What Does Cybersecurity Really Need
Blog Post

The Gap Within the Skills Gap What Does Cybersecurity Really Need

I recently took to LinkedIn to air my views on one of the most talked-about topics in the world of tech: the cybersecurity skills gap. The skill gap is often discussed in urgent terms and, given my job as a cybersecurity recruiter, I see how it plays out in practice.

Why IT Teams Should Avoid Complacency
Blog Post

Why IT Teams Should Avoid Complacency

We are in 2019, and have all witnessed the effects of disruptive start-up companies, the growth and stability of the cloud market, the emergence of CI/CD practices and the simple need for agility. Inversely, there are organizations where none of what I mentioned is happening.
The Challenge of Assessing Security for Building Automation Systems
Blog Post

The Challenge of Assessing Security for Building Automation Systems

Building automation systems (BAS) have many characteristics that differ from traditional information processing systems, including different risks and priorities. Furthermore, these types of automation systems are subject to different performance and reliability requirements, and often employ operating systems, applications and configurations that may be considered unusual IT practices.
Tips to Prepare for ISACAs CRISC Exam
Blog Post

Tips to Prepare for ISACAs CRISC Exam

My motivation to pursue ISACA’s CRISC certification was to improve my skills, knowledge and understanding of enterprise and IT risk management.
ISACA Celebrates Volunteer Participation
Blog Post

ISACA Celebrates Volunteer Participation

It’s my favorite week of the year at ISACA – Volunteer Appreciation Week. It is a time when we all reflect on the important and impactful contributions members of our professional community have selflessly made to advance our organization and our industry. It is also a time to invite those who have not yet joined our volunteer corps to participate in ways that align with their interests and availability.
Why I’ve Gone From Avid Skeptic to Avid User of Biometrics
Blog Post

Why I’ve Gone From Avid Skeptic to Avid User of Biometrics

My first job in security – and in fact my first job out of school – was for a biometrics company.

Global Passion for ISACA Comes Through Loud and Clear
Blog Post

Global Passion for ISACA Comes Through Loud and Clear

As I begin my time as ISACA’s new chief executive officer, having just completed my first week in the role, one thing continues to impress me – the passion our professional community feels for ISACA.

Simplifying Enterprise Risk Analysis
Blog Post

Simplifying Enterprise Risk Analysis

How many enterprise risk analysis reports must an organization release? A few years ago, I faced this question in light of cost, time and complexity of the solution.

Happy 50th to the Organization That Keeps Me Ahead of the Curve
Blog Post

Happy 50th to the Organization That Keeps Me Ahead of the Curve

Recently, I celebrated a birthday (no, I am not going to tell you which birthday), and my 6-year-old niece who called to wish me a happy birthday asked me if I was wise now.
North America CACS Keynoter Sekou Andrews: Technology Pros Should Be Storytellers, Too
Blog Post

North America CACS Keynoter Sekou Andrews: Technology Pros Should Be Storytellers, Too

Sekou Andrews, a prominent poetic voice performer who blends inspirational speaking and spoken word poetry, will be the closing keynote speaker at ISACA’s 2019 North America CACS conference, to take place 13-15 May in Anaheim, California, USA. Andrews recently visited with ISACA Now, discussing why technology practitioners should also consider themselves to be storytellers and how changes on the technology landscape will lead to “a rediscovery of what it means to be human.” For more of Andrews’ insights on these and other topics, listen to his recent appearance on the ISACA Podcast.
Proactively Embracing Innovation
Blog Post

Proactively Embracing Innovation

When looking at innovation, it may seem daunting to involve audit properly to protect the organization. With any new effort, there are a lot of unknowns. In traditional project processes, there should be enough time to discover major issues and handle the risk revealed.
Being an Effective Cybersecurity Leader Amid Increasing Pressure Expectations and Threats
Blog Post

Being an Effective Cybersecurity Leader Amid Increasing Pressure Expectations and Threats

It’s important to think about leadership in the cybersecurity realm through the lens of the “lines of defense” model.
Defining the Role of the CISO
Blog Post

Defining the Role of the CISO

Organizations have diverse understandings of what digital security is and is not. As a consequence, they wrestle with who is responsible and who is accountable for digital security.
Technology a Key Driver in UN Conclusions
Blog Post

Technology a Key Driver in UN Conclusions

It’s a wrap. At approximately 7.30 p.m. in New York City on Friday night, the final gavel fell on the negotiations at the 63rd session of the Commission on the Status of Women at United Nations headquarters.

How Security Improvements Can Lead to Business Process Optimization
Blog Post

How Security Improvements Can Lead to Business Process Optimization

Security improvements are often viewed skeptically, as they always seem to be associated with higher time requirements and rising costs.
The Next Challenge in IT Compliance Reporting: SOC2 2017 Trust Services Criteria
Blog Post

The Next Challenge in IT Compliance Reporting: SOC2 2017 Trust Services Criteria

In the aftermath of GDPR, the next big change in the IT compliance standards landscape is here. The period of applicability for the new System and Organization Controls for Service Organizations: Trust Services Criteria (SOC2 2017 Trust Services Criteria) has just begun – all SOC2 reports with an examination period ending on or after 15 December, 2018 will have to be issued as per the new standard.
Five Considerations for Data Breach and Incident Reporting in the EU
Blog Post

Five Considerations for Data Breach and Incident Reporting in the EU

The increasing amount of cybersecurity incidents cause a serious negative impact on enterprises, prompting legislators around the world to explore new policies and regulations.
Why You Need to Align Your Cloud Strategy to Business Goals
Blog Post

Why You Need to Align Your Cloud Strategy to Business Goals

Your company has decided to adopt the cloud – or maybe it was among the first ones that decided to rely on virtualized environments before it was even a thing. In either case, cloud security has to be managed. How do you go about that?
How IT Teams Can More Efficiently Deliver Stakeholder Satisfaction
Blog Post

How IT Teams Can More Efficiently Deliver Stakeholder Satisfaction

Billy Beane was one of the first general managers in the history of Major League Baseball to use data to build out a successful team with a fraction of the budget relative to his peers. Like many IT leaders, he had to do more with less.
ISACA at RSA 2019: Sharing Research and Spurring Conversations
Blog Post

ISACA at RSA 2019: Sharing Research and Spurring Conversations

The theme of last week’s RSA Conference 2019, “Better,” gave ISACA the opportunity to engage with information and cybersecurity professionals on how we collaboratively move the technology field into a better future.
SheLeadsTech Returns to United Nations
Blog Post

SheLeadsTech Returns to United Nations

SheLeadsTech was back this week at the United Nations for the 63rd Session of the Commission on the Status of Women to continue the critically important work of empowering women and girls by providing access to social protection and appropriate infrastructure, including technology infrastructure.
C-Suite: The New Main Target of Phishing
Blog Post

C-Suite: The New Main Target of Phishing

We know that phishing attacks are on the rise, but did you know that more and more executives are falling for these phishing emails every day? New phishing campaigns targeting executives are intelligently crafted and difficult to spot.
Didn’t You Read My Email??’ and Other Security Awareness Fallacies
Blog Post

Didn’t You Read My Email??’ and Other Security Awareness Fallacies

I live in Austin, Texas, USA, where the bumper sticker quotient is fairly high, although diminishing with every vehicle that comes here from places like Dallas (no offense, Dallas — I don’t have any bumper stickers on my car either). One of my favorites is, “If you’re not appalled, you’re not paying attention.” I’m sure it was written with politics in mind, but it’s absolutely relevant for cybersecurity, too.
GDPR Audits for SMEs Are All About the Language
Blog Post

GDPR Audits for SMEs Are All About the Language

It is often said that a good auditor is a good communicator, and this is particularly true when dealing with smaller organizations.
Artificial Intelligence and Cybersecurity: Attacking and Defending
Blog Post

Artificial Intelligence and Cybersecurity: Attacking and Defending

Cybersecurity is a manpower-constrained market – therefore, the opportunities for artificial intelligence (AI) automation are vast.
Paying for Apps with Your Privacy
Blog Post

Paying for Apps with Your Privacy

Don’t look at your device when I ask you this question: How many apps do you have on your smartphone? Or, if you use your tablet more often, how many apps do you have on your tablet? Remember this number or write it down.
Environmental Drift Yields Cybersecurity Ineffectiveness
Blog Post

Environmental Drift Yields Cybersecurity Ineffectiveness

Your cybersecurity tools are working, optimized, and providing real, measurable, business value. They are successfully blocking attacks, detecting nefarious activity, and alerting the security team.
Three Keys to Improving Medical Device Security
Blog Post

Three Keys to Improving Medical Device Security

A report released in January by the Healthcare & Public Health Sector Coordinating Councils details the need for better security for medical devices, a topic infrequently discussed in healthcare until recently.

How to Ensure Data Privacy and Protection Through Ecosystem Integration
Blog Post

How to Ensure Data Privacy and Protection Through Ecosystem Integration

My recent ISACA Journal article, “Data Privacy, Data Protection and the Importance of Integration for GDPR Compliance,” describes how the movement and processing of personal data, along with the procedures around those workflows, are central to General Data Protection Regulation (GDPR) compliance.
Is Your GRC Program Ready to Thrive in the Digital Economy?
Blog Post

Is Your GRC Program Ready to Thrive in the Digital Economy?

Digital technologies have profoundly changed our lives, blurring the lines between the digital and physical worlds. From its humble beginnings, the current constellation of tools and technologies that empower organizations has grown smarter.

Certifications and the Paycheck: Trends and Truth
Blog Post

Certifications and the Paycheck: Trends and Truth

New highly validated data from 3,305 employers reveals that the average cash market value for hundreds of tech certifications is at its lowest point in four years. Meanwhile, pay premiums for non-certified skills in the same period have gained 6 percent in value on average.
Data Analytics in Internal Audit: State of the Data, 2019
Blog Post

Data Analytics in Internal Audit: State of the Data, 2019

Data Analytics in Internal Audit: State of the Data, 2019. ISACA reviews successful IT auditors can translate complex technical analytics or non-techies.

Moving Beyond Stubborn Reluctance to Comply with GDPR
Blog Post

Moving Beyond Stubborn Reluctance to Comply with GDPR

Last May marked the beginning of the application of the General Data Protection Regulation (GDPR), which harmonized and unified the rules governing privacy in the European Union. Leading up to and following the adoption of the regulation, data protection has been in the focus of attention all around the world
Getting Your GDPR Compliance Program Into Gear With Proper Record Keeping
Blog Post

Getting Your GDPR Compliance Program Into Gear With Proper Record Keeping

Compliance procedures are notoriously demanding, and European Union General Data Protection Regulation (GDPR) compliance programs are no different.

More on Password Dictionaries
Blog Post

More on Password Dictionaries

As a follow-up to our recent ISACA Journal article, “NIST’s New Password Rule Book: Updated Guidelines Offer Benefits and Risk,” we wanted to provide some additional thoughts on the password dictionary concepts.
Women in Cybersecurity Often Worth More Than They Realize
Blog Post

Women in Cybersecurity | ISACA Blog

Before beginning my career in cybersecurity recruitment, I worked in the female-dominant industry of travel public relations. I was largely oblivious to the challenges of being a female in the workplace because I was surrounded by other strong businesswomen on a day-to-day basis.
North America CACS Keynoter Guy Kawasaki Sizes Up Innovation, Entrepreneurship
Blog Post

North America CACS Keynoter Guy Kawasaki Sizes Up Innovation, Entrepreneurship

Guy Kawasaki, a Silicon Valley-based author, speaker, entrepreneur and evangelist, will be the opening keynoter at ISACA’s 2019 North America CACS conference, to take place 13-15 May in Anaheim, California, USA. Kawasaki recently visited with ISACA Now to discuss some of the themes he will explore at North America CACS, including innovation and entrepreneurship. The following is an edited transcript. For more of Kawasaki’s insights, listen to his recent interview on the ISACA Podcast.
5G and AI: A Potentially Potent Combination
Blog Post

5G and AI: A Potentially Potent Combination

Discover more about 5G and AI: A Potentially Potent Combination. Readapting to 5G and AI integration on smartphones chips for cloud & on-device processing.

For the Board, GDPR Compliance Implementation Reporting Is More Than Just About Exposure and Progress
Blog Post

For the Board, GDPR Compliance Implementation Reporting Is More Than Just About Exposure and Progress

Whether from a conformance (compliance) or performance perspective, 2 enterprise governance tasks of particular interest are knowing what questions to ask in the process of performing due diligence and knowing what data and information to request to support the due diligence process.
New Cybersecurity Pilot Program to Expand Career Pathways for Women in Chicago
Blog Post

New Cybersecurity Pilot Program to Expand Career Pathways for Women in Chicago

Women in the Chicago area who are interested in exploring a career path in cybersecurity, particularly those who are underrepresented in the field, will now have the opportunity to join a pilot program launched last week by ISACA, along with AnitaB.org and the City Tech Collaborative.
How to Approach Blockchain Deployment While Mitigating Risk
Blog Post

How to Approach Blockchain Deployment While Mitigating Risk

Blockchain has emerged as one of the most promising technological developments of the past decade.
ISACA
Blog Post

ISACA Anniversary Celebration – and Social Media Campaign – Are Underway

ISACA’s yearlong 50th anniversary celebration is underway around the globe, and one of the best ways to be part of the global celebration is through social media.
Protecting Patient Records in 2019 and Beyond
Blog Post

Protecting Patient Records in 2019 and Beyond

A program called MyHealthEData was unveiled in 2018. Through this program, the US Centers for Medicare & Medicaid Services (CMS) is promoting the adoption of IT environments that allow simpler sharing of health data to outside organizations, as well as better access. The CMS will also allow easier access to claims data by medical beneficiaries.
Incorporating Privacy into Data Protection Strategy
Blog Post

Incorporating Privacy into Data Protection Strategy

Nowadays, the term privacy echoes across boardrooms globally, where each country and enterprise races to update its laws and policies to keep up with the need for data privacy controls.
CISA Certified Information Systems
Blog Post

Certification Spotlight with … Marco Schulz

The ISACA Now blog occasionally highlights the impact ISACA certifications have in the evolving business landscape, as well as how certifications have impacted individual members of the ISACA professional community. Today, we profile Marco Schulz, CISM, CISA, CGEIT, CEO at marconcert GmbH (Germany).
Google’s GDPR Fine Reinforces Need for Intentional Data Governance
Blog Post

Google’s GDPR Fine Reinforces Need for Intentional Data Governance

For those of us who work in information security, data privacy and governance, we seem to traverse daily from one headline to another. A new corporate victim announces they were breached to the tune of 100 million records.
IT Audit in 2019: Hot Topics and Trends
Blog Post

IT Audit in 2019: Hot Topics & Trends | ISACA Blog

The turn of the calendar to a new year is always a great time to take pause and reflect. Now that 2019 is in full swing, I wanted to take a quick snapshot of hot topics and trends for the IT audit field in 2019. And just to make sure I wasn’t completely winging it, I checked in with a couple valued industry contacts.
Practical DLP Implementation
Blog Post

Practical DLP Implementation

Practical implementation and management of data loss prevention or protection (DLP) solutions or a portfolio of solutions should follow a logical process to ensure the holistic protection of information resources.
How Tech Roles Provide Women Great Career Paths
Blog Post

How Tech Roles Provide Women Great Career Paths

I am often asked by women young and old, “Were you intimidated by technology or afraid to start your first job in tech?”
Cybersecurity and its Critical Role in Global Economy
Blog Post

Cybersecurity and its Critical Role in Global Economy

Cybersecurity and its critical role in the global economy – a very interesting topic indeed, and one that is taking center stage this week at the World Economic Forum in Davos after being identified as one of the top five global risks.
Expired TLS Certificates Must Be Used as a Learning Experience
Blog Post

Expired TLS Certificates Must Be Used as a Learning Experience

A recent report from the British research firm Netcraft showing that 80 US government websites had expired Transport Layer Security certificates during the ongoing US government shutdown rightfully has caused quite a stir, and ISACA members ought to be paying attention.
Auditing the GDPR
Blog Post

Auditing the GDPR

Like in many professions, the new year is traditionally a time for planning for IT auditors. This year, I am willing to wager that many of your resulting IT audit plans include something to do with the EU General Data Protection Regulation (GDPR).
Big Data: Too Valuable and Too Challenging to Be Overlooked
Blog Post

Big Data: Too Valuable and Too Challenging to Be Overlooked

As the new year begins and business leaders refine their 2019 plans, how to effectively deploy technology increasingly will be a focal point of conversations in the boardroom and elsewhere throughout the enterprise.
GDPR Compliance as a Competitive Advantage
Blog Post

GDPR Compliance as a Competitive Advantage

Last year was a milestone in the field of privacy as the General Data Protection Regulation (GDPR) put privacy into the spotlight in and outside the European Union.
The US Government Shutdown’s Potentially Lasting Impact on Cybersecurity
Blog Post

The US Government Shutdown’s Potentially Lasting Impact on Cybersecurity

The partial US government shutdown is the longest in modern history and continues to drag on as both political parties remain entrenched, refusing to budge from their respective positions. The inability to reach an agreement, or at least to open the government, may have lasting impacts on the effectiveness of cybersecurity in the federal government.
A New Approach to Finding Cybersecurity Talent for the Future
Blog Post

A New Approach to Finding Cybersecurity Talent for the Future

The cybersecurity profession is facing a shortage of qualified talent to fill an increasing demand for positions, as so many reports inform us. What I find self-fulfilling about our “talent dilemma” is the acknowledged rapid rate of technology change, yet the ongoing quest for specific technical experience and expertise. We seek plug-and-play people to match technology components, rather than individuals with foundational skills and an aptitude and desire to learn changing technology.
The Business Risks Behind Slow-Running Tech
Blog Post

The Business Risks Behind Slow-Running Tech

Entrepreneurs and IT leaders frequently underestimate the true power that slow technology has to negatively impact a business.
Brennan Baybeck
Blog Post

Shifting Technology Landscape Positions Auditors for Greater Impact

Enterprises are exploring opportunities driven by digital transformation, identifying technology-driven paths to deliver more value, more quickly, while also benefiting from new process efficiencies. IT auditors must do the same to ensure they remain valued partners by the organizations for which they work.
Start with the Why: A Strategic Lifecycle for Information Security
Blog Post

Start with the Why: A Strategic Lifecycle for Information Security

Many presentations by information security managers for stakeholders within their organizations include the depiction of a lifecycle in one form or another to underline that information security is not a one-off project, but a continuous activity.

Empower Auditors to Think Big Picture on AI
Blog Post

Empower Auditors to Think Big Picture on AI

The new white paper, Auditing Artificial Intelligence, provides an overview of what AI is, why auditors need to be aware of AI, and how the COBIT 2019 framework relates to AI auditing.
How to Hack a Human
Blog Post

How to Hack a Human

Have you ever wondered just how many ways there are to hack the human mind and just how effective each technique is? I did; so I set about collating all of the techniques for human control and influence:
Five Cost-Effective Ways for Small Businesses to Achieve Compliance
Blog Post

Five Cost-Effective Ways for Small Businesses to Achieve Compliance

In today's world, all large and small companies are required to show and prove constant compliance to do or sustain business. The task may be somewhat easy for large companies by hiring more employees to achieve; small businesses do not have the luxury to hire more people at competing rates with large companies as well as reduced revenue.

50th Anniversary Year Provides Inspiration to Look to ISACA’s Future
Blog Post

50th Anniversary Year Provides Inspiration to Look to ISACA’s Future

When ISACA – then known as the Electronic Data Processing Auditors Association – was incorporated by seven Los Angeles area professionals in 1969, “there was no authoritative source of information,” according to ISACA’s first president, the late Stuart Tyrnauer. There was “no cohesive force, no place to turn to for guidance.”
What Are Challenges in Deployment and How Can They Be Mitigated?
Blog Post

What Are Challenges in Deployment and How Can They Be Mitigated?

Transformation offers many key benefits, and any enterprise that would like to sustain and grow in this ever-changing, fast-paced world would be subject to the deployment of new systems.

ISACA Now By Year

Check Mark 2025
Check Mark 2024
Check Mark 2023
Check Mark 2022
Check Mark 2021