ISACA Podcast

AI is a part of our everyday life. What's The Risk LLC's Cindy Baxter gives ISACA's Kevin Keh examples of modern media like the movies Free Guy, Ron’s Gone Wrong and The Matrix, and how they relate to AI-related risk factors, and they ask the questions, what is true? what is the data we are looking at? AI is about data accuracy and reputational risk, and Cindy discusses how to manage frameworks, create meaningful check points and intended outcomes six months or 2 years later that are spot on for what an organization intended. Cindy strongly believes that you always get a better outcome with diversity, because people from diverse backgrounds and life experiences create different ways to learn and produce innovative ideas and avoid rework.

To read Cindy's full article, visit: www.isaca.org/implementing-emerging-technologies

To listen to more ISACA podcasts, visit: www.isaca.org/podcasts

ISACA's risk expert Paul Phillips and Richard Hollis, CEO of Risk Factory and an ISACA Conference Europe speaker, examine top cyber risks impacting the supply chain, steps organizations need to take to manage supply chain risk, and important steps to take in the contract process.

Be sure to like, comment, and subscribe for more ISACA Productions content.

On this episode of Industry Spotlight, ISACA's outgoing Board Chair, Greg Touhill, introduces the 2022-23 Board Chair, Pam Nigro. They trade stories from their careers, Pam's thoughts on the future of ISACA, how Game of Thrones relates to Cybersecurity, and Greg shares his favorite moments from his tenure.

To read Pam's welcome letter, go to: www.isaca.org/letter-from-the-incoming-board-chair

To listen to more ISACA Podcasts, go to: www.isaca.org/podcasts 

In this episode, ISACA’s Jon Brandt chats with Thomas Lenzenhofer, Business Development Manager at Cisco, about his new ISACA article titled, “The Impact of People on Today’s Information Security Landscape.”

With over 20 years of industry experience, Thomas has a wealth of knowledge to share with ISACA listeners. The security of an organization is a serious matter, and Thomas gives a vivid scenario from his recent ISACA Journal article about how an attack on a country's health care system could be massively disruptive to the daily functions of staff computer systems, possibly causing employees not to receive payroll. Thomas also gives examples of how to properly train staff to avoid an event like this and says that security is a business enabler from the top-down. Tune in now!

To read Thomas' ISACA article, visit: www.isaca.org/impact-of-people-on-information-security-landscape

To listen to more ISACA podcasts, visit: www.isaca.org/podcasts

Link to Part I: https://isacapodcast.podbean.com/e/grc-for-intelligent-ecosystems-grcie-an-innovative-approach-to-workforce-enablement/

Executive Director for GRC for Intelligent Ecosystem (GRCIE) Jenai Marinkovic joins ISACA Director of Professional Practices and Innovation Jon Brandt to address key findings in ISACA's 2022 State of Cybersecurity report and talk about GRCIE program. In this two-part program, they delve into program creation, services offered, student selection and how ISACA research continues to shape their work. 

For more information about GRCIE, visit https://www.grcie.org/

Be sure to like, comment, and subscribe for more ISACA Productions content

Link to Part II: https://isacapodcast.podbean.com/e/grc-for-intelligent-ecosystems-grcie-an-innovative-approach-to-workforce-enablement-part-ii/

Executive Director for GRC for Intelligent Ecosystem (GRCIE) Jenai Marinkovic joins ISACA Director of Professional Practices and Innovation Jon Brandt to address key findings in ISACA's 2022 State of Cybersecurity report and talk about GRCIE program. In this two-part program, they delve into program creation, services offered, student selection and how ISACA research continues to shape their work. 

For more information about GRCIE, visit https://www.grcie.org/

Be sure to like, comment, and subscribe for more ISACA Productions content

Application testing is a critical component of a software development lifecycle. A complete testing battery for any application includes not only functionality and usability testing but security and reliability testing as well. However, helping ensure that security testing in particular produces results that focus on actionable items – with accurate relative priorities – has been a persistent challenge. Are actionable items from testing actually going to move the needle in terms of product quality and resilience – especially in how they manage evolving threats? While the “OWASP Top 10” and “CWE/SANS Top 25” are still important, they represent merely a reasonable beginning to a security testing strategy. How do you go beyond those lists and become truly more “adversary-aware” in testing?  In addition, how do you make sure that these testing efforts genuinely help your development teams “shift left” in their thinking and implementation of better security controls in your applications? These are challenges Adobe set out to solve by not just making our testing efforts more extensive or frequent – but smarter, and with as tight of alignment as possible to the software development lifecycle and even closer in modeling real-world adversary threats.

We invite you to join Shannon Lietz, VP, Adobe Security, as she speaks with ISACA's IT Audit Professional Practices Principal, Robin Lyons for a discussion of these issues and others that we must address as an industry to make us genuinely more “DevSecOps”-minded in our approach to application security testing. Robin and Shannon will discuss Adobe’s overall strategy around our application testing efforts and how smarter testing is fundamental to achieving a true “shift left” approach around application security. They will also talk about how this effort is really going to help us deliver the safer digital experiences users are demanding.

For more information go to https://trust.adobe.com

Be sure to like, comment, and subscribe for more ISACA Productions content.

One of ISACA’s most popular Journal columnists joins us to discuss his most recent release, “Cyber Decisions Only Executives Can Make.” Steven Ross chats with ISACA’s Safia Kazi about cyber recovery plans that organizations have in place and that only when an attack disrupts normal business operations do those organizations realize they should have prepared and planned for operation continuity without the system and data they rely on. As Executive Principal for Risk Master International and fifty plus years of industry experience, Steven shares his insights into cyber recovery plans, categorizing cyberattacks, paying ransom to cyber criminals, and offers his advice on what organizations should do if they find themselves in the middle of a critical cyber decision.

To read the full ISACA Journal article, click here: https://www.isaca.org/resources/isaca-journal/issues/2022/volume-4/cyber-decisions-only-executives-can-make

Be sure to like, comment, and subscribe for more ISACA Productions content.

ESET, a global leader in cybersecurity, has released its T1 2022 Threat Report, which summarizes the most notable trends that shaped the threat landscape from January to April 2022. Join ISACA’s Research Advisor, Brian Fletcher, as he breaks down the ESET T1 2022 Threat Report with Chief Security Evangelist for ESET, Tony Anscombe.

For more information, check out ESET’s award-winning blog: WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

Be sure to like, comment, and subscribe for more ISACA Productions content.

Join ISACA's Lisa Villanueva as she talks with Guy Pearce about his recently released ISACA Journal article "Real-World Data Resilience". Guy has a deep knowledge of the movement of data and says "it’s about change and nothing is stable." Lisa asks Guy about AI model implications, Data Drift and cloud adoption. If you want to dive deeper, you can read the entire journal article and learn about data and resilience in its modern context at: https://www.isaca.org/resources/isaca-journal/issues/2022/volume-3/real-world-data-resilience-demands-an-integrated-approach-to-ai-data-governance-and-the-cloud 

To listen to more ISACA podcasts, visit: www.isaca.org/podcasts

Be sure to like, comment, and subscribe for more ISACA Productions content.