September 23, 2021
Digital transformation has heightened due to the pandemic. We went from, “we can’t work from home” to “we can only work from home moving forward”. Because of this change, our cyber risk increases and organizations need to take new action when it comes to risk. Join ISACA’s Risk IT Risk Professional Practices Lead, Paul Philips as he talks with Dr. Jack Freund—Head of Cyber Risk Methodology at VisibleRisk—about how to effectively communicate Cyber Risk to a Board of Directors. Organizations need to understand the financial ramifications of all aspects of cyber risk. Along with risk quantification, organizations need to work with and inform the BOD about the risk appetite for certain projects, how much risk tolerance the organization can afford to deal with and more.
![US DoD’s CMMC Guidelines — What You Need to Know]()
September 13, 2021
Cybersecurity Maturity Model Certification or CMMC is a new security program being released by the US DoD. If you are a DoD contractor, your livelihood could be at stake as contract requirements and contractors will need to be certified or a contract won’t be awarded. Listen in as TelaTek's Director of Operations, Johann Dettweiler breaks down these new requirements published in his latest journal article with ISACA's CMMI Professional Practice Lead, Kileen Harrison. Johann discusses the importance of all organizations —big or small—going through the different levels of security in the CMMC guidelines, starting at Level 1 and working their way up. What is the most important thing an organization needs to get started? The ability to read, familiarize and understand the different levels of CMMC otherwise, they won’t know how to implement it in their organization and will have to hire a third party. These CMMC requirements are here to stay and will only continue to get more stringent the more hacks and attacks keep increasing.
September 1, 2021
What is security as a service and when is it needed? Tune in as ISACA’s Cyber Pros explain how the increase in hacks and attacks are forcing companies to take cyber security more seriously. The bad news is, there is a lack of cyber security professionals in the field and those who do have the necessary skillset to manage a company’s security are becoming more and more costly. Academia is trying to help get the security workforce up to speed quickly, but they are failing. Until we see an influx of new and skilled cyber security professionals, security as a service is an option that can save your company both time and money and help assure that your company’s data and information is safe and secure.
For more information, check out ISACA’s State of Cybersecurity 2021.
![IT Audit in Practice: Survival When You are Small-business Continuity and Resilience]()
August 30, 2021
Everyone needs a resilient operating model, and the pandemic has been the reality check showing how necessary it is to have a plan. Was your small-business or corporation prepared for the shift to remote work in early 2020? If not, you probably realized that business continuity is more than having the right systems and applications in place. The most important factor is people! Although both large and small enterprises have accommodated and adapted, the smaller organizations with fewer resources and time have faced equal or greater hurdles when it comes to this type of planning.
Join ISACA’s IT Professional Practices Lead, Kevin Keh, as he interviews Cindy Baxter, Director, What’s the Risk, LLC and discusses the importance of having a business continuity and resilience plan for your business. Cindy discusses consistently updating your crisis team and notification systems, the importance of allowing an auditor to fully understand your business, accepting critical feedback throughout the entire audit process vs. waiting for the final report and more! Cindy also mentions how small business owners and employees shouldn’t get defensive or take the findings personally. Remember, the value comes not in the result, but in the adoption of the results and recommendations.
For more information on this topic, click here to download ISACA’s IT Business Continuity/Disaster Recover Audit Program.
August 19, 2021
Organizations are increasingly concerned about data security in several scenarios, including collecting and retaining sensitive personal information; processing personal information in external cloud environments, and information sharing. Commonly implemented solutions do not provide strong protection from data theft and privacy disclosures.
Privacy and risk management professionals are particularly concerned about the privacy and security of data analytics that are shared externally. Compliance of privacy regulations such as the US State of California Consumer Privacy Act (CCPA), the EU General Data Protection Regulation (GDPR) and other emerging regulations around the world require techniques for secure processing of sensitive data.
Listen in as ISACA’s Safia Kazi interviews Chief Security Strategist and data protection expert, Ulf Mattsson on the latest on privacy-preserving techniques.
August 3, 2021
Why should you listen to ISACA’s CyberPros? Find out as Dustin Brewer and Frank Downs explain how they got started in the cybersecurity field and grew their knowledge and experience to become the cyber professionals they are today. Dustin and Frank discuss their traditional and non-traditional paths to learning, their experience working in the US government and the importance of earning a certification and continuing your education. Want to know how to get started in Cybersecurity? Start here by listening to this podcast.
July 23, 2021
Join ISACA's Dustin Brewer as he tells you what you need to know about IoT now – why is it still considered an emerging tech? What are the biggest cybersecurity threats, and what opportunities will the Internet of Things bring in the next five years? Listen in to find out!
July 21, 2021
ESET has released its T1 2021 Threat Report, summarizing key statistics from ESET detection systems and highlighting notable examples of ESET’s cybersecurity research. The featured theme of the report recounts ESET’s analysis of a vulnerability chain that allows an attacker to take over any reachable Exchange server. The attack has become a global crisis, and this research identifies more than 10 different threat actors or groups that likely leveraged this vulnerability chain.
Join ISACA’s Information Security Professional Practices Lead, Jon Brandt, and ESET’s Chief Security Evangelist, Tony Anscombe, as they examine the findings of the ESET TI 2021 Threat Report. Dive deep into areas such as the rapid growth of “infostealers,” including the data they collect and how it is monetized; the increasing number of cryptocurrency threats; and recent vulnerabilities and potential exploitation of exchange servers and the resulting impact on organizations.
July 13, 2021
Every day, the risk of cyber and ransomware attacks regularly increases in frequency and danger. But despite the proof in numbers, many organizations still don’t recognize the need to fortify their fortress and improve the strength of their Cybersecurity practices. This is because the leadership of many organizations don’t understand cybersecurity or even want to understand it. That is —until it is too late.
In this episode, ISACA’s Cyber Pros, Dustin Brewer and Frank Downs explain the importance of cybersecurity and provide real world examples of why it pays to be proactive, not reactive when it comes to your company’s security. In the end, it will not only save your company a ton of time and money, but may even save your company!
Interested in learning more on this topic Check out ISACA’s State of Cybersecurity 2021 report at https://www.isaca.org/go/state-of-cybersecurity-2021 .
July 6, 2021
Finding a balance between a pleasant user experience and stringent security requirements can be a challenge. User authentication has become increasingly complex over the years, blending usernames and passwords with second factor authentication, like One Time Passwords (OTP). In many cases users need to re-authenticate many times a day depending on the applications or devices they use. For many users extremely long and complex passwords blend across work and personal accounts which reduce security and increase frustration and confusion. Is it even possible to balance heightened security and enhance the overall user experience? Adobe believes this is possible. We want to share our Zero-Trust framework for achieving this balance, through “ZEN.” The Zero-Trust Enterprise Network (or ZEN) project from Adobe is an initiative based upon numerous best practices and principles from various digital workspaces.
