Naomi receives a report of smishing. what type of attack should she be looking for?

Video

The Circle of Failure: Why the Cyber Security Industry Doesn’t Work

Richard Hollis, Director of Rick Crew, is serious about asking the tough questions. ISACA’s Jon Brandt welcomes him to the ISACA podcast to have a conversation that challenges the status quo: Does the Cyber Security Industry work? After decades of experience in the security industry, Richard asks, “have I affected any change?” Richard points out that if we buy a toaster at the store and it doesn’t work, we return it, but as security professionals, we don’t hold products to the same standards. Why is this? Jon and Richard go back and forth on FUD, vendors, false positives, and where accountability lies in the industry. Join Richard and Jon in the conversation to think about how we can affect the positive change that we want to see in our industry in the future! To read Richard's full report, please visit www.isaca.org/the-circle-of-failure. To listen to more ISACA podcasts, visit www.isaca.org/podcasts.

141 Views • 5 days ago

Video

Enabling Digital Trust through Canada's Digital Charter

Data are the lifelines of a digital economy. They drive innovation, enabling cutting-edge research and next-generation technologies, including artificial intelligence (AI), robotics, and the Internet of things (IoT). But these opportunities introduce new sources of risk that must be managed appropriately. Canadians are raising important questions such as, “How will personal data be used?” and “What controls are in place to safeguard privacy and security?” To encourage innovation within the digital economy while managing this risk, the Government of Canada has established the need for digital trust between citizens and organizations as an enabler by implementing a Digital Charter. As the Canadian government cites, “Trust is the foundation on which our digital and data-driven Canadian economy will be built.” This digital trust is defined by the “confidence that users have in the ability of people, technology, and processes to create a secure digital world. Tune into this ISACA Podcast as the Acting Director of Internal Assurance at the Office of Enterprise Risk & Assurance of the University of British Columbia (UBC), Mary Carmichael, join’s ISACA’s Safia Kazi to explore topics including what is the Digital Charter and how it supports digital trust; what are critical elements of the Digital Charter (e.g., AI Ethics, Privacy, Principles for the Digital Economy); what are the implications for organizations and the public. To read Mary’s full-length article, visit https://www.isaca.org/enabling-digital-trust-with-canadas-digital-charter. To listen to more ISACA podcasts, visit https://www.isaca.org/podcasts.

49 Views • 1 month ago

Video

Foco de la industria - Arnulfo Espinosa Dominguez, Parte II

El vicepresidente del Capítulo Monterrey de ISACA y Director de Auditoría y Fraude de TI de uno de los Grupos Financieros más grandes de México, Arnulfo Espinosa Domínguez, se une a Jocelyn Alcantar de ISACA para compartir muchas cosas que ha aprendido durante sus 20 años de experiencia profesional en la industria. Habiéndose dado cuenta del valor de la información a una edad temprana, Arnulfo ha forjado su camino dentro de la comunidad de TI. Es un formador acreditado para múltiples certificaciones, asesor independiente y presidente de varios comités de Ciberseguridad, Riesgo y Auditoría, y es reconocido mundialmente por un apodo que sus compañeros le han dado, "El AudiTHOR". Como voluntario de ISACA desde hace mucho tiempo y orador de conferencias, Arnulfo ha sido premiado en numerosas ocasiones por sus destacados logros. En 2019, se le otorgó el "Premio al Líder de Capítulo Sobresaliente" (Outstanding Chapter Leader Award) de ISACA, en 2020, recibió el "Premio John Kuyers al Mejor Orador" (John Kuyers Award for Best), y recibió el mayor logro, el "Premio Salón de la Fama de ISACA" (ISACA Hall of Fame Award) en 2021.  ¡Únase a la escucha de este episodio mientras Arnulfo ofrece sus mejores consejos y prácticas para convertirse en un orador excepcional, consejos sobre cómo los profesionales emergentes pueden entrar en la industria, y cómo su alter ego, AudiTHOR, alimenta su pasión por la auditoría! Para leer más sobre Arnulfo, visite www.isaca.org/resources/news-and-trends/isaca-now-blog/2020/iamisaca-from-rock-star-to-speak-star Para escuchar más Podcasts de ISACA, visite www.isaca.org/podcasts

184 Views • 3 months ago

Video

Foco de la industria - Arnulfo Espinosa Dominguez, Parte I

El vicepresidente del Capítulo Monterrey de ISACA y Director de Auditoría y Fraude de TI de uno de los Grupos Financieros más grandes de México, Arnulfo Espinosa Domínguez, se une a Jocelyn Alcantar de ISACA para compartir muchas cosas que ha aprendido durante sus 20 años de experiencia profesional en la industria. Habiéndose dado cuenta del valor de la información a una edad temprana, Arnulfo ha forjado su camino dentro de la comunidad de TI. Es un formador acreditado para múltiples certificaciones, asesor independiente y presidente de varios comités de Ciberseguridad, Riesgo y Auditoría, y es reconocido mundialmente por un apodo que sus compañeros le han dado, "El AudiTHOR". Como voluntario de ISACA desde hace mucho tiempo y orador de conferencias, Arnulfo ha sido premiado en numerosas ocasiones por sus destacados logros. En 2019, se le otorgó el "Premio al Líder de Capítulo Sobresaliente" (Outstanding Chapter Leader Award) de ISACA, en 2020, recibió el "Premio John Kuyers al Mejor Orador" (John Kuyers Award for Best), y recibió el mayor logro, el "Premio Salón de la Fama de ISACA" (ISACA Hall of Fame Award) en 2021.  ¡Únase a la escucha de este episodio mientras Arnulfo ofrece sus mejores consejos y prácticas para convertirse en un orador excepcional, consejos sobre cómo los profesionales emergentes pueden entrar en la industria, y cómo su alter ego, AudiTHOR, alimenta su pasión por la auditoría! Para leer más sobre Arnulfo, visite www.isaca.org/resources/news-and-trends/isaca-now-blog/2020/iamisaca-from-rock-star-to-speak-star Para escuchar más Podcasts de ISACA, visite www.isaca.org/podcasts

105 Views • 3 months ago

Video

Why (And How to) Dispose of Digital Data

The stakes are too high for organizations not to comply with data privacy regulations,” Bassel Kablawi states in his article, "Why (and How to) Dispose of Digital Data." As the Information Security and Data Privacy Consultant for System Solutions, Bassel Kablawi has the knowledge and experience to determine that the value of data disposal can help an organization protect personal data from being exposed and why the final step in the Data Lifecycle could be considered the most crucial. Bassel takes us on a deep dive into digital data with ISACA's Safia Kazi on the five stages of data disposal in this ISACA podcast episode. He explains why it is essential to understand that destruction should be performed based on an organization’s retention policy and the five main disposal methods of data, which include date anonymization, data deletion, data crypto shredding (for encrypted data), data degaussing, and data destruction. Tune in to hear Bassel explain why data destruction is critical to developing digital trust with customers and stakeholders and could save an organization’s reputation. To read Bassel's article, please visit: www.isaca.org/resources/news-and-trends/industry-news/2022/why-and-how-to-dispose-of-digital-data To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

128 Views • 3 months ago

Video

Industry Spotlight - Johann Dettweiler, Part II

Link to Part I: https://youtu.be/jWGT03ftV58 In this ISACA podcast episode, we connect with TalaTek Director of Operations Johann Dettweiler to discuss his almost two decades of experience across multiple industry fields, his involvement in FEDRAMP compliance, and why the next generation should focus on adding certifications to their resumes. Johann tells ISACA's Keith Karlsson that it was his work ethic and guidance of a trusted mentor that provided an opportunity in the IT security field. In less than 12 months, he racked up multiple impressive certifications such as CISSP, CCSP, and CEH that rapidly advanced his career and, as he explains it, allows him to be “the person that everyone hates because I tell you what is wrong with your system.” Johann’s strong background in research and his constant quest for knowledge about this evolving industry, he is more than willing to provide listeners with his efficiency hacks to stay productive, motivational career advice, and why the next-generation cyber professionals may have an advantage over him. Tune in now to meet Senior Security Information Security Consultant Johann Dettweiler. To learn more about Johann, visit https://talatek.com/project/johann-dettweiler/ To listen to other ISACA Podcast episodes, visit www.isaca.org/podcast

165 Views • 3 months ago

Video

Industry Spotlight - Johann Dettweiler, Part I

Link to Part II: https://youtu.be/Dhr-VAFid-E In this ISACA podcast episode, we connect with TalaTek Director of Operations Johann Dettweiler to discuss his almost two decades of experience across multiple industry fields, his involvement in FEDRAMP compliance, and why the next generation should focus on adding certifications to their resumes. Johann tells ISACA's Keith Karlsson that it was his work ethic and guidance of a trusted mentor that provided an opportunity in the IT security field. In less than 12 months, he racked up multiple impressive certifications such as CISSP, CCSP, and CEH that rapidly advanced his career and, as he explains it, allows him to be “the person that everyone hates because I tell you what is wrong with your system.” Johann’s strong background in research and his constant quest for knowledge about this evolving industry, he is more than willing to provide listeners with his efficiency hacks to stay productive, motivational career advice, and why the next-generation cyber professionals may have an advantage over him. Tune in now to meet Senior Security Information Security Consultant Johann Dettweiler. To learn more about Johann, visit https://talatek.com/project/johann-dettweiler/ To listen to other ISACA Podcast episodes, visit www.isaca.org/podcast

302 Views • 3 months ago

Video

Industry Spotlight - Dr. Blake Curtis Part II

Link to Part I: https://youtu.be/AE-FykwzviU Author, editor, speaker, and educator, Dr. Blake Curtis is joined by Red Cross’s Senior Internal Auditor Niki Gomes to talk about everything from growing up in a small town to completing his master’s degree in 10 weeks and publishing his 600-page dissertation in this ISACA Industry Spotlight episode. In a meaningful conversation, Blake discusses how surviving a near-death experience transformed and motivated him to expand his understanding of what it means to be a human. He was inspired to supercharge his learning, career journey, and personal growth. Making the decision to become intentional in every interaction and giving 100% of his effort in every initiative, he blazed his path to success. At the 2022 ISACA North America Conference, Blake presented his findings from his ground-breaking and internationally known dissertation, "The Next Generation Cybersecurity Auditor.” His research discovered a technical competency gap in Big Four IT Auditors and SMEs and debunked the 10,000-hour rule and "years of experience" fallacy. His study proved that task-based experience is more objective than time-based experience. Blake is also the author of "How to Complete Your Master's Degree in One Semester," which has assisted over 150 students to complete their master’s degrees in record-setting times. Along his journey, he has earned over 30 IT certifications and gained additional impressive certificates for engineering, advising, managing, and leadership. Blake has an abundance of experience to share with ISACA’s audience. Tune in now to be inspired, uplifted, and enlightened by his techniques, advice, and wisdom that can help boost your career! Below you can find materials and resources that Blake would like to share with our audience. Links: How to regulate a profession pg. 261 and 265 of Creating the Next Generation Cybersecurity Auditor: Examining the Relationship between It Auditors’ Competency, Audit Quality, & Data Breaches - ProQuest Debunking Years of Experience: https://www.linkedin.com/posts/reginaldblakecurtis_science-hiring-experience-activity-6951573321901621248-cygl?utm_source=linkedin_share&utm_medium=member_desktop_web Videos Equitable Hiring YouTube Series link: https://www.youtube.com/watch?v=IsnoCNIA2WU&list=PLfr4LANhCPrCXIc6V_h_k2dyKwPP7wJJa Tools Inoreader: Inoreader - Take back control of your newsfeed Anki Notecards (Spaced Repetition): About - AnkiWeb Notion Books Art of Conversation – Judy Apps Verbal Judo – George Thompson The Science of Self-Learning – Peter Hollins Finish What Your Start – Peter Hollins The Power of Discipline – Daniel Walter

246 Views • 4 months ago

Video

Industry Spotlight - Dr. Blake Curtis, Part I

Link to Part II: https://youtu.be/zlrGdTRP-OA Author, editor, speaker, and educator, Dr. Blake Curtis is joined by Red Cross’s Senior Internal Auditor Niki Gomes to talk about everything from growing up in a small town to completing his master’s degree in 10 weeks and publishing his 600-page dissertation in this ISACA Industry Spotlight episode. In a meaningful conversation, Blake discusses how surviving a near-death experience transformed and motivated him to expand his understanding of what it means to be a human. He was inspired to supercharge his learning, career journey, and personal growth. Making the decision to become intentional in every interaction and giving 100% of his effort in every initiative, he blazed his path to success. At the 2022 ISACA North America Conference, Blake presented his findings from his ground-breaking and internationally known dissertation, "The Next Generation Cybersecurity Auditor.” His research discovered a technical competency gap in Big Four IT Auditors and SMEs and debunked the 10,000-hour rule and "years of experience" fallacy. His study proved that task-based experience is more objective than time-based experience. Blake is also the author of "How to Complete Your Master's Degree in One Semester," which has assisted over 150 students to complete their master’s degrees in record-setting times. Along his journey, he has earned over 30 IT certifications and gained additional impressive certificates for engineering, advising, managing, and leadership. Blake has an abundance of experience to share with ISACA’s audience. Tune in now to be inspired, uplifted, and enlightened by his techniques, advice, and wisdom that can help boost your career! Below you can find materials and resources that Blake would like to share with our audience. Links: How to regulate a profession pg. 261 and 265 of Creating the Next Generation Cybersecurity Auditor: Examining the Relationship between It Auditors’ Competency, Audit Quality, & Data Breaches - ProQuest Debunking Years of Experience: https://www.linkedin.com/posts/reginaldblakecurtis_science-hiring-experience-activity-6951573321901621248-cygl?utm_source=linkedin_share&utm_medium=member_desktop_web Videos Equitable Hiring YouTube Series link: https://www.youtube.com/watch?v=IsnoCNIA2WU&list=PLfr4LANhCPrCXIc6V_h_k2dyKwPP7wJJa Tools Inoreader: Inoreader - Take back control of your newsfeed Anki Notecards (Spaced Repetition): About - AnkiWeb Notion Books Art of Conversation – Judy Apps Verbal Judo – George Thompson The Science of Self-Learning – Peter Hollins Finish What Your Start – Peter Hollins The Power of Discipline – Daniel Walter

671 Views • 4 months ago

Video

Industry Spotlight - Arnulfo Espinosa Dominguez, Part II

Link to Part I: https://youtu.be/yNQvbf9onik Vice President of the ISACA Monterrey Chapter and IT Audit & Fraud Director of one of the largest Financial Groups in México, Arnulfo Espinosa Dominguez, joins ISACA’s Jocelyn Alcantar to share some of the many things he has learned over his 20 years of professional experience in the industry. Having realized the value of information at an early age, Arnulfo has forged his path within the IT community. He is an accredited trainer for multiple certifications, an independent advisor and chairman for various Cybersecurity, Risk, and Audit committees, and is globally recognized by a nickname his peers have given him, "The AudiTHOR.” As a long-time ISACA volunteer and conference speaker, Arnulfo has been awarded on numerous occasions for his outstanding achievements. In 2019, he was given the ISACA “Outstanding Chapter Leader Award,” in 2020, he received the “John Kuyers Award for Best Speaker”, and he received the highest achievement, the “ISACA Hall of Fame Award” in 2021. Tune into this episode as Arnulfo offers his best tips and practices for becoming an exceptional keynote speaker, advice on how the up-and-coming professionals can get into the industry, and how his alter ego, AudiTHOR, fuels his passion for auditing! To read more about Arnulfo, visit www.isaca.org/resources/news-and-trends/isaca-now-blog/2020/iamisaca-from-rock-star-to-speak-star. To listen to more ISACA Podcasts, visit www.isaca.org/podcasts.

98 Views • 4 months ago

Video

Industry Spotlight - Arnulfo Espinosa Dominguez, Part I

Link to Part II: https://youtu.be/plxD2frpYk0 Vice President of the ISACA Monterrey Chapter and IT Audit & Fraud Director of one of the largest Financial Groups in México, Arnulfo Espinosa Dominguez, joins ISACA’s Jocelyn Alcantar to share some of the many things he has learned over his 20 years of professional experience in the industry. Having realized the value of information at an early age, Arnulfo has forged his path within the IT community. He is an accredited trainer for multiple certifications, an independent advisor and chairman for various Cybersecurity, Risk, and Audit committees, and is globally recognized by a nickname his peers have given him, "The AudiTHOR.” As a long-time ISACA volunteer and conference speaker, Arnulfo has been awarded on numerous occasions for his outstanding achievements. In 2019, he was given the ISACA “Outstanding Chapter Leader Award,” in 2020, he received the “John Kuyers Award for Best Speaker”, and he received the highest achievement, the “ISACA Hall of Fame Award” in 2021.   Tune into this episode as Arnulfo offers his best tips and practices for becoming an exceptional keynote speaker, advice on how the up-and-coming professionals can get into the industry, and how his alter ego, AudiTHOR, fuels his passion for auditing! To read more about Arnulfo, visit www.isaca.org/resources/news-and-trends/isaca-now-blog/2020/iamisaca-from-rock-star-to-speak-star. To listen to more ISACA Podcasts, visit www.isaca.org/podcasts.

199 Views • 4 months ago

Video

Industry Spotlight - Todd Fitzgerald

Cybersecurity leader, author, and host of the CISO Stories podcast, Todd Fitzgerald sits down with ISACA’s Chelsey Byrd to discuss his extensive career journey in security, his best-selling book, CISO COMPASS, and how a make-believe FBI club connects directly to his career passions today. As one of ISACA’s top-rated speakers, Todd gives tips and techniques for the best way to prepare for a speaking event, how to engage the audience, and some entertaining moments and behind-the-scenes accounts from conferences! Named the Chicago CISO of the Year and ranked Top 50 IS Executive in 2016 and 2017, Todd offers listeners his best career advice, ways to stay aware of current business trends, and much more. Listen now to this episode of ISACA’s Industry Spotlight. To listen to CISO Stories, visit https://securityweekly.com/category-shows/the-ciso-stories-podcast/ To listen to more ISACA Podcasts, visit www.isaca.org/podcasts

197 Views • 4 months ago

Video

Smarter Testing = Safer Digital Experiences

Application testing is a critical component of a software development lifecycle. A complete testing battery for any application includes not only functionality and usability testing but security and reliability testing as well. However, helping ensure that security testing in particular produces results that focus on actionable items – with accurate relative priorities – has been a persistent challenge. Are actionable items from testing actually going to move the needle in terms of product quality and resilience – especially in how they manage evolving threats? While the “OWASP Top 10” and “CWE/SANS Top 25” are still important, they represent merely a reasonable beginning to a security testing strategy. How do you go beyond those lists and become truly more “adversary-aware” in testing? In addition, how do you make sure that these testing efforts genuinely help your development teams “shift left” in their thinking and implementation of better security controls in your applications? These are challenges Adobe set out to solve by not just making our testing efforts more extensive or frequent – but smarter, and with as tight of alignment as possible to the software development lifecycle and even closer in modeling real-world adversary threats. We invite you to join Shannon Lietz, VP, Adobe Security, as she speaks with ISACA's IT Audit Professional Practices Principal, Robin Lyons for a discussion of these issues and others that we must address as an industry to make us genuinely more “DevSecOps”-minded in our approach to application security testing. Robin and Shannon will discuss Adobe’s overall strategy around our application testing efforts and how smarter testing is fundamental to achieving a true “shift left” approach around application security. They will also talk about how this effort is really going to help us deliver the safer digital experiences users are demanding. For more information go to https://trust.adobe.com Be sure to like, comment, and subscribe for more ISACA Productions content.

244 Views • 5 months ago

Video

Industry Spotlight: Jan Anisimowicz

Jan Anisimowicz is an experienced senior IT manager with over 23 years of experience in GRC, data analysis, broad business, and technical perspective in telco, banking, pharma, and insurance. As the COO and EVP at C&F, he is consistently solving business problems by leveraging his all-around experience in creating and developing IT products and IT service offerings for businesses. In this ISACA Industry Spotlight episode, Jan Anisimowicz chats with ISACA's Megan Moritz on what he believes the most pressing current business continuity issue is in this always-changing industry. With the recent pandemic, Jan also discusses his active participation in the digital transformation technology for vaccine manufacturers, the key component to the development and delivery of the vaccine. He also explains why he wants to travel to Mars, how some friends convinced him to run 9 marathons, and his dream to build a 14th-century-style restaurant with archival computers and gaming devices! To learn more about Jan, visit: linkedin.com/in/anisimowicz Be sure to like, comment, and subscribe for more ISACA Productions content.

189 Views • 6 months ago

Video

Industry Spotlight: Ed McCabe

One of Ed McCabe's first childhood memories was taking apart his grandparent's heirloom grandfather clock to find out why it wasn't working. His grandparents were not happy to find it in pieces, but he did get it working again and says that experience was the beginning of a life-long interest in IT, beginning his quest to always ask "why, how and what is technology supposed to do and what is it not, supposed to do?". ISACA's Angie Coleman talks to Ed about his career in the US Navy, private sector and founding his own company The Rubicon Advisory Group. Ed discusses how his organization has supported clients through the most challenging moments during the pandemic, how he learned to find balance for his life while sustaining his passion for education and technology, and what his advice is to ISACA members when preparing for a certification test. For more information on Ed, visit: www.therubiconadvisorygroup.com To listen to more ISACA Podcasts, visit: www.isaca.org/podcasts Be sure to like, comment, and subscribe for more ISACA Productions content!

348 Views • 6 months ago

Video

Managing Data Privacy Risks and Compliance with a Distributed Workforce

Data now includes, consumer's social media, news, view and even browser searches. From 2010-2020, the amount of data created, captured, and copied in the world increased from 1.2 trillion GB to 59 trillion GB and the amount created in the next 5 years is projected to double. With that massive amount of data being collected, there is a growing sense of distrust with consumers when it comes to privacy. RGP's Janis Parthun and Lynn Rohland join ISACA's Safia Kazi for a discussion about data privacy. Janis and Lynn discuss trends from their clients, challenges that AI is introducing and the effect that the pandemic has had on the industry. Visit ISACA.org/podcasts for more ISACA Podcasts! Be sure to like, comment, and subscribe for more ISACA content! To find out more about RGP, visit https://rgp.com/

502 Views • 6 months ago

Video

A Security Awareness Program for PCI-DSS Compliance

People are considered the weakest link in any organization’s cybersecurity defenses. Hence, in most cases, the primary targets of cyber-attackers are the employees of the organization. In addition, people are easier to compromise and exploit unlike finding a single software to breach an organization or enterprise business. While a lot of efforts go into improving the existing security infrastructure, ignorance of human resources would leave a significant gap in the defense strategy. Join ISACA’s Research Advisor, Brian Fletcher, as he is joined by Dr. Yasmin Razack, author of “A Security Awareness Program for PCI DSS Compliance: Implementation and Legal and Ethical Issues to Be Considered”. In this episode, they will be addressing the challenges in implementing a security awareness program to fill this gap and the legal/ethical issues that needs to be considered during implementation. As per the Payment Card Industry – Data Security Standard (PCI-DSS) requirement 12.6, a Security Awareness Program is mandatory to be held at least once a year and for new hires. However, it is not an easy task and cannot be a one-time activity. But if implemented effectively, awareness programs can be the human firewall of the organization. It will make the organization compliant to regulations like PCI-DSS thereby protecting it from fines due to non-compliance, defamation, costs of data breaches and will help improve customer trust and loyalty. To read Dr. Razack’s full article click here - www.isaca.org/pci-dss-compliance Be sure to like, comment, and subscribe for more ISACA Production content!

483 Views • 6 months ago

Video

Industry Spotlight - Jo Stewart-Rattray

Making a difference within the cyber industry is of paramount importance to Jo Stewart-Rattray. She is incredibly passionate about encouraging, teaching, and mentoring more women into tech and security fields. In this episode of Industry Spotlight, Robyn Franko, Manager of Event Operations and Services at ISACA, chats with Jo about her background and career path, hobbies, and some interesting challenges the industry faces. Jo has over 25 years of experience in the IT field, some of which were spent as CIO in the Utilities and as Group CIO in the Tourism space, and with significant experience in the Information Security arena, including as CISO in the healthcare sector. She underpins her information technology and security background with her qualifications in education and management. She specializes in consulting in risk and technology issues with a particular emphasis on governance and security in both the commercial and operational areas of businesses. Jo provides strategic advice to organizations across a number of industry sectors, including banking and finance, utilities, manufacturing, tertiary education, retail, healthcare, and government. She has chaired several of ISACA’s international committees, including the Board Audit & Risk Committee, Leadership Development, and Professional Influence & Advocacy. She served as an Elected Director on ISACA’s International Board of Directors for seven years and was the founder of its global women’s leadership initiative, SheLeadsTech. Because of her involvement with ISACA and the SheLeadsTech program and her rural background Jo was selected from a large number of candidates to be one of only two non-government delegates and was invited to join the official Australian Government delegation to the 62nd Session of the United Nations Commission on the Status of Women (CSW62) held in New York in March 2018. She returned to the UN in 2019 and again spoke at two UN events this year. She has spoken on Capitol Hill during a Day of Advocacy designed to bring tech leaders together in one place to discuss issues related to women in technology and then to meet with congressional representatives and Senator’s offices. Be sure to like, comment, and subscribe for more ISACA Content. For more information check out - www.isaca.org/podcasts

281 Views • 6 months ago

Video

Industry Spotlight with Raven David

"For me, it's all about working with people... at the end of the day, you want to work in a place where you can trust other individuals, you can get to know other individuals, and being personable with one another makes an organization great to work for," Raven David tells ISACA. In this Industry Spotlight episode, we meet Raven David, Cyber Risk and Governance Manager for The University of New South Wales (UNSW). Fascinated with technology at an early age, the native Australian recalls that he spent part of his childhood disassembling computers and putting them back together to understand better how they worked. This passion led him on a fantastic life journey and set him on a path to dominate the industry as a risk management, governance, compliance, assurance, and emerging technologies expert. Raven talks about his less traditional educational and career track. While working full-time, he managed a full-time class schedule simultaneously, to a career that allowed him to establish and manage a cyber risk and compliance team within a corporation of 5,000+ employees. Listen as Raven recaps the success of his cybersecurity awareness program, gives thoughtful advice to the next generation of young professionals, and discusses his current self-educating project, 3D printed chess set with Arduino-powered actuators and a Python chess engine.  As an active contributor to ISACA and the ISACA Sydney Chapter, Raven recently volunteered, mentored, and led the 2021 Oceania Conference Taskforce and is currently a CRISC Certification Working Group. In this ISACA Industry Spotlight episode, get to know the next-gen cybersecurity leader, Raven David. Connect with Raven David on LinkedIn: https://www.linkedin.com/in/ravendavid/  Press play now, and don’t forget to subscribe!

241 Views • 6 months ago

Video

Lessons Learned from a Year of Remote Work

Working from alternate work sites using unsecure networks may be here to stay, but there is much to learn from 2020 that can help improve cybersecurity capabilities for remote staff. Listen in with ISACA's Deputy Director of One in Tech, Hollee Mangrum-Willis as she talks with Tom Conkle, CEO of Optic Cyber Solutions, and Kelly Hood, EVP of Optic Cyber Solutions. They will discuss various technical solutions such as using VPNs, enabling MFA, encrypting mobile devices and laptops, and leveraging services such as a CASB, and how, ultimately, training and awareness are the most effective at protecting organizational data. To read the full article, be sure to check out https://www.isaca.org/resources/news-and-trends/industry-news/2021/lessons-learned-from-a-year-of-remote-work. We would love to hear from you, please leave your comments below. If you enjoyed this episode, please click the like and subscribe buttons for more from ISACA!

352 Views • 6 months ago

Video

Information Security Programs Need to be Ubiquitous, Proactive, and Vigilant

This ISACA TV interview is a discussion about information security concerns (and challenges), evolution, and the future. Topics covered include mobile computing devices, the Internet of Things (IoT), artificial intelligence (AI), cyber threat intelligence (CTI), software tools, and malware. Threats, risk, safeguards, and countermeasures will be reviewed along with some new ideas and approaches. Tune in as ISACA’s Information Security Professional Practices Lead, Jon Brandt chat with Larry Wlosinski, Senior Consultant at Coalfire Federal about his recently release article, Cyberthreat intelligence as a Proactive Extension to Incident Response. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-6/cyberthreat-intelligence-as-a-proactive-extension-to-incident-response for more information!

159 Views • 6 months ago

Video

Gaining Executive Leadership Support for Security Changes

APTs Require Enhanced Cyberdefense Part VIII-- Advanced persistent threats (APTs) are introduced by adversaries that possess sophisticated levels of expertise and significant resources, which allow them to achieve their objectives by using multiple attack vectors (e.g., cyberattacks, physical attacks, deception). We must re-imagine cyberdefense. The threats are global, the impact is local—and every organization, regardless of industry, should examine strategic options to mitigate this risk to business. The old mantra “trust, but verify” has given way to the idea of a zero trust security model, which assumes the adversary is already inside the organization’s defenses. It is worthwhile to examine some options to reduce risk from APTs. With every business now a digital business, we must re-think, we must re-imagine cyber defense.” Don't forget to check out https://www.isaca.org/resources/news-and-trends/industry-news/2021/apts-require-enhanced-cyberdefense for more information!

126 Views • 6 months ago

Video

Background On The CMMC Model

APTs Require Enhanced Cyberdefense Part VII--Advanced persistent threats (APTs) are introduced by adversaries that possess sophisticated levels of expertise and significant resources, which allow them to achieve their objectives by using multiple attack vectors (e.g., cyberattacks, physical attacks, deception). We must re-imagine cyberdefense. The threats are global, the impact is local—and every organization, regardless of industry, should examine strategic options to mitigate this risk to business. The old mantra “trust, but verify” has given way to the idea of a zero trust security model, which assumes the adversary is already inside the organization’s defenses. It is worthwhile to examine some options to reduce risk from APTs. With every business now a digital business, we must re-think, we must re-imagine cyber defense.” Don't forget to check out https://www.isaca.org/resources/news-and-trends/industry-news/2021/apts-require-enhanced-cyberdefense for more information!

58 Views • 6 months ago

Video

Setting Up An SOC For Success

APTs Require Enhanced Cyberdefense Part VI--Advanced persistent threats (APTs) are introduced by adversaries that possess sophisticated levels of expertise and significant resources, which allow them to achieve their objectives by using multiple attack vectors (e.g., cyberattacks, physical attacks, deception). We must re-imagine cyberdefense. The threats are global, the impact is local—and every organization, regardless of industry, should examine strategic options to mitigate this risk to business. The old mantra “trust, but verify” has given way to the idea of a zero trust security model, which assumes the adversary is already inside the organization’s defenses. It is worthwhile to examine some options to reduce risk from APTs. With every business now a digital business, we must re-think, we must re-imagine cyber defense.” Don't forget to check out https://www.isaca.org/resources/news-and-trends/industry-news/2021/apts-require-enhanced-cyberdefense for more information!

39 Views • 6 months ago

Video

The Transition From “Trust But Verify” to “Zero-trust”

APTs Require Enhanced Cyberdefense Part V—Advanced persistent threats (APTs) are introduced by adversaries that possess sophisticated levels of expertise and significant resources, which allow them to achieve their objectives by using multiple attack vectors (e.g., cyberattacks, physical attacks, deception). We must re-imagine cyberdefense. The threats are global, the impact is local—and every organization, regardless of industry, should examine strategic options to mitigate this risk to business. The old mantra “trust, but verify” has given way to the idea of a zero trust security model, which assumes the adversary is already inside the organization’s defenses. It is worthwhile to examine some options to reduce risk from APTs. With every business now a digital business, we must re-think, we must re-imagine cyber defense.” Don't forget to check out https://www.isaca.org/resources/news-and-trends/industry-news/2021/apts-require-enhanced-cyberdefense for more information!

42 Views • 6 months ago

Video

Mitigating APT risk

APTs Require Enhanced Cyberdefense Part IV-- Advanced persistent threats (APTs) are introduced by adversaries that possess sophisticated levels of expertise and significant resources, which allow them to achieve their objectives by using multiple attack vectors (e.g., cyberattacks, physical attacks, deception). We must re-imagine cyberdefense. The threats are global, the impact is local—and every organization, regardless of industry, should examine strategic options to mitigate this risk to business. The old mantra “trust, but verify” has given way to the idea of a zero trust security model, which assumes the adversary is already inside the organization’s defenses. It is worthwhile to examine some options to reduce risk from APTs. With every business now a digital business, we must re-think, we must re-imagine cyber defense.” Don't forget to check out https://www.isaca.org/resources/news-and-trends/industry-news/2021/apts-require-enhanced-cyberdefense for more information!

24 Views • 6 months ago

Video

Defense Against APT attacks

APTs Require Enhanced Cyberdefense Part III—Advanced persistent threats (APTs) are introduced by adversaries that possess sophisticated levels of expertise and significant resources, which allow them to achieve their objectives by using multiple attack vectors (e.g., cyberattacks, physical attacks, deception). We must re-imagine cyberdefense. The threats are global, the impact is local—and every organization, regardless of industry, should examine strategic options to mitigate this risk to business. The old mantra “trust, but verify” has given way to the idea of a zero trust security model, which assumes the adversary is already inside the organization’s defenses. It is worthwhile to examine some options to reduce risk from APTs. With every business now a digital business, we must re-think, we must re-imagine cyber defense.” Don't forget to check out https://www.isaca.org/resources/news-and-trends/industry-news/2021/apts-require-enhanced-cyberdefense for more information!

36 Views • 6 months ago

Video

How Organizations Should Deal with APTs

APTs Require Enhanced Cyberdefense Part II — Advanced persistent threats (APTs) are introduced by adversaries that possess sophisticated levels of expertise and significant resources, which allow them to achieve their objectives by using multiple attack vectors (e.g., cyberattacks, physical attacks, deception). We must re-imagine cyberdefense. The threats are global, the impact is local—and every organization, regardless of industry, should examine strategic options to mitigate this risk to business. The old mantra “trust, but verify” has given way to the idea of a zero trust security model, which assumes the adversary is already inside the organization’s defenses. It is worthwhile to examine some options to reduce risk from APTs. With every business now a digital business, we must re-think, we must re-imagine cyber defense.” Don't forget to check out https://www.isaca.org/resources/news-and-trends/industry-news/2021/apts-require-enhanced-cyberdefense for more information!

56 Views • 6 months ago

Video

Why Organizations Should Reimagine Their Cyberdefenses

APTs Require Enhanced Cyberdefense Part I-- Advanced persistent threats (APTs) are introduced by adversaries that possess sophisticated levels of expertise and significant resources, which allow them to achieve their objectives by using multiple attack vectors (e.g., cyberattacks, physical attacks, deception). We must re-imagine cyberdefense. The threats are global, the impact is local—and every organization, regardless of industry, should examine strategic options to mitigate this risk to business. The old mantra “trust, but verify” has given way to the idea of a zero trust security model, which assumes the adversary is already inside the organization’s defenses. It is worthwhile to examine some options to reduce risk from APTs. With every business now a digital business, we must re-think, we must re-imagine cyber defense.” Don't forget to check out https://www.isaca.org/resources/news-and-trends/industry-news/2021/apts-require-enhanced-cyberdefense for more information!

114 Views • 6 months ago

Video

Gaining Digital Trust by Eliminating Privacy Dark Patterns

With the growing emphasis on consent for collecting and processing data, some enterprises have turned to tricking data subjects into giving their consent by using privacy dark patterns. Privacy dark patterns can manifest in numerous ways, from confusing user interface design to manipulative language. In this episode Jonathan Brandt, ISACA's Director of Professional Practices and Innovation, is joined by ISACA's Privacy Professional Practices Principal, Safia Kazi, who defines and provides examples of privacy dark patterns, their consequences, and how to avoid them. Jon and Safia also discuss how privacy dark patterns affect digital trust, which can ultimately hurt an enterprise's reputation and customers. To read the full article, Fostering Trust by Eliminating Dark Patterns click the link: https://www.isaca.org/fostering-trust-by-eliminating-dark-patterns. Be sure to comment, like, and subscribe for more ISACA Productions content!

504 Views • 6 months ago

Video

IT Audit in Practice: Survival When You are Small-business Continuity and Resilience

Everyone needs a resilient operating model, and the pandemic has been the reality check showing how necessary it is to have a plan. Was your small-business or corporation prepared for the shift to remote work in early 2020? If not, you probably realized that business continuity is more than having the right systems and applications in place. The most important factor is people! Although both large and small enterprises have accommodated and adapted, the smaller organizations with fewer resources and time have faced equal or greater hurdles when it comes to this type of planning. Join ISACA’s IT Professional Practices Lead, Kevin Keh, as he interviews Cindy Baxter, Director, What’s the Risk, LLC and discusses the importance of having a business continuity and resilience plan for your business. Cindy discusses consistently updating your crisis team and notification systems, the importance of allowing an auditor to fully understand your business, accepting critical feedback throughout the entire audit process vs. waiting for the final report and more! Cindy also mentions how small business owners and employees shouldn’t get defensive or take the findings personally. Remember, the value comes not in the result, but in the adoption of the results and recommendations. For more information on this topic, download ISACA’s IT Business Continuity/Disaster Recover Audit Program here: shorturl.at/uLZ16

102 Views • 1 year ago

Video

Advanced Security for secret information

Listen in as ISACA Journal columnist, Steven Ross, CISA, CDPSE, AFBCI, CISSP, MBCP, delves deeper into his latest article, “Advanced Security for Secret Information.” As a follow up to his two previously published journals, “Keeping Secrets,” and “Secrets and Privacy,” Ross continues to make the case that the protection of secret information is becoming a significant issue in cybersecurity. All companies —no matter how small— need some form of a security program to protect their secret information. However, the security that is currently in place to protect those secrets are oftentimes insufficient. Steven discusses the use of encryption and extended monitoring to keep the “bad guys” at bay from stealing your important information. Don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2021/volume-3/advanced-security-for-secret-information for more information!

206 Views • 1 year ago

What is smishing phishing quizlet?

What is Smishing in cyber security quizlet?

What are two of the most common phishing attacks made on an organization quizlet?

Which of the following attacks tricks the user in to giving up personal information?