ISACA Now Blog

Get Grounded in AI

A new ISACA resource on artificial intelligence provides valuable insights applicable both to those beginning their journeys in AI as well as those with knowledge and experience.

How to Instill a Culture of Data in Internal Audit Function

Asking the right questions and meaningfully addressing business challenges through analytics can set internal auditors on the right path toward establishing a culture of data

Quick Scoping: How to Easily Frame Your Environment from a Compliance Lens

Lessons learned from theft prevention in a retail environment have surprising relevance when it comes to compliance and access management.

Why AI Might Not Make the Best Coding Buddy

The information you upload in a public AI engine is public domain from the moment you press enter: what are the consequences for IT and corporate governance?

How AI Is Transforming Audit, Risk and Compliance

Whether optimizing coverage in your compliance program, identifying similar risks across various business units or seeking more efficient risk management, AI-driven insight can help to connect the dots.

The Symbolic Dance: Exploring the Role of AI in Cloud Computing

The convergence of artificial intelligence and cloud computing offers big opportunities for organizations alongside potential security and privacy risks.

Refreshed Mission, Renewed Energy Around SheLeadsTech Program

ISACA's SheLeadsTech program has a refreshed focus and renewed commitment to offering expanded opportunities for women to make their mark on digital trust professions.

Countering Identity Takeover Incidents

Protecting individuals' identities in the aftermath of a privacy incident begins with important communication from banking, credit, government and employment organizations.

Digital Trust Ecosystem Framework a Valuable Complement to COBIT, Other Frameworks

The Digital Trust Ecosystem Framework and COBIT work well in tandem, with each playing a significant role in allowing organizations to build a stronger foundation for success.

ISACA Award-Winner Stands at Crossroads of Theoretical and Practical

Oleksii Baranovskyi, of Ukraine, recipient of the ISACA Educational Excellence Award, is proud to simultaneously be a security professional and an educator.

Harmony in Cyberleadership: Navigating the Gen Z Rhythm

Cybersecurity leaders should be mindful of the composition of their security teams, including common characteristics of Gen Z cyber professionals, when devising their approaches to leadership.

Third-Party Termination: Understanding Technology and Information Security Risks

Mitigating the technology and information security risks from terminating third parties calls for organizations to formulate nuanced security strategies.

Fallout from Viamedis, Almerys Attack Does Not End with the Data Leak

A major breach in France reinforces the need for sharpened security practices and the overarching imperative to drive toward strengthening digital trust.

A Cybercriminal is Sentenced. Will It Make a Difference?

Ransomware often targets small-to-medium enterprises, so security teams need to take action to be more prepared for this potentially devastating line of attack.

CMMC: A Global, Resilient Cyber Supply Chain Standard

The Cybersecurity Maturity Model Certification standard helps businesses to examine their computing ecosystem and enhance capabilities for stronger supply chain resilience.

Broad, Regulatory Frameworks Needed to Responsibly Harness AI

As regulatory frameworks for the AI era continue to evolve, governments around the world will need to find a shared sense of purpose and collaborate on the best way forward.

The Key Steps to Successfully Govern Artificial Intelligence

Accounting for key characteristics of trustworthiness and considering perspectives from a range of stakeholders are among the needed ingredients to strengthen AI governance.

Eight Things NOT To Do When Preparing for the CISA

Avoiding these light-hearted 'tips' for preparing for the CISA exam will put you in better position for a successful exam-day experience.

The Digital Trust Game-changer: Get Ready for the Digital Trust Ecosystem Framework

Avoiding these light-hearted 'tips' for preparing for the CISA exam will put you in better position for a successful exam-day experience.

The Surge in AI Development: Boon or Bane

Responsible development of artificial intelligence that recognizes the need for a balance between AI and human capabilities is the path to ensure the powerful technology's good outweighs the bad.

Auditing Social Engineering: A Practical Approach

By asking the right questions around people, processes and technical controls, auditors can gather the evidence and documentations they need to successfully audit social engineering.

Securing the Future: Enhancing Cybersecurity in 2024 and Beyond

Prioritizing comprehensive cybersecurity strategy in support of overarching enterprise goals can position enterprises for success, even amid challenging threat and regulatory environments.

AI and Patents: More Questions Than Answers

Court rulings that AI cannot be granted patents provided needed short-term clarity but there are still many open questions about how AI should be viewed in legal, ethical and practical contexts.

Digital Proficiency: Not Only for Individuals

Technology-minded countries around the world can learn a lot from Rwanda, which, despite limited resources, has become a digital benchmark through an impressive set of initiatives and ingenuity.

Threat Modeling and Secure-By-Design Applications

Identifying the flows, assets and vulnerabilities are among the key building blocks when threat modeling for software applications.

Taking Action to Create a Future Where AI Benefits Us All

Artificial intelligence is a human creation that reflects the people who developed it, meaning we must guard against humans' shortcomings and biases resulting in AI furthering inequality and other societal harms.

Global Experts Weigh in On Australia’s ‘Six Cyber Shields’ – Sharing Insights on Achieving a Safe Digital World

Global cybersecurity practitioners share their perspectives on Australia's new cyber shields strategy to provide more robust protection of digital assets in the coming years.

‘Just for Control’: the True Power of Controls

Ill-designed controls can waste organizations' time and resources, so make sure implementing controls is more than just a power move.

Responsible AI Governance in Traditional and Emerging Ecosystems

Organizations implementing artificial intelligence into their operations will need strong governance in place to ensure transparency and trust in their AI usage.

Executing A Well-Executed Risk and Control Self-Assessment

When executed properly, risk and control self-assessments become enablers for organizations to more effectively navigate the risk management landscape.

The Top 10 Things Every Cybersecurity Professional Needs to Know About Privacy

As the intersection between cybersecurity and privacy increases, security professionals can benefit from gaining a solid understanding of core privacy terminology and privacy principles.

Privacy in Practice: Dissecting the Global Trends That are Shaping the Profession

Challenges on the privacy landscape can be successfully addressed through upskilling, privacy by design principles and solid training and awareness programs.

Mentorship: The Missing Ingredient in Your 2024 Goals?

The ISACA Mentorship Program has proven to be rewarding for mentors and mentees alike, allowing for valuable connections to propel ISACA members' careers to new heights.

Post-Quantum Cryptography: Are We Ready for Q Day?

Focusing attention on understanding and building confidence in post-quantum cryptography now can save the security community major problems in the years to come.

Nurturing Responsible Innovation: ISACA’s DTEF Recognized for Advancing Trust in AI Environments

ISACA’s Digital Trust Ecosystem Framework (DTEF) empowers organizations to build and sustain digital trust in the age of artificial intelligence and other impactful technological advancements.

Modeling Identity Trust

An identity system based on trust in a third party could better protect personal data and improve trust throughout the digital ecosystem.

ISACA’s Exciting 2024 is Underway

New ISACA digital trust resources, thought leadership, and upcoming events, both in-person and virtual, are among the coming attractions in 2024 for the ISACA community.

Workforce Resilience: A Critical Asset for Organizations in Today’s Dynamic World

Promoting a culture of ongoing learning and upskilling is part of the equation for organizations looking to develop a more capable and resilient workforce

Building a Great Security Operations Center

Defining and articulating a clear strategy for a security operations center (SOC) will make it much more likely that organizational leaders and other key stakeholders will support the SOC on an ongoing basis.

The Intersection of Change Management and Cybersecurity: A Paradigm Shift in Protection

Given its focus on human behavior in an organizational change context, change management can lead to a fresh and valuable perspective on cybersecurity

Cultivating a Culture of Inspiration: ISACA’s Member-Exclusive Speaker Series

Kristi Hedges, a Fortune 500 leadership coach and author, shared her perspective on how to inspire others during the ISACA Member-Exclusive Speaker Series.

Supporting Privacy, Security and Digital Trust Through Effective Enterprise Data Management Programs

Organizational silos, poor data quality and improper data storage are among the challenges enterprises need to overcome to build effective data management programs and strengthen digital trust.

ISACA Award Winner Advocates for ‘Life or Death’ Matter of Information Management

Castlepoint Systems, an Australian organization focused on data protection, compliance and risk management, was recognized with the 2023 ISACA Innovative Solutions Award.

Top Management Considerations for Zero Trust

A new zero trust audit program from ISACA can help organizations transition from traditional network security architectures to ones that are better equipped to handle the modern threat landscape.

API Security: An Internal Auditor’s Quick Reference

Effective usage of Application Programming Interfaces (APIs) calls for diligence in related security controls and audit considerations.

Significantly Improving Security Posture: A CMMI Case Study

Adopting CMMI has led to performance improvements across the board for Phoenix Defense, including a significant reduction in network attacks.

Protecting Your Organization from Cybersquatting

Registering and trademarking your internet domain, and monitoring for registrations with confusingly similar domain names, are among the ways organizations can protect themselves from cybersquatting.

How Business Leaders Can Responsibly Embrace Generative AI

A Forbes article by Phillimon Zongo lays out how enterprise leaders can help their organizations responsibly leverage generative artificial intelligence.

Five Things for Governance Professionals to Put on Their 2024 To-Do List

In an era of increased complexity, formalizing data governance frameworks and data management protocols should be increasingly top-of-mind for governance professionals.

Five Things for Privacy Professionals to Put on Their 2024 To-Do List

Gaining a better understanding of fast-evolving privacy regulations is a good starting point for privacy practitioners who are looking to position themselves for success in 2024.

Five Things for Cybersecurity Professionals to Put on Their 2024 To-Do List

Incorporating artificial intelligence capabilities and sharpening the ability to architect security solutions in cloud settings can help cybersecurity professionals thrive in 2024.

Five Things for Risk Professionals to Put on Their 2024 To-Do List

Embracing the role risk management can play in supporting the strategic growth of the business is among the items risk professionals should place on their 2024 to-do lists.

Five Things for Audit Professionals to Put on Their 2024 To-Do List

Prioritizing upskilling, participating in mentoring programs and authentic engagement with stakeholders are among the approaches that can get IT auditors off to a good start in 2024.

Secure Software Development Lifecycle Cannot Achieve its Purpose Without Third-Party Risk Management

Treating security as a core element of the design, build and implementation of software products takes intentional action, and understanding the impact that third parties play in achieving the desired level of product security is a step that not everyone is prepared for.

Adapting Leadership for the Changing Technology and Cybersecurity Landscapes

The increasing prominence of technology in today's digital ecosystem calls for different approaches to organizational leadership, including creating an environment where innovative mindsets are encouraged.

The Leadership Benefits of Emotional Fluency and Vulnerability: ISACA’s Member-Exclusive Speaker Series

A recent installment of the ISACA Member-Exclusive Speaker Series focused on vulnerability and managing emotions in a workplace and leadership context.

The Essentiality of Cybersecurity for Small Businesses: Applying Zero Trust Principles

Applying zero trust principles can be every bit as essential for smaller businesses to protect themselves as for large enterprises.

Diverse, Experienced Board a Must for ISACA to Be at its Best

Nominations and applications are being accepted for the ISACA Board of Directors for the 2024-25 term

The Yellow Brick Road to Certifications: ISACA’s Mentorship Program and Exam Success

Finding a mentor through ISACA's Mentorship Program can help certification candidates on their path toward passing their exam, among a range of other benefits.

How to Create a Healthy Security Culture

Incentivizing reporting, collaborating on solutions and reframing teaching points in positive fashion are all elements that can improve an organization's cybersecurity culture.

The Benefits of Hiring Entry-level Cybersecurity Professionals

Many organizations are reluctant to hire relatively inexperienced people for cybersecurity roles but that approach is often misguided, according to recent ISACA Ask Me Anything expert Naomi Buckwalter.

ISACA Advocacy Partnering with Policymakers to Work Toward More Trustworthy Digital Ecosystem

The ISACA Advocacy team spent recent months engaging with influential policymakers, with a focus on bolstering the cybersecurity workforce and creating a healthier digital ecosystem.

ISACA Advisory Groups Help Shape Programs

A range of volunteering opportunities through ISACA provide professionals meaningful opportunities to strengthen the profession while also earning CPE credits.

My Journey to Cybersecurity and My Route to ISACA’s ITCA Certification

A journey to prepare for ISACA's ITCA credential was not without its challenges but ultimately proved to be transformative.

Renovating Healthcare IT (or any IT): Building the Foundation for Digital Transformation

Modern systems, architectures and technologies, in addition to staff expertise in cloud, hybrid and on-premise solutions, are all important for organizations aiming to digitally transform, but getting there often requires an IT renovation.

New Measures in Mainland China for Generative AI and Implications for Global AI Governance

New measures on generative AI in Mainland China have substantial implications for the evolution and use of generative AI not only in China but elsewhere around the world.

Incorporating Agile Audit: Practical Tips

Establishing clear expectations and customizing the approach are among the steps that can facilitate a successful Agile audit implementation.

Navigating Security Threats with IT Inventory Management

An efficient, current IT inventory is a foundational component of effective IT management and puts an enterprise in position to better leverage threat intelligence.

Using Machine Learning to Help Detect Sensitive Information

Leveraging machine learning has enabled Adobe to detect categories of sensitive documents and put in place automated real-time detection and response to properly flag any detected documents.

Sustainability in Emerging Technologies: A Focus on Blockchain, AI

Implementations of artificial intelligence, blockchain and other emerging technologies should be done with sustainability considerations in mind.

Raising Security Awareness in Cross-Cultural Work

In an increasingly complex and global security landscape, chief information security officers need to be in regular contact with the board and other key enterprise stakeholders to drive effective security culture and collaboration.

Is the CIO Just an IT Manager?

In a time when the rapidly evolving technology landscape is recalibrating business models, the CIO must balance internal IT activities with those that are outsourced, and map the needed controls accordingly.

DogeRAT: The Disturbing Malware Disguised as Your Favorite Apps

DogeRAT malware reinforces the growing sophistication and multi-faceted nature of cyberthreats, through its camouflage techniques, social engineering components, and its ability to imperil privacy and financial security.

Cyber Advisors, Security Services Providers Can Use Zero-Sum Game Theory Framework to Benefit Clients

The zero-sum game theory is worth considering for organizations, who should rethink the costs they face relative to the cybercriminals that often inflict damage without taking on any real risk.

IT Risk and IT Audit: A Partnership

Providing leadership with pertinent data can go a long way toward building support for the cross-functional collaboration between the audit and risk functions that can put organizations in a much stronger position to succeed.

ISACA's Digital Trust World Europe Conference

ISACA's recent Digital Trust World conference in Dublin, Ireland, featured timely expert insights on digital trust, artificial intelligence, security, risk, digital ethics, and more.

Sizing Up Some of the Spookiest Cybersecurity Incidents of 2023

2023 has been another frightful year on the cybersecurity landscape - explore some of the most perilous incidents and what security professionals can learn from them

Saluting ISACA Foundation's Cybersecurity Month Scholarship Winners

ISACA Cybersecurity Month Scholarship recipients share what motivated them to pursue careers in cybersecurity and how they see their futures in the field taking shape.

Re-aligning Employees to Strategic Goals with Enterprise Training

An ISACA enterprise training instructor provides insights on some of the main benefits of team trainings and how enterprise training can enable organizations to elevate their performance.

ISACA AI Survey Results: What Do Infosec Professionals REALLY Need to Know?

It is quite hard to find quality information about artificial intelligence (AI) right now, especially when it comes to how AI should and is being approached in the field of cybersecurity. Thankfully, ISACA has just completed a survey of thousands of members of the global infosec and digital trust community.

Risk Quantification 101: The Fundamentals to Getting Started

Tapping into existing risk data can enable organizations to build the needed infrastructure to put in place an effective cybersecurity risk management process.

Collaborative Mindset Change from Compliance to Risk

Transitioning from a compliance-based focus to a risk-based approach is useful as enterprises aim to best align resources in the modern business and regulatory environments.

Best Practices for Navigating Emerging Technologies: My Journey as an Auditor

Proactively learning about emerging technologies and understanding them in a business context can go a long way toward making auditors more effective in their engagements.

In Cybersecurity, to Err Is Human, But to Err for No Reason Is a Shame

Organizations would be well-served to be more intentional about designing systems and processes with human factor engineering in mind, lessening the probability of people making mistakes that lead to cybersecurity incidents.

Proactive IT Risk Management in an Era of Emerging Technologies

As emerging technologies and new business models transform the business landscape, the need for proactive risk management practices should be top of mind for enterprise leaders.

How Cybersecurity Best Practices are Evolving to Manage Ongoing Threats

Regular penetration testing and a culture of proactive threat analysis and management can help organizations evolve their cybersecurity programs in a difficult climate for cyber defenders.

Quantum-Resistant Cryptography Not a Matter of ‘If’ but ‘Right Now’

Establishing crypto-agility should be a major priority for organizations as advancing quantum computing capabilities are changing the paradigm of the threat landscape.

Data Management Proficiency: Practical Insights for Quality, Security and Trust

Evaluating quality, security and trust in the context of emerging technologies and current business practices is critical for organizations to have effective data management and governance.

CMMI Offers New Credentialing Pathway and Enhanced Flexibility, Resources

New CMMI credentialing pathway aligns with ISACA’s tools, systems and best practices.

Victory by Surveillance Isn’t Possible—To Win, Engage the Adversary

Traditional approaches to cybersecurity have not been enough to protect companies, so it's time to make attackers face real consequences for their malicious behavior.

The Shifting Importance of Soft Skills in a Time of AI Systems, Large Language Models and Global AI Regulations

Integrity, decision-making capabilities, communication and other so-called 'soft skills' should not be overlooked in organizations' ongoing efforts to bolster their cybersecurity teams.

Beyond Barbie’s Dreamhouse: Navigating Glass Barriers in the Tech Workforce

Many of the themes that made the Barbie movie so resonant are also relevant to the tech workforce, where underrepresentation from women and minority groups remains a major liability.

IT Certification: A Powerful Career Catalyst

IT, cybersecurity, privacy, risk, audit and related digital trust professionals are looked to for the latest knowledge and insights on the impacts of emerging technology; however, they must have reliable resources to ensure they have updated and accurate information about these topics.

How To Comply with Multiple Security Standards and Frameworks

Complying with every standard or requirement in the current regulatory environment is no easy task, but implementing a global information security management system can provide a sound foundation.

Common Privacy Dark Patterns and Ways to Improve Digital Trust

ISACA’s Eliminating Deceptive Privacy Practices white paper explores what dark patterns are in a privacy context and what organizations should do to address these trust-eroding tactics.

State of Cybersecurity 2023: Navigating Current and Emerging Threats

ISACA's 2023 State of Cybersecurity report shows substantial workforce challenges remain and brings into focus the skills and backgrounds that are most heavily in demand.

Six Things DevOps Wants from InfoSec

By working more openly and intentionally with developers, information security professionals can build a strong relationship that will be a win-win situation for all involved.

The Career-Elevating Impact of CISA

CISA credential-holders share how becoming CISA-certified has shaped their career advancement and made them more effective in their roles

Lessons Learned from Microsoft’s Massive Data Exposure Incident

The need for meticulous cloud configurations was among several key takeaways in the aftermath of the recent data breach involving Microsoft AI researchers.

Are AI Chatbots a Weak Security Link?

Enterprises increasingly are making use of AI chatbots, but related security risks and the potential to undermine customer trust when they do not function as intended must be accounted for.

How to Mitigate Emerging Technology Risk

Understanding the business strategy and conducting risk assessments are among the building blocks for successfully mitigating enterprise risk from emerging technology.

Achieving Digital Trust Through IT Governance and Cybersecurity

Developing a cybersecurity strategy and governance program that supports digital trust provides a solid starting point for organizations seeking to strengthen their trustworthiness.

Salary Premiums Reflect IT Skills in Hot Demand

Skills associated with ISACA's Information Technology Certified Associate credential are in-demand, as reflected by pay premiums for several of the skills covered by the certification.

The Secrets to Successful Engagement: ISACA’s Member-Exclusive Speaker Series

In a recent installment of ISACA's Member-Exclusive Speaker Series, Scott Gould shared insights on audience engagement, creating a welcoming community and more.

Balancing the Risks and Rewards of AI

Many enterprises understandably are taking a cautious approach when it comes to establishing their approach toward artificial intelligence, but delaying on meaningful action comes with its own set of risks.

What to Know About the SEC’s New Disclosure Requirements

New disclosure requirements from the Securities and Exchange Commission likely will leave cybersecurity, risk and compliance professionals in the US with some key questions that need to be addressed.

Subservice Organization Controls Management

Not all vendors are subservice organizations, whose operations have a clear impact on the organizations with which they collaborate.

Examining the Effectiveness of Recent Privacy Laws on Big Tech

While the United States does not have a comprehensive privacy regulations like the EU does with GDPR, there are signs that more mature privacy policy is beginning to take shape that could limit the harms from data misuse by big tech companies.

Internal Auditing with an Agile Scrum Approach

By utilizing an Agile Scrum approach to internal audit, organizations can empower the audit function for more effective performance.

Using Near-Miss Incidents as Risk Indicators

Oftentimes organizations fail to give risks the proper consideration until it is too late.

Driving Digital Transformation Through Innovative Solutions and a Practical Framework

Yoshimasa Masuda, Ph.D., CISM, CGEIT, shares the history of his Adaptive Integrated Digital Architecture Framework (AIDAF) for digital transformation from innovative solution to practical framework, and its connections across industries, healthcare and academia.

Nine Practical Tips for Using Internal Audit to Drive Organizational Innovation

Internal auditors can help to spur innovation at their organizations by taking a forward-looking mindset, embracing agile culture and keeping up to date on evolving forces on the technology landscape.

Governance and Board Oversight Do Matter

Boards of directors have a growing set of responsibilities in today’s business climate, including keeping abreast of evolving technology trends and how the organization is preparing for a growing set of cybersecurity risks.

Contending with Artificially Intelligent Ransomware

Artificial intelligence is already impacting the ransomware landscape, with greater potential for AI to significantly impact the pace and complexity of ransomware threats in the near future.

A Cybertransformation Program to Secure Broadcast Media Networks

Fixed start dates, a skills shortage and insufficient security maturity of broadcast devices are key challenges that broadcast media networks face in securing high-profile broadcasts.

Sustainability, Inclusivity and Team Bonding Through Volunteering: CommunITy Day 2023

ISACA’s 2023 CommunITy Day is upcoming on 7 October, and the Auckland, New Zealand, chapter, has a pair of events in its sights, with a focus on sustainability and nature.

Ramping Up for Greater Impact

A laser focus on the products, programs and resources the ISACA community finds the most value from is coming into sharper focus.

Four Mistakes to Avoid When Taking Your First Certification Exam

By avoiding some common mistakes, certification exam-takers can increase their chances for success on exam day and smooth their path to attaining valuable industry credentials.

Cyber Fraud on the India Business Landscape: A Growing Threat

A recent escalation of cyber incidents in India highlight the urgent need for comprehensive, updated cybersecurity strategies on the Indian business landscape.

Six of the Best Cybersecurity Blogs

Regularly reading industry blogs can be an entertaining and useful way to keep up to date on the latest happenings and defense techniques on the cybersecurity landscape.

Building a Strong Security Culture for Resilience and Digital Trust

Cultivating a robust security culture can enable organizations to mitigate cyber risk, strengthen trust with customers and sharpen organizational compliance posture.

ChatGPT and IT Auditing: Opportunities, Threats and Challenges

ChatGPT presents opportunities for IT auditors to be more efficient and productive, but a variety of security, privacy and ethical considerations should be addressed as part of auditors' approach

Digital Trust Enhancing Identity Access Management in Cloud Environments

ISACA's Google Cloud Audit Platform Program explores issues of identity and access management, and connection points between cloud audit and digital trust.

Four New CMMI Adoption Pieces Available for Community

Several new adoption pieces will enable CMMI to be even more effective at helping organizations across numerous industries rapidly and effectively build capability and improve their performance.

You Made the Team, But Are You Really in the Game? Exploring Differences Between Diversity and Inclusion

Diversity, equity and inclusion, when properly prioritized and implemented, can be a major difference-maker in cybersecurity and other fields that struggle with underrepresentation, both in terms of performance and the ability to attract and retain talented professionals.

The Business Benefits of Becoming an ISACA ATO

By becoming an ISACA Accredited Training Organization, enterprises gain access to a robust community of global learners seeking highly in-demand certifications in fields such as security, risk, IT audit, privacy and governance.

Compliance and Information Security: Collaborating to Enable the Business

Compliance and information security functions can each make the other stronger, including by collaborating on making business cases and shared budgetary priorities.

How to Assess Workplace Culture

Workplace culture can be difficult to measure, but factors such as the organization's risk habits, the tone at the top, attrition rates and employee feedback can provide useful indicators for those charged with assessing culture.

Is ESG Auditable?

Auditing ESG transcends the traditional dimensions of financial efficiency, legal matters and technical effectiveness to deal with increasingly recognized areas of importance such as environmental protection, corporate social responsibility and governance of business behavior.

How Organizations Can Help Auditors Avoid Burnout

Organizations have several measures they can take to help auditors avoid burnout on the job and improve their mental health, including allowing them to focus on the parts of the job that add the most value.

The Role of Deepfake Technology in the Landscape of Misinformation and Cybersecurity Threats

Deepfake technology creates new urgency to revisit and reinforce security protocols, including multi-factor authentication and behavioral biometrics, which can be challenging to replicate.

Embracing the ‘Pedagogy of Error’ in Cybersecurity Education

Jeimy J. Cano, the 2023 ISACA Educational Excellence Award for his educational work that empowers students to pursue careers advancing technology, shares his story and motivations in this Q&A interview.

Top 3 Cyberthreats Facing the Financial Sector

Ransomware, supply chain threats and phishing attacks are among the leading cybersecurity challenges faced by organizations in the financial sector.

The More I Learn, the More Excited I Am to be at ISACA

In his first 50 days, new ISACA CEO Erik Prusch has been doing a lot of studying, listening and preparing to gain a deeper understanding of how to best serve the ISACA community in the months and years to come.

Building a New Way to Look at the Universe

Dr. Erika Hamden, the closing keynote speaker at GRC Conference 2023, visits with the ISACA Now blog to share stories from her career, and her passion for science and innovation.

What to Do While You Wait for Your CISA, Part 3: 6 Months Forward and the Continuous Game

Having a plan and communicating it to others can set up early-career professionals for success as they prepare to accelerate their career development.

How to Conquer Your Cloud Governance Maturity Journey

Scott Reynolds, senior director of enterprise cybersecurity at ISACA, and John Richards, head of developer relations at Paladin Cloud, explore the cloud landscape and its impacts on digital transformation.

Navigating Digital Transformation While Cultivating a Security Culture

Scott Reynolds, senior director of enterprise cybersecurity at ISACA, and John Richards, head of developer relations at Paladin Cloud, explore the cloud landscape and its impacts on digital transformation.

ISACA: The Right Place to Do the Right Thing

ISACA’s network of digital trust professionals is uniquely positioned to help organizations around the world do the right thing at a time when “the right thing” is much easier said than done.

What to Do While You Wait for Your CISA Part 2: Setting Up Your Foundation for Success

Engaging with a local ISACA chapter, seeking out a professional mentor and pursuing the IT Audit Fundamentals Certificate are among the steps early-career audit professionals can take while waiting until they meet the experience requirements for the CISA.

The Value of Following a Methodical Approach for SIEM Implementation

Despite many organizations having invested in SIEM solutions, data breaches and other cybersecurity impacts continue to wreak havoc on the enterprise landscape.

GRC Keynote Speaker: Time to Go Bold

Shawn Kanungo, author and opening keynote speaker at GRC Conference 2023, shares his views on disruptive technologies, innovation and the importance of being bold in this Q&A with the ISACA Now blog.

Emerging Cloud Security Threats: Fileless Attacks on the Rise

A sharp climb in fileless attacks has added to the challenge enterprises face in securing their cloud environments.

The Commitment to Continuous Improvement: A CMMI Case Study

ISACA's CMMI maturity model practices have helped Avantare focus on capabilities like ensuring quality, delivering and managing services, sustaining habit and persistence, and more, as a recent case study illustrates.

What to Do While You Wait for Your CISA: Part 1, Understanding the CISA and Its Requirements

ISACA’s Certified Information Systems Auditor (CISA) certification requires several years of experience, but there are several steps newcomers to the IT audit and assurance field can take to position themselves for success in the meantime.

Strengthening Collaboration for Cyber Resilience: The Key to a Secure and Resilient Organization

Ongoing communication and strong relationships between the security and audit functions can lay an important foundation in an organization's efforts to strengthen its cyber resilience.

From Sci-Fi to Reality: AI At All Stages of Your Career

Artificial intelligence is not just impactful for rising professionals in digital trust fields: AI has an increasingly important part to play at all levels of the career cycle.

Top Effective 10 Data Governance Tools

The rise of ChatGPT gives information security professionals even more to account for while also underscoring critical connection points between security and the overarching need for digital trust.

Compliance Tips for SaaS Startups

SaaS organizations getting started with compliance can benefit from some key tips that will help them successfully navigate the compliance landscape.

The Future of Cybersecurity Assessments

Data-driven security assessments are gaining momentum and are shaping up to become a valuable component in the future of security assessments.

Decoding AI: Insights and Implications for InfoSec

Artificial intelligence is reshaping the cybersecurity landscape, but considering the technology is clueless in some important ways, humans' capacity for intuition, empathy and understanding remain key components of the equation for effective security.

A New Way to Keep Pace with Privacy

ISACA's Privacy Regulatory Lookup Tool can help practitioners keep pace with a privacy landscape that increasingly is being shaped by new regulations taking effect around the globe.

What Do Cybersecurity Analysts Do?

Cybersecurity analysts work in security operations centers, where they review alerts and logs in search of suspicious activities, among many other tasks to protect the enterprise.

Protecting Phones, Data, and Your Business from Juice Jacking Risks

Recent warnings about the security risks of using public charging stations, such as at airports, hotels and hospitals, reinforces the value of juice jack blockers and using personal charging devices.

Laying the Groundwork for the Future of Girls and Women in STEM

Chiaka Ben-Obi, who earned the 2023 ISACA Technology for Humanity Award for serving as a mentor for young women seeking careers in STEM fields, shares her motivation and vision for a more equitable tech workforce.

Leveraging Technology to Help Enhance Trust in Internal Controls Amid Rising Material Weaknesses and Resource Constraints

The rise of material weaknesses leads to significant risks for enterprises and can diminish trust from key stakeholders. Understanding the causes of material weaknesses is an important precursor to developing the needed mitigation strategies.

Trust is Not Being Destroyed – Just Changing Form

ISACA Europe Conference: Digital Trust World keynote speaker Rachel Botsman explains why she thinks trust is not being destroyed but rather changing form.

Fortifying Zoom Phone Security: A Comprehensive Threat Modeling Analysis

Zoom Phone has emerged as a robust communications tool but utilizing threat modeling and arriving at a better understanding of the attack surface is needed for the tool to reach its potential.

Building Effective Defenses Against Social Engineering

By understanding how social engineering works and developing targeted defenses, cybersecurity practitioners can mitigate this perennially damaging threat.

Pay for ISACA Certifications is on the Rise

Pay for several ISACA certifications in 2023 tells a promising story for certification-holders, according to recent salary data from Foote Partners LLC.

Top Benefits of Becoming an ISACA Accredited Training Organization

ISACA Accredited Training Organizations provide a range of benefits, including increased credibility and access to unique training materials and programs.

Ransomware Attacks on the Rise in India: The Need for a Global Culture of Crisis Management

Growing instances of ransomware attacks in India are instructive both of the extent of this threat around the world and the measures that organizations need to put in place to mitigate the risks.

TSA’s Plans to Expand Facial Recognition at Airports: A Privacy Perspective

The advancement of facial recognition technology raises an array of privacy concerns, as underscored by the recent expansion of a program through the US Transportation Security Administration.

Using Agile Practices for Internal Audit

The value in modern audit is timely data that can be leveraged to improve operating processes and business continuity, tied heavily to the enterprise risk lifecycle

IT Risk Assessments: A Process Your CIO or CISO Will Thank You For

Identifying and quantifying risk can be made more straightforward by following six key steps for IT risk assessments.

Common Cybersecurity Risks to ICS/OT Systems

Organizations need to protect their industrial control and operational technology systems from cyberthreats, including through regular vulnerability assessments, network segmentation and providing ongoing training on cybersecurity best practices.

Join Me in Welcoming ISACA CEO Erik Prusch!

Erik is the right person to lead ISACA into the future. It is clear that he has a values-driven approach, a steady presence, the right vision and a clear focus to take us forward.

How ATO and Chapter Training Can Help You Pass Your Certification Exam

ISACA's chapters and Accredited Training Organizations (ATOs) offer prime opportunities for certification candidates to prepare for success on their certification exams.

New Use Case Highlights Promising MDDAP Results

A new case study demonstrates a successful, real-life application of ISACA’s Medical Device Discovery Appraisal Program (MDDAP).

Disaster Recovery and Business Continuity Preparedness for Cloud-based Start-ups

Business continuity plans for start-up companies prepare them for unexpected events that may disrupt operations and can protect critical data, as well as the company's reputation.

ChatGPT’s ‘Perfect Storm’: Managing Risk and Eyeing Transformational Change

Organizations looking to make ChatGPT implementations successful need to be mindful of interdisciplinary collaboration that taps technological expertise, regulatory compliance, risk management and operational understanding of the powerful AI chatbot.

Understanding and Implementing Digital Trust Effectively

Creating awareness of the full digital trust ecosystem is an important starting point for organizations as they look to build the sound practices and procedures needed to build and sustain digital trust throughout the enterprise.

Digital Trust as a Differentiator: Insights from ISACA Digital Trust World Panel

A recent ISACA conference panel in Boston explored how digital trust can become a competitive advantage and how the entire organization must rally around the concept for trust to be delivered.

Defensive Programming for Industrial Control Systems

Modern industrial control systems are exposed to the internet, making a proper code environment, defining rule sets and conducting verification increasingly important to protect these critical systems.

The 3A-3C Approach to Digital Solutions in the Pharmaceutical and Healthcare Sector

The digital health market is expanding, and cost, compliance and user comfort are essential elements to ensure related digital transformations are going to plan.

Digital Trust World Conference: A Fabulous Convergence of Security, Emerging Tech and Lobster Rolls

ISACA's Digital Trust World conference in Boston left me excited about the future of the security profession despite many open questions about how AI and other emerging tech will reshape the profession.

Identity as a Service Audit Implications and Best Practices

Identity as a Service can have major implications for audit by dictating the way that organizations manage user identities and access their applications and IT workloads.

Securing an AI Ecosystem: The Next Big Cybersecurity Challenge

As artificial intelligence becomes an increasingly prominent part of our professional and personal lives, security and control protocols must keep pace with the evolving ecosystem.

Where Does Digital Trust Begin? An AMA with World Economic Forum’s Daniel Dobrygowski

Daniel Dobrygowski, the head of governance and trust for the World Economic Forum, was featured in a recent Ask Me Anything discussion on ISACA's Engage community, with a focus on building digital trust and its key implications in business and civil society.

Five Tips to Prepare for ISACA’s CDPSE Exam

Top CDPSE exam scorer Chris Fraker shares his tips for success and how the certification benefits privacy professionals and their organizations.

Understanding the Risk of Robotic Process Automation

Reviewing vendor-provided scripts and testing systems in contained environments are important measures in dealing with risk stemming from robotic process automation.

Maintaining Sovereignty in the Cloud: Controlling Your Digital Future

Cloud users' desire for for control over their data calls for digital sovereignty measures in collaboration with cloud providers.

Using Tabletops and Simulations to Build Better Incident Responders

Incident simulations can be highly effective at pinpointing gaps in monitoring and detection processes, and better understanding how to go about catching bad actors.

Credential Hacking: The Dark Side of Artificial Intelligence

Artificial intelligence is capable of helping cybercriminals crack passwords, but the good news is cybersecurity professionals can leverage AI to fight fire with fire.

Digital Trust: Focus on the Forest Rather Than the Trees

Digital trust does not come about through any one product or technology but increased transparency in how technology is being developed and deployed would be a good starting point to strengthening trust in the digital ecosystem.

Taking Digital Trust from a Lofty Goal to a Measurable Reality

Organizations can turn digital trust into an important competitive advantage, as reinforced by the major takeaways from ISACA's State of Digital Trust 2023 report.

ISACA Virtual Conference Keynoter: Never Lose the Spark of a Startup

Marc Randolph, a national bestselling author, executive mentor, angel investor, and the co-founder and first CEO of Netflix, will be the opening keynote speaker at the ISACA Virtual Conference: Digital Trust World.

The Evolution of Cloud Computing and Distributed Ledger Technology

Enterprises need to have significant trust before they can move forward with delegating data control, storage and application execution to cloud providers.

Embarking on the Journey Toward Digital Trust

Dealing with adversity in a trustworthy and transparent way can turn a problem into a big opportunity for a company to strengthen its relationship with customers.

Privacy-Preserving Security Analytics

Preserving privacy while outsourcing is a challenge, especially when factoring in considerations such as how to preserve the security and privacy of data at rest.

Developing Collective Risk Leadership Through CRISC

The interconnected nature of risks in today's environment calls for a holistic approach to risk management, which can be reinforced through the principles of the CRISC credential.

ISACA’s Digital Trust Vision Highlighted in 2022 Annual Report

ISACA's newly released 2022 annual report highlights the digital trust resources that the organization put forward along with other key organizational progress from the year.

The Science of Cybersecurity and its Future Challenges

Cybersecurity is a sub-discipline of computer science and a rigorous scientific approach should underpin the work of cybersecurity leaders and practitioners.

How the Relationship Between CISOs and Legal Teams is Changing

A closer relationship between CISOs and enterprise legal teams can help CISOs deal with increasing regulatory burdens, how to approach cybersecurity insurance and addressing liability in the event of data breaches.

Risk Assessment for Technical Vulnerabilities

Regardless of local regulations, risk assessment for technical vulnerability should supplement an organization’s existing comprehensive security risk assessment, not serve as a substitute.

Pentagon Leak Case Shows that Insider Threats Remain a Prominent Risk

The recent high-profile Pentagon leak in the United States underscores the importance of defending against insider threats.

United Nations Meeting on the Status of Women Reveals True Gender Parity is Centuries Away

Women across the globe are finding ways to fast-track change and counteract concerning projections for how long it will take to truly erase gender disparities in the tech workforce and society as a whole.

Gaining More Than I’ve Given Through ISACA Volunteering

Sunil Bakshi, of India, has relished sharing his expertise and exchanging ideas with members of ISACA's global community through his ISACA volunteer activities.

ISACA Volunteer Starts Slow, Seizes Opportunities to Grow

A self-described introvert, Joyce Chua, of Singapore, says her volunteer activities with ISACA helped her build her speaking and collaborating skill set.

Volunteer Finds Resources He Needs ‘All Under One Roof’

Chetan Anand says ISACA has provided many of the knowledge resources he is looking for "all under one roof," and he gives back through extensive volunteering.

Volunteer Work Provides Fresh Perspectives for InfoSec Professional

Germany-based ISACA volunteer Julia Hermann says her volunteer work with ISACA has exposed her to new perspectives that have furthered her professional growth.

Volunteering Pays Quick Dividends for Recent University Graduate

Han Jumashov has become an active ISACA volunteer after relocating to the United States from Turkmenistan to pursue his university degree and the beginning of his professional career.

Award-Winner Creates a Culture of Innovation, Adaptability and Inclusion

ISACA Chicago Chapter President Ramona Ratiu reflects on her recent ISACA Inspirational Leadership Award and shares her leadership goals going forward.

Why Team Training Leads to Big Business Benefits

Enterprise training can ensure team members are aligned in their decision-making and approaches for more effective team performance and communication with stakeholders.

How Automation Can Streamline Your Compliance Journey

Usage of compliance automation technology is rising as organizations that implement it experience a range of benefits.

Interactive Tabletop Scenarios: A Comprehensive Approach to Strengthen and Assess Your Incident Response Strategy

Interactive tabletop scenarios, incorporating gamification, can make a big difference in sharpening organizations' incident response preparedness.

CMMI Updates Take Performance Improvements to the Next Level

The latest iteration of the CMMI model includes security, safety, data management, people management, and managing virtual workforce best practices.

Introduction to ICS/OT Systems and their Role in Critical Infrastructure

Industrial Control Systems/Operational Technology must be understood and secured effectively to avoid potentially disastrous impacts on critical infrastructure.

How CMMI Cybermaturity Platform (CCP) can help your organization implement Zero Trust

ISACA's new eBook is a free resource to guide you on how to simplify the implementation of a Zero Trust strategy in your organization with the CMMI Cybermaturity Platform (CCP).

The Exciting Benefits of ISACA’s MDDAP VIP Portal

ISACA's Medical Device Discovery Appraisal Program (MDDAP) Voluntary Improvement Program (VIP) Portal launched to collaborators and stakeholders with exciting features and updates.

Security Awareness Training: A Critical Success Factor for Organizations

Reducing chances of a data breach, supporting existing systems and increasing customer confidence are among the leading benefits of effective security awareness training programs.

‘There is Hope’: Facebook Whistleblower Takes On Misinformation, Addresses Digital Trust

Facebook whistleblower Frances Haugen, who will be a keynote speaker at ISACA's upcoming Digital Trust World Boston conference, addresses misinformation and digital trust.

Crypto Collapse and Democratizing Auditing

The proliferation of emerging technologies across domains and throughout all layers of an organization is leading to a democratization movement that is not yet well-understood, with IT audit playing a significant part.

Insights from a Privacy Jedi

Privacy expert Michelle Dennedy recently shared her insights on emerging privacy trends and key industry challenges in an Ask Me Anything session through ISACA's Engage platform.

The Biggest AI Moment Ever for Cybercrime Just Happened

Cybersecurity professionals, beware: the theft and repurposing of powerful AI models is within cybercriminals' reach, and it could be a game-changer.

Compliance Automation Journey: Five Steps to Streamline Efforts, Identify Risks, and Improve Team Workflows

When implemented effectively, compliance automation can make a big difference in allowing teams to dedicate their time toward more impactful priorities.

Solutions for Digital Identification

While a universal solution for digital identification of internet users might not be realistic, finding solutions that are suitable in various situations is realistic and a worthwhile goal.

A Collaborative Approach to Cybersecurity

Since attackers often benefit from cooperative measures, it only makes sense for organizations to collaborate in their efforts to thwart cyberthreats, even if that has historically proven to be challenging.

Five Habits to Make Compliance Smoother for Lean Teams

Smaller organizations might find keeping on top of compliance activities to be challenging but there are several key habits that can help lean teams meet compliance responsibilities without feeling overburdened.

As in Life, Digital Trust Is a Two-Way Street

It is not only organizations that have eroded trust – people have played a role, also, and both people and organizations need to be a part of fixing what is broken.

Software-Defined Networking: The Future of Networking

Software-defined networking provides a modern solution to evolving access challenges that can be problematic for network administrators.

Top Risks and Rewards of Moving to the Cloud

Enterprises increasingly are moving to the cloud and seeing major benefits along the way, but it is important to weigh those gains against numerous cloud risks that need to be managed.

Influencing Security Decisions with Effective Communication

Effective communication makes a big difference in bolstering leadership buy-in for security programs.

Assessing Culture With Help From the US Surgeon General

The importance of organizational culture is now understood to be a major factor in an organization’s overall success.

ISACA Foundation Takes Equity Message to White House Office of National Cyber Director

ISACA Foundation recently took its message of equity and inclusion to the White House.

Data Privacy: A Public Policy Challenge

Data privacy is not just about information security, governance or customer trust - it also is a public policy challenge.

Improved IT Frameworks

Frameworks and IT general control guidance should be reviewed periodically to keep up with industry best practices.

LastPass Hack Highlights Importance of Applicable Acceptable Use Policies.

The recent LastPass breach reinforces that Acceptable Use Policies should not be overlooked or underestimated.

Five Factors That Turn CISOs into Firefighters

Chief information security officers often find themselves doubling as firefighters - can it be avoided?

The Future of Technology Risk

Consider four ways to build stakeholder trust in the technology risk imperative.

Five Powerful Quotes on the Black Experience in IT

Despite historically being underrepresented in many IT fields, Black professionals have made a huge impact on digital trust disciplines.

The Competitive Advantages of Privacy and Trust

Sound practices in managing privacy and emerging technology implementations pays off for enterprises in creating trust with customers.

Mindfulness Amid the Chaos

Anastasiia of the ISACA Kiev Chapter reflects on the difficult last year and the support the chapter has received from ISACA's global community.

Examining Information Privacy Realities Contradiction Theory

Allowing our information privacy violation tendency to outweigh our protection tendency because of our self-interests can prove problematic to ourselves and others.

Making Risk Management for Agile Projects Effective

ISACA’s Incorporating Risk Management into Agile Projects white paper provides guidance for conducting risk assessment in an agile project context.

Five Overlooked Benefits of Having an IT Certification

Some benefits to attaining certifications are obvious but there are many other benefits beneath the surface.

Smoothing the Path for an Even Brighter Future for ISACA

ISACA continues to deliver on its digital trust vision while finding new ways to serve its global community.

Building Resilience with ISACA

Resilience has become top-of-mind throughout the digital trust fields since the pandemic. The ISACA community can be a great place to sharpen resilience on a number of fronts.

Data Protection and Its Impact on the Older Population

Impacts of GDPR and other data protection policies on the elderly population should not be overlooked.

FedRAMP for ISVs: How Out-of-Scope Organizations Can Demonstrate Federal Compliance

Some software vendors don’t fall within the scope of FedRAMP and must identify alternate paths to compliance.

Governance, Processes and Planning: Three Significant Countermeasures to Being Hacked

Governance, processes and planning are three components of cybersecurity management that can address the people vulnerability.

Three Key Predictions for 2023: The Year of Risk

The rise in importance of internal risk assessments is among the key trends that could shape the risk landscape in 2023.

Major Challenges Ahead for GRC Professionals in 2023

GRC professionals will need to remain attuned to changes impacting the technology, regulatory and security landscapes to be effective in the year to come.

Data Protection in Enterprises

Data protection is maturing toward a more holistic approach, with emphasis on meaningful datasets to enterprises and regulations.

Third Party Audit Reports as the New Trust Currency

The compliance audit process can give third parties confidence in an organization’s ability to manage and govern information security and privacy.

Assessing the Risk of Emerging Technology: Will Early Assessments Match Reality?

Implementation of emerging technologies requires organizations to rethink their approaches to risk assessment.

CMMI Performance Continues to Impress, Improve

The CMMI Performance Report captures encouraging insights in business capability and performance objectives.

Categorizing and Handling Sensitive Data

Organizations need to be intentional and diligent about how they classify and handle both regulated and unregulated sensitive data.

Recognizing the Hidden Risk and Quantifying Ethical Analysis When Governing Data

An ethics-based algorithm could be useful in moving data governance forward and accounting for overlooked risks.

Modern Complexities of Cybersecurity

An ethics-based algorithm could be useful in moving data governance forward and accounting for overlooked risks.

ChatGPT and Leveraging Artificial Intelligence in Auditing

ChatGPT is the latest example of how artificial intelligence can make a substantial impact for IT audit professionals.

ISACA Mentorship Program Galvanizing Connections

The ISACA Mentorship Program is leading to new connections and professional growth around the globe.

Sizing Up the Global State of Privacy

ISACA's Privacy in Practice 2023 report showcases areas for improvement when it comes to executive support, skills and staffing in the privacy field.

Where Privacy Stands Five Years After GDPR

Five years after the GDPR regulation came onto the privacy scene, there is still much progress to make on the people, process and technology fronts for enterprises to be on sturdier ground.

How to Ensure Your IT Objectives Align with Organizational Goals

Aligning IT initiatives to overarching enterprise business goals is important and measurable.

Five Reasons to Make 2023 the Year to Pursue a Certification

Validation of knowledge and keeping pace with the fast-moving technology landscape are among the leading motivations to pursue an IT certification in 2023.

Ransomware Looms Large on Third-Party Risk Landscape

Due diligence and sound risk management are essential to help enterprises prepare for ransomware and other threats involving third-party relationships.

The Importance of Embedding a Culture of Privacy by Design

Organizations can gain a competitive advantage by taking deliberate measures to implement privacy by design.

How I Survive Imposter Syndrome

Dealing with imposter syndrome can be even more challenging for those living and working in countries in which they are not native speakers.

In Search of Great Data Candidates

Identifying the best candidates for data-focused roles can go a long way toward improving an organization's risk profile.

How Cyber Pathways Can Help Your Career

The Cyber Pathways Framework could have a significant impact in resolving the ongoing skills crisis in the cybersecurity field.

The New, Emergent CISO

The CISOs of the future will have to combine a wide range of technical and business skills to rise to the many challenges they will face.

The Main Challenges of Effective Risk Management

Risk management can be a tremendous asset for organizations when the right processes and methodologies are applied to overcome key challenges.

Addressing Selective Compatibility

Today's methods of authentication are likely to become less reliable going forward, making selective compatibility all the more relevant.

Top Cyberattacks of 2022: Lessons Learned

Major 2022 data breaches involving Optus, Uber and Neopets led to many lessons learned for security practitioners and business leaders.

The Future of Skills: Preparing for Industry 4.0 and Beyond

Industry 4.0 brings great potential to transform the IT professional landscape.

Quantifying the Qualitative Risk Assessment: Using Data to Inform Judgment

The technology field is ripe for quantification support for qualitative judgments.

All systems are GO!

Enterprises need to shift their mindset from 'cyber incident' to 'crisis management,' especially in an era when ransomware and other threats are present dangers.

Talent Transformation Strategies for Security Leaders to Address the Cybersecurity Workforce Challenges

Investing in a strong security culture and adopting a growth mindset are among the approaches that can help organizations transform their strategy for dealing with cybersecurity talent shortages.

Five Actionable Success Tips for Risk Professionals in 2023

What organizational risks should risk management professionals be sure to keep in mind as we head toward 2023? Kerris Lee provides tips for the new year for risk practitioners.

Five Actionable Success Tips for Privacy Professionals in 2023

More and more organizations are realizing that privacy programs must be appropriately prioritized and resourced, a reality that will only become more striking in 2023.

Five Actionable Success Tips for Security Professionals in 2023

Creating a personal incident response plan is a good place to start when security professionals consider how they can thrive in 2023.

Five Actionable Success Tips for Audit Professionals in 2023

Looking toward 2023, IT audit professionals will need to increasingly focus on cloud environments and privacy engineering to keep pace with the changing technology and regulatory environment.

Dialing in the Data

Building cyber resilience can be an uphill battle for many organizations given the proliferation of data and the fast-evolving threat landscape.

Achieving Resilience at ASEAN-Japan’s Cybersecurity Capacity Building Centre

Much can be learned from the way the ASEAN-Japan’s Cybersecurity Capacity Building Centre deployed several procedures to reduce the COVID-19 pandemic’s effects on operations.

Identity and Access Management: The Nonhuman View

As digital transformation sweeps across organizations, the technologies that are the foundation of that transformation need access.

Which Cybersecurity Roles Pay the Best?

Cybersecurity talent remains highly in-demand, leading to several roles that command high salaries.

Five Mistakes to Avoid When Preparing for a Certification Exam

Avoiding some common mistakes can make for a more successful certification exam experience.

What Do the ISO 27001 Updates Mean for Your Business?

"After nine years of certifications, ISO has released an updated version for one of the most popular frameworks in the cybersecurity environment."

Digital Native Organizations Are Energizing Organizational Design

Digital native organizations are ahead of the curve when it comes to enabling digital transformation and modernization.

5G Privacy Implications

Enterprises must consider the risk of 5G adoption on the front end and be proactive about working through potential privacy and security implications.

How Knowledge Workers Can Convince Employers to Sponsor IT Certifications and Professional Growth

Employers can support their employees' professional development by sponsoring their professional certifications and providing ongoing training resources.

Applying Enterprise Risk Management to Cyberrisk

The rise of ransomware has increased the stakes for enterprise risk management and cyber risk.

‘Putting Out Fires’ and Maturing Your Privacy Compliance Program

As privacy regulations continue to take effect, enterprises must mature their privacy compliance programs.

Audit Essentials for Driving Efficiency and Value

Each audit has a lifecycle, from planning to execution to conclusion, and each phase in the audit lifecycle requires multiple steps to be executed effectively.

The Impact of a Hybrid Workplace on Security

Although the shift to the hybrid workplace has been a sea change for IT and security teams, new advances in security concepts and solutions hold the potential to smooth out the transition.

Solving Security and Privacy Concerns in Emerging Technology

Personal data are more exposed than ever in the evolving emerging technology landscape but are often insufficiently protected from being stolen.

Seven Key Steps to Build Digital Trust

The path to stronger digital trust includes key steps such as understanding customer expectations and going beyond checking boxes.

Five Quick Tips for Taking ISACA Certification Exams

ISACA certification-holders share their tips and guidance for success on ISACA certification exams.

A Pilot’s Lofty Goal of Building Trust Through Audit

ISACA member Osama Abbas is a champion for digital trust in his role as head of audit while finding time for his aviation passion in his free time.

Keep Your Dream of Becoming a CISA Alive

Candidates who struggle on their first try to pass the CISA certification exam can still reach their goal with perseverance and some tweaks to their preparation.

How to Safely Share Your Business’s Online Videos

Finding the right balance between security and convenience is key for businesses when it comes to sharing their videos online.

Finding or Building the Right Framework for Your Organization

Organizations face a challenge in understanding which framework will deliver the most value in an era of increased regulatory and business challenges.

Cyber Ratings as Measures of Digital Trust

As the profession of cybersecurity continues to mature, it inevitably will borrow from other disciplines that have developed mature practices. The credit rating profession has much to offer cybersecurity as it attempts to support the overarching need for the creation of digital trust.

Smarter Testing Equals Safer Digital Experiences

Tighter alignment of testing with the software development lifecycle and better modeling of real-world adversary threats has allowed Adobe to become more DevSecOps-minded in its application security testing.

Risk Appetite vs. Risk Tolerance: What is the Difference?

By demystifying the risk appetite and risk tolerance terms, it is easier to explain and integrate these concepts within enterprise risk management frameworks.

How Risk Transformation Enables Enterprise Success

Risk expert Luma Badran recently led an ISACA Engage community discussion of topics including risk transformation, best practices for the three lines of defense, internal audit, operational risk management and cybersecurity insurance.

‘Privacy Is Not Dead, But It Is Dying’

Menny Barzilay will be a keynote speaker for ISACA Conference Asia 2022, to take place virtually 16-17 November, presenting on “The Dark Future of Privacy.” Barzilay, an internationally recognized cybersecurity expert and CTO of the Interdisciplinary Cyber Research Center at Tel-Aviv University, recently visited with ISACA Now to discuss privacy mining, deep fakes, digital trust and more.

Exploring the Relationship Between IT Certifications and Salaries

Certifications can have a big impact on IT professionals' salaries and career advancement opportunities.

Cloud Governance and Security Imperatives

Organizations that can strike a balance between their strategic objectives and security needs will be well equipped for success in their cloud implementations.

The Cybersecurity Skills Gap: Dispelling Misconceptions

The workforce challenge organizations often perceive as a cybersecurity skills gap is more accurately a failure to take advantage of the people and resources that should be better utilized.

What is the ROI from Enterprise Training?

The return on investment from enterprise training extends well beyond the financial to areas such as mitigating risk and helping organizations become more agile and resilient.

A COBIT 2019 Use Case: Financial Institutions in Georgia

The COBIT framework has some key applications in the financial sector as demonstrated by a recent use case in Georgia.

How to Transition from General IT to Cybersecurity

For IT professionals looking to transition to a cybersecurity career, there are several promising pathways to position themselves for success in cybersecurity.

Securing Patient Data Is Paramount in the Post-Pandemic Era

Securing patient data and complying with HIPAA laws may seem like a challenge, but there are several steps your organization can take to combat a cyber incident.

The Social and Psychological Consequences of Ransomware Attacks

Organizations focus on the financial loss and disruption to services caused by ransomware attacks, but there are significant social and psychological effects that are often overlooked.

How To Apply Process Mapping Synergy Gains for Business Continuity and Disaster Recovery

Process mapping from disaster recovery and business continuity planning can help improve enterprises' overall business resiliency.

Navigating Privacy and Compliance Post-Dobbs Ruling

A variety of healthcare, data privacy and security issues have emerged since the recent Dobbs ruling that have impacted and will continue to impact both businesses and individuals in the United States.

The Impact of Cybersecurity on Consumer Behavior

New ISACA data on consumer attitudes about cybersecurity reveal there is much work to be done for enterprises to earn the trust of customers and stakeholders.

Five Major Auditing Challenges in Cloud Computing and How to Overcome Them

Top challenges for auditing the cloud start with identifying cloud usage and controlling and monitoring user access.

Advancing Digital Trust on Capitol Hill, in Parliament and Beyond

ISACA leaders recently have taken their digital trust message to government officials from the UK, Ireland and the United States.

A CISA Top Scorer’s Tips to Feel Prepared for the CISA Certification Exam

Angelina Kahn-Dubois, the top Certified Information Systems Auditor (CISA) certification exam scorer for 2021, offers tips for success on the CISA exam.

‘Piecemeal Approach’ Insufficient to Create Digital Trust

Matt Chiodi, chief trust officer at Cerby and a member of ISACA's Digital Trust Advisory Council, and Karen Heslop, ISACA's vice president of content development, provide their perspectives on ISACA's State of Digital Trust 2022 report.

The Importance of Organizational Resilience in an Age of Immense Change

Organizational resilience has become increasingly top-of-mind for enterprises in the era of The Great Resignation.

Audit Approaches for Enterprise Databases

Ensuring enterprises can achieve their business objectives without concerns about sensitive data security is a value-add proposition for internal audit departments looking to perpetuate their role as trusted advisors to executive management.

Five Key Takeaways from ISACA’s State of Digital Trust 2022 Report

Key takeaways from ISACA's State of Digital Trust report show how organizations must prioritize, measure and collaborate to make strengthening digital trust a reality.

Giving Data Integrity Its Place on the Podium

Data integrity, one of the key technology risk factors identified in recent IT audit research conducted jointly by ISACA and Protiviti, is crucial to the decisions that enterprises make in the course of routine business.

How MDDAP Improves Product Quality

By helping medical device manufacturers better understand and sharpen their capabilities, ISACA’s Medical Device Discovery Appraisal Program (MDDAP) is advancing device quality and patient outcomes by driving toward a culture of continuous improvement.

Digital Trust: The Key to Successful Transformation

Today’s digital economy is driven by innovation. The companies that are able to find new ways to serve their customers, often enabled by implementation of emerging technologies, are the ones best positioned to thrive.

How To Communicate Risk in a Way Leadership Can Understand

The key to effectively communicating risk is aligning risks to the company's business objectives.

How Secure is Your Data? A New Way of Looking at Data Privacy Compliance

Recent data privacy compliance regulations, along with existing ones, present a whole new dimension in the world of regulatory compliance requirements for banks/financial services across the globe.

The Customer’s Responsibility in the Cloud Shared Responsibility Model

The cloud shared responsibility model model can help relieve customers’ operational burdens as the cloud service provider operates, manages and controls the host operating system, infrastructure components and actual physical security of the facilities.

Privacy: A Key Component of Building Digital Trust

The key relationship between privacy and advancing digital trust was explored in a recent ISACA Live episode with Safia Kazi and Betsie Estes.

AI Ethics and eXplainable AI (XAI): Much Easier Said Than Done

More artificial intelligence (AI) proponents are proposing that integrating ethics with AI will result in better customer engagement with the technology

A Fan of Diverse Experiences

ISACA member Varun Prasad works with tech companies of varying sizes to help build digital trust by addressing the security and privacy compliance requirements of customers and other stakeholders.

Cloud Computing — What IT Auditors Should Really Know

Given the growing reliance on cloud computing, internal audit should adopt a proactive approach to cloud initiatives and position the department as a trusted advisor.

ISACA Kenya Chapter to Support Vulnerable Children in CommunITy Day 2022

ISACA's annual CommunITy Day of global volunteering is coming up on 1 October, with chapters around the world preparing to make their impact at the local level.

IT Audit Field Provides ‘So Many Options’ for Early-Career Professionals

Jeff Burke shares his experience as a new IT auditor and describes why IT audit is a promising career path for rising professionals.

Mapping a Serial Rug Pull Scammer on Binance Smart Chain

Rug pull events can be detected and analyzed using publicly accessible blockchain explorers, online analytical tools and data repositories.

Shifting the Paradigm to Protect Your Data

ISACA's new white paper, "Defending Data Smartly," goes beyond solutions for protecting your organization’s data, also exploring challenges across information technology, compliance, privacy and governance.

International Standards: ISACA Update on ISO Governance and Management Standards Initiatives

ISACA recently participated in meetings to review and update several ISO governance and management standards.

Breaking Into the IT Industry: IT Degree and Certification

Earning IT certifications can make a big difference in both salary and job opportunities for early-career professionals, and can also serve as a strong complement to IT degree programs.

Ethical Artificial Intelligence and Machine Learning By Design: A New Standard to Doing Business

Several foundational steps can be taken for organizations by adopting an ethical artificial intelligence and machine learning lifecycle to move toward standardizing ethical technology implementations.

Approach to Auditing a Core Banking System

Auditing core banking systems successfully requires due diligence on a wide range of control tests.

A Five-Step Process to Help Organizations Achieve Operational Resilience

Operational resilience is far more than having business continuity planning in place and conducting disaster recovery drills; it requires strategic decision-making when planning, identifying, defining, working, testing, monitoring and re-defining multiple parameters.

Title Bias – The New Form of Bigotry in The Workplace

Title bias occurs when someone treats another person differently because they don’t hold a specific title or position in an organization, and it can badly damage workplace culture.

Burned Out: InfoSec Professionals Sound the Alarm

According to a recent survey, almost a third of infosec professionals want to quit the cybersecurity profession due to burnout within the next 12 months. Can we save our industry from a mass resignation before it’s too late?

Creating, Not Predicting, the Future

ISACA Europe Conference keynote speaker Stefan Hyttfors visited with ISACA Now to discuss some of his favorite themes—the future, emerging technology and trends in globalization and sustainability.

My CISM Exam Journey

Laura Tate Zannucci shares her experience preparing for the CISM certification exam, including tips and guidance on what proved to be successful tactics.

Advancing Technology as a Human Right

Code Your Dreams was recognized with the ISACA Technology for Humanity Award for leadership in empowering the next generation of civic-minded technologists.

My Path to a Career in Cybersecurity

Dr. Joseph J. Burt-Miller Jr. says experience, certifications and degrees form the "cyber triangle" to spark career growth in the cybersecurity field.

Auditors in a ‘Perfect Position’ to Further Digital Trust

IT auditors are an important part of the digital trust equation since they are able to give organizations confidence in the processes and business relationships that they have in place.

Eight Steps to Manage the Third-Party Lifecycle

Managing third parties is a relationship that must be managed throughout the third-party management lifecycle, from identification and screening to offboarding.

Advancing Digital Trust Through Collaboration

To address the biggest challenges in the technology field, Priya Mouli, Director at PwC’s Cybersecurity Consulting practice yhinks there needs to be more collaboration and cooperation among the public and private sectors and groups globally.

Sharpen Your Machine Identity Management

New technologies are regularly implemented into IT infrastructure in this era of digital transformation, placing increased importance on sound machine identity management (MIM).

How Much Trust Should You Give Digital Identity Identification?

Digital identity is a necessity. It should be simple and accurate as well as easily eliminable. Users should be able to expect control over the dissemination of their personal data.

How to Build a Data Science Team Within the Internal Audit Function

Data science is a growing and evolving force in different functional areas of business, and the internal audit function is no exception.

Building Our Security Coordination Center (SCC) Hunting Program

When many companies think about network security, they usually think in terms of firewalls, anti-virus software, intrusion detection systems, and multi-factor authentication (MFA).

Supply Chain Security: Where Do We Go from Here?

ISACA risk expert Paul Phillips and CEO of Risk Factor Richard Hollis discussed key challenges influencing supply chain security in an episode of ISACA Live last week. Their conversation was supported by insights from ISACA’s recent survey, Supply Chain Security Gaps: A 2022 Global Research Report.

Data Resilience Is the Cornerstone of Digital Resilience

Digital resilience is the outcome of organizational action taken to rapidly deploy or modify digital technologies to address the negative impact of shocks—such as the pandemic—in the interests of maintaining organizational sustainability.

Changes Needed to US Federal Privacy Proposal for Effective Implementation

My Privacy & Security Brainiacs team has been tracking US federal bills proposed by Congress that mention privacy in some way.

Addressing Security Risks to Medical IoT Devices

The Internet of Things (IoT) enables millions of smart devices worldwide that are connected to the internet to collect, process and share data.

Mea Clift: ‘A Force of Nature’

ISACA member Mea Clift advances digital trust in her work but also makes time for some old-fashioned personal pursuits.

Know Your Risks – and Your Friends’ Risks, Too

In today’s globally connected world, organizations are finding themselves at a greater risk than ever of a supply chain compromise.

Purple Teaming: The Next Gen Pen Test

It’s pen test time again. Time to get updated quotes from vendors and put something on the schedule ahead of the compliance deadline, but will this year’s results be any different than last time?

Persevering Through a Seismic Industry Shift

Eventcombo was recognized this year with the ISACA Innovative Solutions Award “for enabling community connections and continuing education virtually during a global pandemic through innovative EventTech solutions.”

What Can Internal Auditors Do to Increase Cybersecurity Audit Effectiveness?

Cybersecurity has topped the list of critical risk for organizations for the fifth time in both the European Confederation of Institutes of Internal Auditing’s (ECIIA’s) 2022 Risk in Focus report and the Institute of Internal Auditor’s (IIA’s) OnRisk 2022 report.

Why You Can’t Afford to be Reactive About Cybersecurity and Compliance

There has been a very clear change in awareness and overall attitude toward cybersecurity and compliance in recent years.

Characterizing System Security Engineering Using a Business Impact Analysis

As adversaries continuously seek to disrupt, cause harm and wreak havoc on complex digital assets, enterprises must strategically plan, design and build secure, trusted systems.

Cyber Incident Reporting: From Guidance to Enforcement

Imagine a day when the stock markets suddenly begin to crash, contrary to market movements, and your equity holding nosedives from a healthy green to an alarm bells-blaring red.

Digital IT Forensics Evolution Through Digital Transformation

According to the National Institute of Standards and Technology, “Digital forensics is the field of forensic science that is concerned with retrieving, storing, and analyzing electronic data that can be useful in criminal investigations. This includes information from computers, hard drives, mobile phones, and other data storage devices.”

Cybersecurity Workforce Advancement

Cybersecurity education and training is important in the cybersecurity workforce and provides students and recent graduates with information on how to find what path to take. Paths include formal education from universities and institutions that provide programs to better equip the student who desires to be a cybersecurity professional (e.g., bachelor’s, master’s and doctoral degrees) and cybersecurity training such as boot camps, certifications preps and certificate programs.

AI and Digital Ethics: ‘There Could Not Be More Overlap’

Véliz recently visited with ISACA Now to share her perspectives on AI, digital ethics and more.

Quantum Computing and the Role of Internal Audit

Quantum computing is a very exciting discipline formed by the combination of computer science, physics and mathematics, which uses some of the mysterious aspects of quantum mechanics to enable unprecedented computational performances.

Ensuring You Have the Right Governance in Place for Physical and Environmental Controls

Physical and environmental controls are more than gates, guards, generators and HVAC monitoring. Getting physical and environmental controls right is a big step forward in reducing your enterprise’s risk and protecting critical assets in an unpredictable world. So how do you determine that you have the proper controls and governance oversight in place?

Arts vs. Sciences in IT: How UX Design Can Bridge the Gap

As professionals in IT-related fields, our jobs can seem very explicit: Binary 1s and 0s and Boolean true or false is baked into much of what we do. There are exceptions of course, but often there is a right answer or a wrong answer, and little space in between.

MDDAP Helps Achieve Fast, Sustainable Solutions for Medical Device Quality

MDDAP’s successful development is due in part to the Case for Quality (CfQ) being launched from FDA’s own research with a wide variety of stakeholders, which revealed a problem in the industry: compliant manufacturers were still having similar types and frequency of issues as non-compliant manufacturers. While compliance was important, it alone wasn’t going to drive the desired quality outcomes.

ISACA Member’s Impact in Nigeria Recognized on the Global Stage

Kashifu Inuwa Abdullahi, Chief Information Technology Officer, National Information Technology Development Agency in Nigeria, was recognized this year with the ISACA Inspirational Leadership Award “for leadership in bridging the digital divide by providing computers and other IT infrastructure to rural areas and schools and for providing virtual libraries.”

How the Right Help Desk Processes Can Strengthen Security

The IT help desk might seem like a simple portal for helping end users manage their issues. But in reality, it represents one of the first (and best) filters for identifying potential cybersecurity problems that may arise.

Next-Generation CISO: Business, Technical or Mix of Both?

Before we get to the answer to the question posed in the title, let’s look at the typical job responsibilities of a CISO.

Lessons in Change and Leadership from ‘The UnLearning Lady’

Zanele Njapha recently visited with ISACA Now to discuss her quirky nickname, her views on entrepreneurship and organizational change, and more.

Reach and Teach: An Effective Way to Market and Advertise Cybersecurity Services

Now is the time for cybersecurity professionals to get in front with their message.

Introducing the Principle of Need to Have Available

The principle of need to have available can be summarized as having only the permissions you need for your next set of tasks.

The Overlooked Characteristics That Can Elevate the Cybersecurity Workforce

While much has been said and written about the difficult cybersecurity skills and hiring landscape, one key characteristic that is typically overlooked in cybersecurity professionals is empathy.

Foundational Understanding of Databases Boosts Auditors’ Value

With all the areas under an IT auditor’s purview, it is challenging, perhaps impossible, to be as proficient as we would like to be in all areas.

Perimeter-less Security

“Never trust, always verify” have been the buzzwords ever since the term “zero trust” was coined. According to Pulse, 87% of decision-makers believe that zero trust security strategy will simplify their organization’s security architecture.

Reaching Objectives and Enabling Success: How CMMI Creates Habit Persistence

During ISACA Conference North America 2022, ISACA launched a new initiative focusing on the pursuit of digital trust, which means that this topic was present in several discussions throughout the conference.

Making Continuous Controls Monitoring Work for Everyone

As a security assurance professional, you know the importance of controls testing. After all, only organizations that thoroughly test and prove their controls’ effectiveness can be confident that they’ve sufficiently mitigated their security and data privacy risks.

Customs Goes Digital: Exploring the Latest Trends

It’s been amazing to watch how almost every aspect of global life has been digitized in some shape or form over the past several years – and customs is no different. The question is, which aspects are changing? And is it for the better?

The Great Resignation & Employee Retention in Digital Trust Professions: Closing Critical Workforce Gaps

ISACA Conference North America 2022 last month featured the launch of ISACA’s new initiative focusing on the pursuit of digital trust, which was a recurring theme throughout many of the event’s presentations.

Give Your IT Risk Program a Jump-start

I’m constantly fielding questions about how to start building a modern-day IT risk management program, and a quick Google search reveals that there are many differing opinions on the best approach.

Supply Chain Risk Management: Where Do We Start?

Mea Clift examines how to climb the mountain of evaluating vendors to ensure they're meeting security standards.

Demystifying China’s Personal Information Protection Law: PIPL vs. GDPR

On 20 August 2021, the National People’s Congress (NPC) passed the final version of the Personal Information Protection Law of the People’s Republic of China (PIPL), a comprehensive privacy law that covers multiple facets of personal information protection.

How Best to Protect Your Assets

How do you typically protect a special or expensive piece of jewelry? You may keep it in a bank locker or in an electronic safe in your home.

In a World of Technology, ISACA Makes the Difference

At the beginning of this year, ISACA took on a bold new vision for the future: Be the standard-maker for digital trust everywhere.

The Governance, Assurance and Automation that Financial Services Organizations Need

In response to the recent Russian invasion of Ukraine, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced a set of expansive economic measures designed to incapacitate the Russian financial system.

The Future of Audit in the World of Interconnected Business

The COVID-19 pandemic had changed many things; one among them is the perception of the audit process as business processes have become more interconnected and interdependent.

Five Cybersecurity Memes and What They Say About Cybersecurity Today

Cybersecurity memes on social media are often good for a laugh, but several of the more popular ones have gained resonance with security professionals for a reason...

Separating Fact from Fiction: Debunking Myths Around CMMC 2.0

With more than 220,000 companies supporting the US Department of Defense, the defense industrial base presents an enticing target for hackers, nation-states, and cybercriminals.

Cybersecurity and Consumers

As a cybersecurity leader and scientist, I find it interesting that as I observe events all around me that all are seemingly unconnected, they are in fact connected, at times with exciting and favorable outcomes.

Combining the Risk Register and the Maturity Model to Increase Total Value

Communicating the results of business controls to top management is never an easy process, especially if we want to ensure concrete information based on risk and effectiveness of controls is communicated. Generally, risk and controls rely on different methodologies; this is not ideal. Instead, we need flexible methodologies, collaboration between business processes and adequate tools.

Digital Trust Requires All Hands on Deck – But the Payoff Is Big

The fields in which ISACA’s professional community works – such as audit, risk, security, privacy and governance – feed into the more encompassing realm of digital trust.

COVID-19: An Ignitor in Information Risk Management

This makes one think about risk subconsciously as we are uncertain about when pandemics will happen as well as how we should be prepared to contain and reduce their impact.

Three Reasons Your Third-Party Management Program is Struggling

Building trust throughout an organization requires working collaboratively across lines of the business and gaining interdepartmental, cross-functional visibility.

Understanding the Full Digital Trust Ecosystem

A Google search of “digital trust” turns up 5.73 billion results, and hundreds of recent trade press articles have covered the topic.

The Needed Societal Response to Cybersecurity Risk in the COVID Era

COVID-19 has transformed how business is conducted with the acceleration of cloud adoption and remote working. Organizations’ data is no longer kept within the perimeter of the office’s or data center’s boundary.

Award Winner Weaves ISACA Into Academic Curriculum

Andre Pitkowski recently visited with ISACA Now for a Q&A interview, reflecting on his award. The following is a transcript of the interview.

Zero Trust Does Not Imply Zero Perimeter

Typically, when we hear “zero trust” these days, folks generally hear the common example of remote employees not having to VPN (Virtual Private Network) back to their enterprise network to access the cloud resource.

Should Information Systems Audit Evolve to Information Systems Continuous Monitoring?

Nothing in this world is static. Everything evolves, and improvements often happen when things evolve.

2021 Annual Report Spotlights ‘Inspiring Work’ of ISACA Community

Through new learning and credentialing opportunities, enterprise resources and its ever-growing global community, ISACA was in pursuit of digital trust throughout 2021 on multiple fronts.

Building a More Trustworthy Digital World

Technology is truly driving global innovation and the world economy.

In 50 Years, the ISACA Journal Has Had and Seen it All

Congratulations to the ISACA® Journal on achieving 50 years of publications. The massive body of information published has, no doubt, positively impacted ISACA® members, their organizations, the IT governance community and society at large.

Practical Advice for Agile Audit

Agile audit is in right now, and it looks like even the people who were doing everything agile opposes are now ardent supporters and push for going agile.

Failure to Patch and the Rare Case of the Java Crypto Hack

One of the often-accepted truisms in cybersecurity is to ensure that all systems supporting and protecting business operations are up-to-date and current.

Living off the Land (LotL) Classifier Open-Source Project

In security, “Living off the Land” (LotL or LOTL)-type attacks are not new. Bad actors have been using legitimate software and functions to target systems and carry out malicious attacks for many years.

Twenty Ways Information Security Has Become More Challenging in the Past 20 Years

To mark the anniversary of ISACA’s Certified Information Security Manager (CISM) we spoke with 20 CISM-holders to collect their commentary on the biggest challenges that have emerged in infosec since CISM came on the scene in 2002.

Twenty Ways Information Security Has Changed for the Better in the Past 20 Years

ISACA’s Certified Information Security Manager (CISM) certification is now in its 20th year and to mark the anniversary, we spoke with 20 CISM-holders to collect their commentary on what has changed for the better.

How CISOs Can Score Some Quick Wins

Brian Fletcher, recently visited with ISACA Now to discuss how chief information security officers (CISOs) can start off by achieving some quick wins for their organizations and how organizational cyber maturity enters the equation.

Malicious Trends: What You Need to Know

According to the recent Cybersecurity Ventures 2022 “Cybersecurity Almanac,” organizations will spend approximately US$1.75 trillion on cybersecurity between 2021 and 2025.

Supply Chain Security: Analysis of the Georgian Ecosystem

According to the European Union Agency for Cyber Security (ENISA): “In cybersecurity, the supply chain involves a wide range of resources (hardware and software), storage (cloud or local), distribution mechanisms (web applications, online stores), and management software.

Proven Methodologies to Fight Ransomware

Though the topic of ransom and ransomware is extremely popular, a lot of discussions center around a few topics: prevention, insurance and recovery.

Saluting Our Global Volunteers

When ISACA certification candidates take an exam, the content of that exam was created and reviewed by ISACA volunteers.

Celebrating Women in Cybersecurity

Joanna Karczewska, a longtime ISACA member from Poland, recently visited with ISACA Now to discuss the book and her views on progress made by women in the cybersecurity field. The following is a transcript of the interview:

The Evolution of GRC

Back in the day, manual processes were dominant, with telex and fax being the most common mode of communication. As a result, risk governance was also focused on these ways of business processing.

The Trans-Atlantic Data Privacy Framework: A Significant Step Toward Reinforcing Transatlantic Cooperation, Setting a New Standard for Personal Data Protection

Global trade has been growing for decades, as most economies accelerated their globalization since the 1990s, using digital technology as a key catalyst that helped industries interconnect further and innovate.

Level Up Your Governance to Drive Business Growth

When you search for the term “cybersecurity” online, you get approximately 17 billion images of padlocks and shields – but what is this trying to communicate?

What Business Leaders Need to Know About Cybersecurity Preparedness

Many cybersecurity incidents occur when organizations think they’re doing the right thing.

The Future of Complex Legacy Enterprise Transformation

The process of manual programming has never been a perfect or exact science, and the resulting defects that occur along the way have long plagued the software development lifecycle and are therefore perpetuated in legacy systems.

Using SWIFT as a Lesson for the Cybersecurity Community

In February 2016, the world witnessed a sophisticated cyberheist in which the computer terminals of Bangladesh Bank, which interfaced with the Society for Worldwide Interbank Financial Telecommunication’s (SWIFT) communication system, were compromised.

Addressing the Biggest Challenges in Cloud Security

Gartner has predicted that by 2026 the public cloud expenditure will exceed 45 percent of all enterprise IT.

ISACA Seeks Input to Digital Trust Ecosystem Framework

If you do a Google search for digital trust, you’ll receive over 5.5 billion results; indeed, digital trust is a popular topic these days! Definitions of digital trust, however, vary widely.

Technology and the Democratization of Opportunity

Silvina Moschini visited with ISACA Now to discuss digital transformation, cloud adoption, corporate social responsibility and more.

Embracing the Possibilities of the Modern Business Landscape

Isabel Aguilera recently visited with ISACA Now to provide her perspective on technology’s role in shaping today’s business environment.

The Pandemic Era: A Period of Business Resilience

COVID-19 has markedly impacted the mitigation measures for business continuity and IT disaster recovery adopted by businesses over the last two decades.

What to Consider When Making the Step to the Cloud

Organizations that decide to take their entire IT landscape, or parts of it, to the cloud need to consider the different factors that need to be prioritized according to their needs.

Edwards: From a Compliance Mindset to a Performance Mindset

Edwards was an early adopter of the MDDAP program. The company’s Draper, Utah facility completed its first MDDAP appraisal in 2017 as part of the program pilot.

Using InfoSec Compliance Programs for Proactive IT Risk Management

Proactive IT risk management is crucial to maintain a successful business. This means implementing measures to identify and mitigate potential risks, continuously and reliably, before those risks can cause material (or worse, permanent) damage.

Aligning Business Objectives and Human Outcomes in Digital Transformation

Kate O’Neill, recently visited with ISACA Now to provide her view of human-centric digital transformation, how data should be integrated into companies’ business models and more.

Cyber Workforce: Out of the Ashes and Into the Fire

ISACA’s State of Cybersecurity 2022 report was published earlier this week, and it’s not looking too good for us good guys. For the third year in a row, the cybersecurity labor shortage looms large as the main focal point, casting its long, grim shadow across most of the report’s 40-plus pages.

Essential Tips for Staying Current on Cybersecurity Terminology

Navigating the language of cybersecurity is like trying to win an argument with someone you love. You must be open-minded, kind-hearted and committed.

Don’t Let Collaboration Tools Become a Red Carpet for Black-Hat Hackers

2020 was a unique year and most of us couldn’t wait to call an end to it for so many reasons, including the increased trends in cyberattacks – some of which targeted collaboration tools such as in the example I noted above.

How Auditors Fit into the Zero Trust Journey

"Zero Trust” is one of those security buzzwords making the rounds on the inter-webs recently, but what does it mean and why should security or IT audits teams start caring about this term? Traditionally, enterprises concern themselves with forming a layered defensive...

Evaluating Governance Over DevOps Practices

Auditors and related practitioners are always learning and prepared to pivot as new technologies and modes of software delivery are introduced.

Improving Cybersecurity Incident Response

Incident response handling procedures could use some improvement. By utilizing and practicing incident response exercises, organizations can put in place a strong and integrated response to incidents of varying types.

Embedding Digital Trust in Fintech: Seven Practical Steps

There has long been debate about whether innovation and risk management can coexist. For some digital pioneers, risk and compliance are synonymous with being a roadblock to innovation.

Vulnerability Management: Addressing Your Weaknesses Before They Can Be Exploited

As businesses continue to extend their digital footprints to support remote workers and deliver the products and services customers demand, the risk of a breach grows exponentially.

Exploring HackTown: A College for Cybercriminals

It’s becoming simpler for wannabe cybercriminals to catch a portion of the billions of dollars lost through fraud happening every year. All you really need is some Bitcoin knowledge, some free tools and no moral qualms taking from others.

Taking a Clear-Eyed View of the Road Ahead for Women in Security

ISACA member Reshma Devi recently visited with the ISACA Now blog to discuss her mindset about volunteering, her views on progress for women in the security industry and more.

My New Career Connection Through ISACA Mentorship Program

I have been a member of ISACA for over 10 years, and it has touched my life in many ways. When I first acquired the CISA certification in 2012, an avalanche of job offers followed!

Good Enterprise Governance Needs CGEIT: My Journey to Pass the Exam

I earned ISACA’s CRISC and CISM certifications in 2019 and 2020, respectively. I always feel a professional obligation to give back to ISACA global community through sharing my lessons learned after passing each exam – hopefully providing practical guidelines will be beneficial to professionals who are preparing to obtain these industry-recognized credentials worldwide.

Tensions Shine Spotlight on Protecting Critical Infrastructure

Given the tense security environment caused by Russia’s current attacks on Ukraine, threats to critical infrastructure are top-of-mind throughout the cybersecurity community.

Volatile Times Call for Heightened Cybersecurity Preparedness

The recent attacks on Ukraine are a daunting reminder that today’s battles occur on two fronts: the physical world and the digital one.

A Lesson for the Cybersecurity Community

With the numerous cyberattacks being reported in the news almost daily, I find it helpful to think of some words of wisdom from my grandfather.

Getting Creative with Maturity Models and COBIT 2019

Maturity models have become an area of personal interest in my professional practice. Maturity models can act as a common language that serves as a bridge between the business and the IT function.

Why Collecting the Right Metadata is Crucial for Scaling a Security Program

At Adobe, security is a critical priority for us, and we believe in defense-in-depth, which begins with monitoring — from collecting event logs and configuration data made available by public cloud providers, to logs from EDR systems and vulnerability scanning pipelines.

Auditing in a Virtual Universe

The Industrial Revolution in the 18th and 19th centuries came with a lot of transformations and innovations that gave rise to the use of machines and fundamentally changed the ways humans live.

Celebrating Five Decades of the ISACA Journal

The ISACA Journal is more than just a print and digital publication – for 50 years, it has served as a reflection of ISACA’s membership, in the view of Steven Ross.

Drilling Down on Data Protection and DPO Reporting

Cat Coode, founder of Binary Tattoo and an expert in global privacy regulation compliance, recently participated in a privacy-themed Ask Me Anything thread on ISACA’s Engage platform.

How to Navigate the Perfect Storm: Cyberthreats and Skills Shortages

Over the past two years in particular, the importance of cybersecurity has been globally recognized, and sophisticated cyberattacks have made international headlines.

Individual Behavior, Corporate Action and Sarbanes-Oxley

In recapping the history of the Sarbanes-Oxley Act (SOX) of 2002, discussions often include lists of the corporations whose actions led to enactment of this United States legislation. The terms “corporate scandal” and “corporate fraud” are used.

A Workplace Sea Change: Sizing Up The Next Normal

The workplace in February 2022 looks drastically different than it did even a year ago and is likely to be reshaped even further in the year to come.

Many Shades of a Common Problem: Privacy Rights Requests

DSARs, IRRs, Consumer Rights’ Requests, Derechos ARCO – if you broke out into a cold sweat reading any one of those, then this blog post is for you. Privacy requests are complex and burdensome in daily operations today, and only getting more prolific.

Insights into Environmental, Social and Governance (ESG)

Are we prepared for the Environmental, Social and Governance (ESG) challenge? Organizations are facing heightened expectations from interested parties such as regulators, customers, consumers, investors, community activists and others when it comes to ESG.

Leveraging Cybermaturity to Right-Size Cybersecurity

We hear the word “cybermaturity” tossed around quite often these days, but what does it mean? Cybermaturity is a state describing the sophistication, or rigor, of one’s cybersecurity capabilities and processes.

Aggravating Circumstances for an RCE Vulnerability: A Log4j Retrospective and Risk Landscape Evaluation

Information security teams were forced to respond over the holiday as an Apache Log4j zero-day vulnerability was discovered and socialized across the infosec community.

Understanding the Importance of Effective Board Communication

For any cybersecurity framework to be successful, it is essential that the chief information security officer (CISO) or equivalent figure be able to simply communicate with top management the state of security in the organization, present an improvement plan, justify it with the risk assessed and request the necessary resources.

Simplify and Contextualize Your Data Classification Efforts

In the CISO Desk Reference Guide, I noted how critical the concept of “context” is to security programs. The same holds true for our organizations and their respective privacy programs.

Achieving Workforce Diversity in Cybersecurity

In the current global landscape of near daily announcements of cyberattacks, organizations can no longer just sit back and wait for employees to find them; they must be proactive.

The Weakest Link in the Cybersecurity Chain: Are You Aware of It?

Recently, there was a debate on our audit team regarding the increased amount of cybercrime during the pandemic and the best ways to handle it.

My Guide to Passing the CISA Exam

Becoming CISA-certified in the first attempt is not an easy task, but it can be passed simply by following a dedicated and structured study plan.

Plenty of Progress Still Needed on the Privacy Landscape

2021 was an eventful year for privacy with the emergence of new legislation such as the California Consumer Privacy Act, Brazilian General Data Protection Law and China Personal Information Protection Law.

What Is a Risk Heat Map & How Can It Help Your Risk Management Strategy

In the early 2000s, pharmaceutical company GlaxoSmithKline (GSK) was facing a serious risk: One of its manufacturing plants did not meet the requirements of current good manufacturing practices (CGMP).

Charting a Course for Digital Trust

As we begin this new year, we’re also in the early stages of executing on a new strategic plan that will shape ISACA’s focus in 2022 and the coming years.

Enablers That Propelled Our Careers to a Higher Level

Undoubtedly, ISACA is cultivating the next generation of digital trust professionals as it is a one-stop-shop for top-notch industry-recognized credentials, pieces of training that bridge the gaps between what people learn in university and the practical skills required to perform tasks at work.

Technology Control Automation: Improving Efficiency, Reducing Risk and Strengthening Effectiveness

A principal component of a sound risk management framework, particularly in highly regulated institutions, is an effective control testing program.

Code of Conduct: An Effective Tool for GDPR Compliance

We are three+ years out from the EU General Data Protection Regulation (GDPR) taking effect. While many organizations are still new to or struggle with GDPR, a more recent milestone could shed light on this development for privacy practitioners and implementors.

Is Agile Auditing a Sure Thing for Internal Audit?

Operational innovation. Business resilience. Operational disruption, possibly resulting from third-party management issues like suppliers’ solvency, compliance, service/product quality and even suppliers’ behavior (if your enterprise happens to be subject to the UK Bribery Act or similar legislation).

Maintaining Your Compliance Strategy During (and After) CISO Turnover

Amidst the “Great Resignation,” employees across industries — and experience levels — are reconsidering their relationship with work.

Foundation in Place for a Promising Year Ahead

Happy New Year, ISACA community! The year ahead holds great promise, but before we turn our attention to all there is to look forward to in 2022, let’s briefly reflect on how we’ve reached this point.

A Bird’s Eye View of Cyberinsurance Plans

Most cyberattacks launched by hackers result in financial repercussions for the organization and cause disruption of its critical assets and services.

Online Education From a Security Risk and Controls Perspective

The internet and the subsequent online revolution have led to the digitization of almost every aspect of human life; education is no different.

Recognizing the Customer’s Responsibility in a Shared Responsibility Model

Every industry, regardless of size, is eager to realize the benefits of the cloud. The cloud providers’ ability to move from a Capital Expenditures (CAPEX) model to Operating Expenses (OPEX) is not all about upfront cost savings, which the cloud platforms offer.

Can a Risk Register Focused on Information Security Be Readable by Senior Management?

The idea of a risk register used in a practical and effective way is an expectation of the ISACA’s Certified in Risk and Information Systems Control® (CRISC®) certification.

How to Enable DICE and TPM for Optimal Security

By 2030, more than 24 billion Internet of Things (IoT) devices will have entered our cities, workplaces and homes, according to Transforma Insights. For years, I have been working to make sure that these devices have a healthy immune system so that they can defend against malicious attacks.

Cybersecurity in Arbitration

Arbitration is a process of resolving a dispute between two or more parties through one or more arbitrators to obtain a legally binding decision outside of court. The proceedings and awards remain confidential.

Assessing and Improving Information Governance Maturity Across Emerging Data and Cloud Systems

Organizations are concerned about the impact of rapid digital transformation on their data privacy, security, compliance and legal risk.

Log4Shell Update and Resources

In the past week, you’ve likely seen multiple headlines about a new major security vulnerability. Log4j is an open-source logging framework built on Java coding language that is used by approximately one-third of all webservers. On 9 December, a flaw in the code was discovered and rated a 10 out of 10 on the Common Vulnerability Scoring System (CVSS) due to its possible impact. 

The Importance of VPN Technology Assurance

Virtual Private Networks (VPNs) for many years have already been in place in almost every organization. Their use has been mostly limited to functioning as site-to-site tunnels between offices and third-party organizations, providing remote access of IT specialists for incident/change...

Central Bank Digital Currency and Governments’ Quests for Control

According to National Geographic, “An adaptation is any heritable trait that helps an organism, such as a plant or animal, survive and reproduce in its environment.” Eucalyptus trees survive the wildfires of the Australian forest because of their thick, multilayered barks that act as insulation against heat.

Qualities of a Trusted Information Systems Auditor

The information systems auditor’s journey is one of exploration because each time we encounter new risks, processes and controls, they become a part of our work.

Data Minimization: An Approach to Data Governance

Data has fueled the hockey stick-shaped growth of enterprises worldwide, probably leading to the much-adopted phrase data is the new oil. But recent high-profile data breaches and the rise of data protection regulations have made data into a double-edged sword to be wielded with extreme care.

Compliance Versus Risk: Why Choosing the Right Approach is So Important

Most organizations have now realized the critical importance of cybersecurity risk management.

A Holistic Training Approach That Helps Enterprise Governance Thrive

If you have been on your professional or social networking sites in the past several months, you might have noticed that many of your colleagues are posting about their newly acquired certifications.

The Challenging Task of Auditing Social Media

A request to audit social media is rarely confused with a pleasant sunny day at a picnic. It is fundamentally an audit of the organization’s marketing department, which comes with challenges as marketers are not always following best practices of internal controls.

Log4shell Vulnerability Highlights Critical Need for Improved Detection and Response Policies and Procedures

A zero-day vulnerability of Log4j (CVE-2021-44228), an open-source, Java-based logging utility widely used by enterprise applications and cloud services, recently came to light.

Three Key Priorities for Emerging Tech Practitioners in 2022

Regardless of where somebody specializes in the IT field – whether an audit, risk, privacy, governance or security practitioner – the impact of emerging technology is becoming increasingly relevant.

Wanted: Experienced, Passionate Leaders for ISACA Board of Directors

There’s a saying when it comes to what makes an effective board of directors: Noses in, fingers out. That’s the approach the ISACA Board of Directors takes, meaning the Board is responsible for governance and oversight for the organization, but we steer clear of the operational execution.

Three Key Priorities for Governance Practitioners in 2022

The accelerating technological advancements and digital transformation did not reduce its pace in 2021 and it does not figure to in 2022, nor for the foreseeable future.

Three Key Priorities for Cyberrisk Practitioners in 2022

It’s that time of the year again where people are making prognostications about what will happen in the new year.

Three Key Priorities for Privacy Practitioners in 2022

Each year privacy professionals have more and more issues to address. Existing privacy risks never really go away. They simply lurk beneath the new issues that claim the attention of privacy pros until the time is prime to exploit those old vulnerabilities.

Three Key Priorities for Cybersecurity Practitioners in 2022

The availability of security talent — or lack thereof — has emerged as the key limiting factor in information security’s ability to secure the modern business.

Three Key Priorities for Audit Practitioners in 2022

These past two years have been a stretch for everyone. Most are still learning how to work differently and re-evaluating their strategies to get the best out of the worst season.

Cyber Defense Strategies 4.0 Incorporating AI Technology

In the age of Industrial Revolution 4.0, cybersecurity has become a more pressing and disturbing concern for both boards and senior management globally.

Data-Driven vs. Data-Informed: How Auditors Find the Right Balance

Data is a powerful thing. Consequently, the role that data analytics play in today’s audit profession cannot be emphasized enough, especially in light of digital transformation across different industries.

Cybermaturity: A Path to Right-Sizing Cyber Practices

The concept of cybermaturity has gained increased attention in recent years, while still not being well-understood in many circles across the industry.

Case Study: How ASELSAN MGEO Improved Design and Management Processes with CMMI V2.0

Defense contractors and general manufacturers across the globe that are looking to improve overall design and management processes or upgrade their cybersecurity maturity level can do so with ease and efficiency – even during a pandemic.

Six Steps to a Mature Policy Management Program

When the reality of the pandemic sank in, and people shifted to remote working nearly overnight, companies had to rethink the data and technology policies written for a typical office working space. Some organizations were scrambling to make updates, while others already had a policy management program to guide them through this event.

Privacy in Greater Peril

There is a saying that states “May you live in interesting times,” but it is considered to be a curse. Unfortunately, we are living through a particularly interesting period that is turbulent, high risk and oftentimes devastating.

Imagining Audit Tech With AI

As an experienced professional who has worked with pharmaceutical, medical device, financial service, government, retail and hedge fund organizations, it did not take me many years to realize that audits and assessments were largely manual, tedious and intensive activities.

Changing the World on ISACA CommunITy Day

The first Saturday in October has become my favorite day of the year at ISACA. Every year, thousands of ISACA members and their families join together to perform local community service, and we track those efforts to measure the collective impact we have when we work together – even while apart.

Acronyms Only Scratch the Surface of What ISACA Stands For

ISACA itself is an acronym, formerly standing for the Information Systems Audit and Control Association. And of course, we’re well known for our global portfolio of IT certifications – CISA, CISM, CRISC, CGEIT, CDPSE, CET, ITCA – not to mention the COBIT framework.

COBIT’s Value for Small and Medium Enterprises

If one or more of the statements below reflects your thoughts on COBIT®, you should investigate the latest ISACA publication, COBIT for Small and Medium Enterprises (SMEs).

Why the Cloud Market is Booming

Cloud computing and the extended cloud service industry have become mainstream in today’s IT industry

Cybermaturity and Protecting Against Ransomware

Ransomware continues to dominate the headlines in both cybersecurity journals and mainstream media.

The Latest Trends for Master’s Students In IT and How To Leverage Them

There are many reasons people in the IT industry choose to pursue further education. It could be because of the pursuit of knowledge wanting to get ahead of the trends. Or it could be because of the financial aspect – the promise of a promotion or a higher pay that comes with the master’s degree. 

Challenge Underlying Security Assumptions

Ted Harrington runs Independent Security Evaluators (ISE), the elite security researchers who pioneered car hacking, were first to exploit the iPhone, first to exploit Android OS, pioneered medical device hacking, and run hacking event IoT Village.

The Influence of the NIS2 Directive In and Outside of the EU

Recent years have been active for legislators all over the world when it comes to cybersecurity and privacy regulation.

New Opportunities Await ISACA Members in 2022

With Membership and Certification renewals right around the corner, I wanted to take a moment and preview some of what you have to look forward to in 2022!

Planning for Multiple Futures at Once

Nikolas Badminton, a keynote speaker at ISACA’s EVOLVE emerging tech virtual conference, taking place 16-17 November, recently visited with ISACA Now to share his perspective on the business technology landscape.

Talking to Alan Turing About Artificial Intelligence

Talking to Alan Turing About Artificial Intelligence

Is it enough that a computer can be called intelligent if it can deceive a human into believing that the computer is human? Maybe not.

Understanding the Information System Contingency Plan

There has been increasing discussion around and occurrences of ransomware, a new and very costly cyberthreat (which I discussed in “Ransomware Response, Safeguards and Countermeasures”).

Exploring Blockchain Forensics

In technical terms, blockchain forensics is the use of science and technology to investigate and establish facts in criminal or civil courts of law.

Building a Strong Risk Culture in the New Normal

The current times are challenging for many organizations in terms of adjusting their frame of mind to working in a hybrid manner (i.e., from home and in the office), keeping abreast of new guidelines from local regulatory and government authorities and managing operational risk.

Four Levers to Drive a Cyber-savvy Culture

In 1898, The New York Times published a fascinating article, “An Old Swindle Revived,” which lamented the rising number of Americans who were falling victim to a resurgent 30-year-old scam.

A Strategy for Tackling ISACA Certification Examinations

ISACA offers several certifications in technology areas related to IT governance, information security, information system audits, privacy, risk management and emerging technologies.

Delivering Company-wide Security through Cross-collaboration

You’ve just been directed by your CISO to create a set of operational security standards. Where do you even begin?

Taking Fakeness to New Depths with AI Alterations: The Dangers of Deepfake Videos

Even if you haven’t heard the term before, chances are you’ve come across dozens of deepfake videos online and maybe didn’t know it.

Head In The Clouds: Seeing Cloud Security Risks Clearly

Businesses have transitioned huge swaths of their operations to the cloud in recent years, and the messaging around the shift has included at least one key pitch: the cloud is more reliable and more secure than legacy technology.

Fascinating Numbers: How COBIT 2019 Helps Set Targets and Measure IT Performance

Since I was a child, I have been good at mathematics and my sister, who is one year older than me, has often taken advantage of this by explaining theories to me in order to do her homework. I did not mind because numbers always fascinated me.

Addressing New Operational Resilience Requirements of the EU-DORA Proposal

In 2020, the European Union (EU) published a proposal on digital operational resilience known as EU-DORA. EU-DORA, albeit a proposal only, marks a turning point in EU banking regulation as it introduces wide-ranging new requirements in several areas and combines earlier singular regulatory provisions.

Qualitative vs. Quantitative Risk Assessment

With the ongoing impact of the COVID-19 pandemic in today’s business ecosystem, the value of decision making by using risk-oriented thinking has emerged more clearly and precisely.

Key Pointers For a ‘People-First’ Transformation

So much has changed in the past decade of technology. Remember early iPhones, or the first generation of social media platforms just hitting the mainstream?

Patching Security Awareness: Human Traits as Vulnerabilities

October is Cybersecurity Awareness Month, a time of year when security awareness improvement actions become especially prominent.

How to Prepare for and Pass the CISA Exam on Your First Try

In life, it is very easy to spot a certain model and brand of car if that is what you are yearning to have.

Business Continuity Planning: Finding a Better Way

Although the details change on a case-by-case basis, a large number of organizations in some parts of the world have begun to reinstate pre-pandemic business operations in some form or another.

Pass the IT Risk Fundamentals Certificate Exam on the First Attempt

To any exam-taker, it is always magnificent after completion of your test to view the screen displaying “You Passed.”

The Power of Goal-Setting and Re-Imagined Communication

Vinh Giang, a keynote speaker at ISACA Conference Europe 2021, recently discussed themes of perspective, empowerment, goal-setting, and positive mindset to encourage others to believe in the possibility of positive change with ISACA Now.

Using Security Terminology Correctly

Every profession has its own language/vocabulary, whether it is the medical profession, lawor information technology.

The Ethics of Artificial Intelligence

Artificial intelligence (AI) is intelligence demonstrated by machines as opposed to the natural intelligence displayed by humans or animals.

Seven Tips for Protecting Your HIPAA Database

Protecting confidential data is a top priority for every industry, but when it comes to the healthcare industry, the regulations and compliance requirements that are in place require stringent data protection measures.

Understanding Third-Party Management

Outsourcing IT to a platform as a service (PaaS) is incredibly popular with organizations that want to focus on other essential business processes.

How Can the Relationship Between Risk, Control and Maturity Create Value?

Sometimes the world of internal control is associated with the color gray—an environment of repetitive, boring and ineffective activities.

When Are Virtual Chief Information Security Officers the Right Choice?

Cybersecurity executive management and leadership are a key component to securing an organization’s infrastructure and assets properly.

Building the Sustainable Innovations of the Future

Shivvy Jervis, Futurist & Founder of the FutureScape 248 laba, recently visited with the ISACA Now blog to discuss the job landscape of the future, what makes innovations sustainable, her past work with the United Nations and more.

Five Considerations for Leveraging the Unified Compliance Framework

The compliance landscape is constantly shifting, and companies are often challenged to meet the requirements of multiple regulations and frameworks.

CRISC and My Career Path Dedicated to Risk and Controls

Throughout my years working in risk and controls, the two constants that helped propel my career have been demonstrating professional knowledge and enabling opportunities.

Cloud Auditing 101: How Do I Get Started?

We’re entering what feels like a new era in re-inventing how we once worked. Pre-2020 seems like a lifetime ago, and not only are organizations accelerating their cloud adoption, we as practitioners are re-examining our own careers and skills.

An IT General Controls-Based Audit Approach for Blockchain

From an audit standpoint, there are many different focal points for blockchain. Fortunately, looking at blockchain from the perspective of IT general controls (ITGCs) makes auditing blockchain more manageable and simpler.

Modernizing IT Operations for the Digital Age

The IT discipline has evolved in an unanticipated pace during the last decade, and it is still evolving, forcing both development and operations teams to adapt to this new digital age that is centered around delivering value faster, cheaper and better.

Embracing the Next Step in My ISACA Journey

My introduction to ISACA was simple enough – a friend of mine recommended I pursue the Certified Information Systems Auditor (CISA) certification back in 2003.

The Non-Human Path to an Effective Insider Threat Program

An insider threat program may seem like something from the Philip K. Dick story “The Minority Report,” where three precognitive individuals (precogs) identify criminals before they commit the crime and the precrime police force arrests the identified criminals to prevent the crime from occurring.

Making the Security Conversation More ‘Feature-Driven’

A constantly changing security landscape driven by increasingly persistent threats, growing attack sophistication and tighter compliance requirements keeps both the security and product teams at Adobe busy.

The Complexity Conundrum: Simplifying Data Security

As technology continues to evolve at an accelerating pace, unprecedented situations like the COVID-19 pandemic have further cemented our digital way of living and doing business. With digitization, there has been massive data proliferation and growth of data repositories.

How IT Auditors Can Avoid Becoming Prey in the Corporate Jungle

“Survival of the fittest,” a phrase first coined by Herbert Spencer after reading Charles Darwin’s On the Origin of Species, describes what may be called the cardinal rule of the jungle. Darwin used it to describe the process of natural selection.

Leading a Business and Raising a Family: 5 Ways to Maintain the Balance as a Boss Mom

If you’re a woman—especially if you’re both a working boss and a mom—I bet you can relate to Beyoncé’s hit “Run the World (Girls),” a proud shout-out to female strength and empowerment.

Key Considerations in an Era of Remote and Hybrid Workforces

COVID-19 has changed the way we live, think, work and operate in a way that was never envisioned. Many organizations have now embraced the hybrid model, with employees splitting time between in-office and remote work.

Does Your Organization Have a Risk-Aware or Risk-Blame Culture?

In this blog post, I would like to share with you some of the scenarios to recognize if we are instead in blame culture organizations when it comes to risk management.

Seeing the Impact of Change in Real Time

Shawn Rhodes, TEDx Speaker and a nationally syndicated columnist, recently visited with ISACA Now to discuss the evolving risk landscape, managing change and more.

AI Looms as Major Variable on Cyberthreat Landscape

Artificial intelligence is one of those big, scary topics that can incite fear, excitement, or a bit of both. Security professionals such as myself wonder how increased usage of AI and machine learning will help to shape the future state of our work.

Privacy By Design: How Far Have We Come?

One can hardly consider any part of the data value chain today – from data acquisition to data archiving or disposal – without considering privacy.

Is Blockchain the Ultimate Cybersecurity Solution for My Applications?

Blockchain technology can offer important cybersecurity benefits, such as reducing cyberattacks, and it has recently created a lot of hype as a panacea for all the current challenges related to information security.

New Points of Connection for ISACA's Global Community

Whether it is our chapters collaborating in new ways, the rise of virtual and hybrid conferences, or growing traction on the Engage platform, ISACA’s global community has come even closer together despite the challenges brought on by the pandemic.

A Nuanced View of Risk Response

Managing risk is not easy despite it often being considered “common sense” since we do risk assessments all the time in our day-to-day life.

How IoT Has Changed, and Why It’s Still Considered ‘Emerging Tech’

Even though the IoT originated 15 years ago, organizations in 2021 continue to define IoT as an emerging piece of technology.

Wanted: A Cybersecurity Upton Sinclair

The drumroll of ransomware attacks featured on the evening news, such as the recent Kaseya incident or the Colonial Pipeline incident in the US, has brought the issue further into the public’s awareness.

Rethinking Cyberresilience

The National Institute of Standards and Technology (NIST) Special Publication 800-160 has caused organizations to do some rethinking when it comes to cyberresilience and disaster recovery, and what this standard means to existing plans.

Bridging the Gap Between Security and the Business: A New Approach to Business Risk Quantification

In the security arena, today’s teams have to navigate significant layers of complexity, contending with too many different standards and too many disparate technologies. When we talk about security, we have a lot of buzzwords, catchphrases, and, of course, acronyms, which too often serve to compound the confusion.

What Do CIOs Want from IT Newcomers? Adaptability

How can recent graduates and other newcomers to IT fields make an impression on CIOs and other enterprise technology leaders who are looking to hire? Josh Hamit, vice president and CIO with Altra Federal Credit Union, recently visited with ISACA Now to describe what characteristics he finds most promising in early-career candidates.

Let Your Data Spark Joy

One day I was having a conversation with my friend Takaya regarding holiday plans during the global pandemic. I figured since there’s nowhere to go, I might just try Marie Kondo’s life-changing magic of tidying up. Plus, the person I was speaking with is also a privacy fanatic like me...

How AI Can Make Your Office More Safe and Secure

It’s hardly news that artificial intelligence has amazing potential to boost organizations’ productivity and workflows

A (Kind of) Quantitative Approach to Organizational Risk Tolerance

At times it seems risk tolerance relates to the famous quote on congressional accomplishments, “When all is said and done, there is a lot more said than done.” This is likely because the term is often used qualitatively. That is, we describe one organization as more or less risk tolerant than another without addressing how much more or less.

Architecting COBIT for Governance Success

While I was in the process of implementing the ISO 27001 standard for a mission-critical healthcare system for one of the major health care organizations in India, I became COBIT-certified, and I took the opportunity to use COBIT to ensure compliance not only in an ISO 27001 audit but also in the privacy assessment that the organization was undergoing at the same time, which was conducted by a government agency.

Three Ways the IT Department Can Boost Customer Retention

When a business’s decision-makers develop a customer retention strategy, they typically involve certain critical team members such as the marketing director, in these discussions.

Did the FBI Hack Bitcoin? Deconstructing the Colonial Pipeline Ransom

On 7 May, 2021, Colonial Pipeline, a US oil pipeline system, that mainly carries gasoline and jet fuel to the southeastern United States suffered a ransomware cyberattack that impacted the computerized equipment that managed the pipeline.

Transformation Goes Beyond Hardware, Software

Technology drives everything that we do at ISACA – whether that is powering members’ pursuit of a career-changing certification, providing an array of flexible virtual learning opportunities, offering support and resources for our global chapters – the list goes on.

Mountain Climbing and the CGEIT Exam: Relishing the Journey

Studying for a certification is not so different from any other endeavor, whether it be professional or personal. One of my hobbies for over a decade has been hiking mountains of all shapes and sizes.

Accounting for Cyber Fraud Risks During Audit Planning

With a changing global economic outlook, there has been a correlated shift in the fraud landscape, and how audit leaders should manage it. An assessment of fraud possibility is a requirement when carrying out an audit engagement, after all.

Is Traditional Detection and Response Reliable?

I have been in the security industry and helped customers with their cybersecurity business challenges for the last 15 years; therefore, I have had the opportunity to witness and experience the evolution and modernization of attack vectors, the evolution of advanced tactics and techniques and the expansion of the attack surface.

How IOT Opportunities and Risks Will Evolve in a Post-Pandemic Environment

According to the World Economic Forum, the number of connected devices exceeded 50 billion last year.

Redefining Effective Project Management

As we undergo a digital transformation at ISACA, one key element has been strategic project management.

How Mid-Sized Businesses Can Overcome Cybersecurity Challenges

Growing cybersecurity concerns, combined with regulation and compliance challenges, are a problem for enterprises of all sizes including mid-sized companies.

ISACA Talks Digital Transformation

ISACA hosted a LinkedIn Live discussion last week regarding new strategies that are being developed and implemented as part of ISACA’s ongoing digital transformation, and how those efforts will benefit members.

How Cloud-Based Mobile Device Management Supports Remote Working

Years ago, companies managed their devices manually and often using solutions allowing capabilities for device management activities.

Rethinking Risk Response in the Digital Enterprise

What does the term risk response, or risk treatment, as it is sometimes colloquially known, suggest (especially the word “treatment”)? If you are like me, treatment probably signifies risk is something that is bad, like a disease, and hence needs to be treated, or worse is like industrial effluent that needs treatment before being released into nature.

Metrics that Matter: Measuring Organizational Performance in a Post-Pandemic World

There’s no question that environmental, social and corporate governance (ESG) is on the minds of almost every board member and C-suite leader, but it has expanded beyond the boardroom and is now also top of mind for investors and consumers. This all happened—or at least was accelerated—as a result of the COVID-19 pandemic.

Leverage COBIT and ITIL for Customer-Centric, Connected and Collaborative Organizations

The information and technology (I&T) industry has operated in a changing environment for decades, but it wasn’t until the recent convergence of many disruptive events that forced us to rethink our governance models.

Practice Healthy Career Hygiene

Just like the way hygiene is comprised of conditions or practices conducive to maintaining health and preventing disease, especially through cleanliness, the practice of career hygiene is no different when it comes to preventing career risk, building career capital and maintaining a healthy career.

Understanding Blockchain Risks and the Coming Wave of Enterprise Adoption

In collaboration with AICPA & CIMA, ISACA published a joint white paper in April entitled “Blockchain Risk: Considerations for Professionals,” an important work that describes and provides background about specific risks related to blockchain implementation and operation.

The Case for Stackables in Addressing the Skills Gap

I have written before about how there are fractures in our current education system, globally, and how the skills gap continues to widen as there is misalignment between what students are taught in universities and what companies need and expect.

Preserving Privacy With New Technologies

New technologies for data protection can arm innovative enterprises to win in an ever-changing, increasingly competitive digital economy.

Serving ISACA is Baked into My Professional DNA

Many in IT fields fixate on the new technology and tools that are regularly trumpeted to help us keep pace with new challenges. While the allure of technological innovation draws our attention, we often forget that technology must complement the people and processes...

Building a Successful Strategy for the CDPSE Exam

Evolving privacy regulations and technology require companies to implement privacy by design and by default into products.

Cyberresilience: A Critical Cybersecurity Capability

The rapid evolution of cyberthreats leaves the gamut of risk assessment efforts undertaken by organizations inadequate in addressing cybersecurity concerns.

The Importance of Risk Assessments and Risk-Informed Decision Making

Recently, I wrote about the concept of “just enough security” and mentioned how “striking the balance between too much, not enough, and just enough security is no cakewalk.”

Four Things I’ve Learned as an Early-Career Professional To Help Create Trust

As an early-career professional, I have learned – through experience and an amazing set of mentors – that two of the most crucial qualities that can impact your career opportunities are: Integrity and Credibility.