ISACA Podcast

Guests Jack Freund and Natalie Jorion discuss the need for additional data for quantitative risk analyses and methods to derive that data when it does not exist. They cover how this was done in the past and their updated method for interpolation of such data from record losses and other firmographic data. They end with a discussion of the role of model validation and how it can enable reliable risk management decision making.

Hosted by ISACA's Safia Kazi.

Are you wondering about the ever-changing landscape of IT compliance and risk management? Look no further. Hyperproof, a leading SaaS compliance operations provider, conducts an annual survey of over 1,000 IT risk, compliance, and security professionals to uncover their top challenges. Tune in to this exclusive episode to hear about the top five most important statistics uncovered from the survey and get an overview of how your industry peers are managing IT risk and compliance programs within their organizations.

We’ll cover:

● The top five findings from the survey

● How your peers are planning to handle compliance, audit management, and risk management in the midst of this year’s volatile economy

● What companies are doing differently in response to recent and highly publicized security breaches to avoid security lapses and compliance violations

Download Hyperproof’s 2023 IT Compliance and Risk Benchmark Report https://hyperproof.io/it-compliance-benchmarks/

The world of business has changed dramatically over the past few years. Our digital world is more connected than ever, leaving security and technology teams stretched even thinner. Privacy and data regulations are increasing on a state and national level, threat actors are learning and evolving, and cybersecurity has finally become a boardroom priority! Now that you have leadership’s attention- what will you do? If your answer is “risk management as usual”, that may be holding you back.

Traditional risk management approaches make a lot of promises, but most of them are myths. Do any of these sound familiar?

● You can make better-informed decisions by using a single platform.

● You can use automation to achieve continuous compliance.

● You can implement risk management by creating a risk register.

● You can use qualitative attributes to measure and assess risk.

In this episode, we’ll assess risk management myths and discuss how to establish scalable, quantifiable, and always-on risk management for the future.

Hosted by Lisa Cook and featuring special guest Megan Maneval.

Cyber threats are now a “clear and present danger” to most organizations, companies and governments of the world. A good cyber defense involves many, intricate layers. You can never have enough layers, just like you can never remove all the risk. In order for organizations to reduce as much risk as possible, in a rapidly shifting threat landscape, they must constantly make improvements. The threat groups are making rapid improvements and increasing their expertise at a steady rate. They are investing  in R&D and Zero-Day exploits. To offer a good defense, we must make progress at the same rate as the threat groups or we may fall behind, increasing risks and allowing the cyber world to become like the “wild-wild west.”

Conducting adequate preparation including risk assessments, assessing resource requirements and ensuring ongoing communication to harness both the benefits and to address the potential challenges faced when conducting hybrid or fully virtual audits.

This podcast is a practical discussion with two IT Internal Auditors, Frans Geldenhuys and Gustav Silvo, that have automated IT General Controls across their highly diversified and decentralized group. They will share some of the pitfalls they have experienced in their automation roll out and advise on how to avoid or manage these pitfalls with host, Robin Lyons.

Check out Frans and Gustav’s full ISACA Industry News article, “Seven Things to Know Before Automating IT General Control Audits,” http://www.isaca.org/automating-it-general-control-audits

For more ISACA Podcasts, https://www.isaca.org/podcasts

Organizational culture is crucial because it shapes behaviors and attitudes in the workplace, which can profoundly impact operations and overall success. However, it is sometimes difficult for CISOs and other infosec managers to fully understand their culture because they are inside it constantly.

In this ISACA Podcast episode, author and journalist Mark Tarallo chats with ISACA's Safia Kazi about how infosec managers can assess the organizational culture by using a culture model to examine the behaviors, relationships, attitudes, values, and environment that the culture sustains. It also discusses possible ways to lead a culture change initiative.

To read Mark's full ISACA Journal article, "Understanding, Assessing, Aligning and Transforming Organizational Culture," click the link https://www.isaca.org/organizational-culture

For more ISACA Podcasts: https://www.isaca.org/podcasts 

What are the primary risks associated with the adoption of emerging technologies, particularly during periods of high market volatility and changing governance requirements? We talk with Samuel Zaruba Smith, PhD(c) about his learnings from working in government regulated industries and emerging technology. We deep dive into the problems of business strategy, security, policy, social engineering ethics, and audits within a business environment of emerging technology systems such as Artificial Intelligence and Web3 decentralized technologies. Given the current business landscape of early 2023, changing market conditions and rapidly evolving governance concerns need to be top of the mind for all organizational leaders. Samuel provides insightful recommendations for improving your organizational structure and technology governance to create a more productive, inclusive, and ethical workplace. 

Get to know Chief Membership and Marketing Officer Julia Kanouse as she sits down with childhood best friend and ISACA VP Amanda Raible. The duo discuss everything from leadership to motherhood while competing in Mario Kart! Tune in!

There are literally thousands of VPN services on the market. Some are undeniably benign, but others offer a slate of features that are friendly to cyber criminals. Keeping your network safe from hackers requires you to understand the VPN market, and make decisions based on your company’s appetite for risk. Fortunately, by analyzing IP address data associated with these devices, security professionals can get access to a wealth of VPN contextual data that helps them distinguish between perfectly legitimate providers and those that turn a blind eye toward crime. In today’s world, it is vital for security professionals to know how to leverage IP address data and its contextual insights to protect enterprise networks.