ISACA Podcast

In this episode, ISACA's Lisa Cook engages with Yakir Golan, Executive Officer (CEO) and Co-Founder of Kovrr, to explore the critical role of Cyberrisk Quantification (CRQ) in enhancing organizational financial resilience. They discuss how CRQ solutions provide objective assessments of an organization's cybersecurity posture, enabling leaders to make informed decisions that align risk mitigation strategies with business objectives. The conversation also highlights the importance of translating cyberrisk exposure into monetary terms to facilitate high-level discussions and protect shareholder confidence.

Listen & Subscribe Catch this episode—and more—on the ISACA Podcast Library: https://www.isaca.org/resources/news-and-trends/isaca-podcast-library

or on your favorite podcast platform.

Ransomware remains one of the most formidable cybersecurity threats facing organizations worldwide.

In this episode of the ISACA Podcast, host Chris McGowan speaks with Netwrix endpoint protection expert Jeremy Moskowitz, who explains how ransomware infiltrates and cripples desktop environments. He explains cybercriminals' tactics to exploit social engineering and system misconfigurations to gain unauthorized access, offering actionable insights on the most effective prevention and mitigation strategies.

Additionally, Jeremy delivers practical advice that security teams can use to resist ransomware. He shares tips on safeguarding locally stored data, implementing robust backup solutions, enforcing strict access controls and system patching, and educating staff on common red flags associated with ransomware.

 Listen & Subscribe to ISACA Podcast 

Catch this episode—and more—on the ISACA Podcast Library
or on your favorite podcast platform.

 Connect & Learn More about Netwrix

• Netwrix Data Loss Prevention Solution: Learn more
• Follow Netwrix on LinkedIn: Netwrix Corporation: Posts | LinkedIn
• Additional Resources Provided by Netwrix:
  • CISA’s Ransomware Guidance
  • SANS Institute White Papers on Ransomware
  • NIST SP 800-61 Rev. 2 – Incident Handling Guide
  • Krebs on Security – Ransomware Articles

Cybersecurity and the role of internal audit, an urgent call to action: The forces driving business growth and efficiency contribute to a broad attack surface for cyber assaults. How is the end user protected with good service while not being compromised?

• First Line includes internet, cloud, mobile, and social technologies, now mainstream, are platforms inherently oriented for sharing. Outsourcing, contracting, and remote workforces are shifting operational control.
• Second line includes information and technology risk management leaders who establish governance and oversight, monitor security operations, and take-action as needed, often under the direction of the chief information security officer (CISO)
• Third line of cyber defense—independent review of security measures and performance by the internal audit function. Internal audit should play an integral role in assessing and identifying opportunities to strengthen enterprise security. At the same time, internal audit has a duty to inform the audit committee and board of directors that the controls for which they are responsible are in place and functioning correctly, a growing concern across boardrooms as directors face potential legal and financial liabilities.

The prevalence of ransomware and the security concerns associated with AI have made the role of cybersecurity professionals vital for enterprise success. The complex security landscape can make cybersecurity jobs stressful, but enterprises can take steps to retain cybersecurity talent and ensure enterprise assets are protected. In this podcast, Justin Rende, founder and CEO at Rhymetec, shares insight on the top concerns for cybersecurity professionals, the most in-demand skills, and the impact of AI on cybersecurity. 

Given the dynamic nature of cyberthreats and the ever-expanding digital ecosystem, authentication is more critical than ever. In this episode, ISACA director of professional practices and innovation discusses a new content piece titled, "Examining Authentication in the Deepfake Era" with author Dr. Chase Cunningham. Their conversation of the paper explores the evolution, current state, and future trajectory of authentication technologies. 

Emerging healthcare technologies have the potential to revolutionize healthcare and accessibility-related concerns, but these advancements are not without risk. To maximize the value and minimize the harms associated with emerging health technologies, it is critical to address ethical, privacy, and societal concerns to ensure that these technologies help rather than hurt humanity.

In this ISACA Podcast, join Safia Kazi and Collin Bedder as they explore the applications and risks associated with emerging healthcare technologies.

SAP systems are treated differently than many other enterprise applications from a cybersecurity perspective. Most SAP security teams are siloed and left to meet security objectives on their own. Since SAP is so integral to organizations, it is unusual for SAP security objectives to not be on the radar of an existing 24/7 cybersecurity team executing response actions for Linux or Microsoft environments. SAP teams must be integrated w

SAP systems are treated differently than many other enterprise applications from a cybersecurity perspective. Most SAP security teams are siloed and left to meet security objectives on their own. Since SAP is so integral to organizations, it is unusual for SAP security objectives to not be on the radar of an existing 24/7 cybersecurity team executing response actions for Linux or Microsoft environments. SAP teams must be integrated with other cybersecurity groups within an organization to empower them with a security approach that unifies the entire enterprise landscape.

A chief information security officer (CISO) has many priorities, but when it comes to SAP environments, CISOs must fully understand how SAP applies to the IT enterprise and organizational environment to help them achieve all security goals. In addition, CISOs need to know their SAP team members personally so they can integrate them rather than contain them in silos. Finally, SAP must be secured to the same degree as other enterprise applications. When there is a Linux, Microsoft, or even a hybrid cloud incident, cybersecurity teams have a detailed plan of action upon which they are ready to act. SAP requires high-level consideration, or critical elements of the business will be vulnerable to malicious cyber actors—with no apparent response.

Many people are pondering whether generative artificial intelligence (AI) tool ChatGPT is a friend or a foe.

In this ISACA podcast episode, Camelot Secure Director of Solutions Engineering Zachary Folks discusses not only his view of how ChatGPT can be considered an evolution of the encyclopedia, but importantly how it is aiding cybersecurity professionals and the overall goal of enterprise security, as well as how cybercriminals who want to exploit it can leverage it as well. He believes the world is entering a time when AI is fighting AI, and security professionals must focus on feeding ChatGPT technology more relevant data faster than the adversary. Folk also addresses how AI is affecting social engineering and his predictions for upcoming AI developments.

Welcome to Episode 4 of "The Cyber Standard Podcast"!

Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the world of cybersecurity standardization. In this episode, titled "Becoming a License Body," Ameet is joined by esteemed guests Bryan Lillie, Strategic Technical Lead at the UK Cyber Security Council, and Peter Leitch, Co-Founder and Managing Partner at ANSEC. Together, they explore the intricacies of licensed bodies in shaping the cyber profession. Don't miss this insightful conversation!

Explore Further:

Delve deeper into the subject with additional resources provided in the episode description.

https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme

Welcome to Episode 3 of "The Cyber Standard Podcast"!

Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the essential aspects of applying for and assessing candidates in the cybersecurity field. In this episode, titled "How to Apply," Ameet is joined by distinguished guests Ethan Duffell, representing the UK Cyber Security Council, and Allan Broadman, Director of CyberAdvisor London. Together, they shed light on the launch of specializations and the significance of professional standards in the cybersecurity sector. Don't miss this insightful conversation!

Explore Further:

Delve deeper into the subject with additional resources provided in the episode description.

https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme