ISACA Podcast

ISACA's risk expert Paul Phillips and Richard Hollis, CEO of Risk Factory and an ISACA Conference Europe speaker, examine top cyber risks impacting the supply chain, steps organizations need to take to manage supply chain risk, and important steps to take in the contract process.

Be sure to like, comment, and subscribe for more ISACA Productions content.

On this episode of Industry Spotlight, ISACA's outgoing Board Chair, Greg Touhill, introduces the 2022-23 Board Chair, Pam Nigro. They trade stories from their careers, Pam's thoughts on the future of ISACA, how Game of Thrones relates to Cybersecurity, and Greg shares his favorite moments from his tenure.

To read Pam's welcome letter, go to: www.isaca.org/letter-from-the-incoming-board-chair

To listen to more ISACA Podcasts, go to: www.isaca.org/podcasts 

In this episode, ISACA’s Jon Brandt chats with Thomas Lenzenhofer, Business Development Manager at Cisco, about his new ISACA article titled, “The Impact of People on Today’s Information Security Landscape.”

With over 20 years of industry experience, Thomas has a wealth of knowledge to share with ISACA listeners. The security of an organization is a serious matter, and Thomas gives a vivid scenario from his recent ISACA Journal article about how an attack on a country's health care system could be massively disruptive to the daily functions of staff computer systems, possibly causing employees not to receive payroll. Thomas also gives examples of how to properly train staff to avoid an event like this and says that security is a business enabler from the top-down. Tune in now!

To read Thomas' ISACA article, visit: www.isaca.org/impact-of-people-on-information-security-landscape

To listen to more ISACA podcasts, visit: www.isaca.org/podcasts

Link to Part I: https://isacapodcast.podbean.com/e/grc-for-intelligent-ecosystems-grcie-an-innovative-approach-to-workforce-enablement/

Executive Director for GRC for Intelligent Ecosystem (GRCIE) Jenai Marinkovic joins ISACA Director of Professional Practices and Innovation Jon Brandt to address key findings in ISACA's 2022 State of Cybersecurity report and talk about GRCIE program. In this two-part program, they delve into program creation, services offered, student selection and how ISACA research continues to shape their work. 

For more information about GRCIE, visit https://www.grcie.org/

Be sure to like, comment, and subscribe for more ISACA Productions content

Link to Part II: https://isacapodcast.podbean.com/e/grc-for-intelligent-ecosystems-grcie-an-innovative-approach-to-workforce-enablement-part-ii/

Executive Director for GRC for Intelligent Ecosystem (GRCIE) Jenai Marinkovic joins ISACA Director of Professional Practices and Innovation Jon Brandt to address key findings in ISACA's 2022 State of Cybersecurity report and talk about GRCIE program. In this two-part program, they delve into program creation, services offered, student selection and how ISACA research continues to shape their work. 

For more information about GRCIE, visit https://www.grcie.org/

Be sure to like, comment, and subscribe for more ISACA Productions content

Application testing is a critical component of a software development lifecycle. A complete testing battery for any application includes not only functionality and usability testing but security and reliability testing as well. However, helping ensure that security testing in particular produces results that focus on actionable items – with accurate relative priorities – has been a persistent challenge. Are actionable items from testing actually going to move the needle in terms of product quality and resilience – especially in how they manage evolving threats? While the “OWASP Top 10” and “CWE/SANS Top 25” are still important, they represent merely a reasonable beginning to a security testing strategy. How do you go beyond those lists and become truly more “adversary-aware” in testing?  In addition, how do you make sure that these testing efforts genuinely help your development teams “shift left” in their thinking and implementation of better security controls in your applications? These are challenges Adobe set out to solve by not just making our testing efforts more extensive or frequent – but smarter, and with as tight of alignment as possible to the software development lifecycle and even closer in modeling real-world adversary threats.

We invite you to join Shannon Lietz, VP, Adobe Security, as she speaks with ISACA's IT Audit Professional Practices Principal, Robin Lyons for a discussion of these issues and others that we must address as an industry to make us genuinely more “DevSecOps”-minded in our approach to application security testing. Robin and Shannon will discuss Adobe’s overall strategy around our application testing efforts and how smarter testing is fundamental to achieving a true “shift left” approach around application security. They will also talk about how this effort is really going to help us deliver the safer digital experiences users are demanding.

For more information go to https://trust.adobe.com

Be sure to like, comment, and subscribe for more ISACA Productions content.

One of ISACA’s most popular Journal columnists joins us to discuss his most recent release, “Cyber Decisions Only Executives Can Make.” Steven Ross chats with ISACA’s Safia Kazi about cyber recovery plans that organizations have in place and that only when an attack disrupts normal business operations do those organizations realize they should have prepared and planned for operation continuity without the system and data they rely on. As Executive Principal for Risk Master International and fifty plus years of industry experience, Steven shares his insights into cyber recovery plans, categorizing cyberattacks, paying ransom to cyber criminals, and offers his advice on what organizations should do if they find themselves in the middle of a critical cyber decision.

To read the full ISACA Journal article, click here: https://www.isaca.org/resources/isaca-journal/issues/2022/volume-4/cyber-decisions-only-executives-can-make

Be sure to like, comment, and subscribe for more ISACA Productions content.

ESET, a global leader in cybersecurity, has released its T1 2022 Threat Report, which summarizes the most notable trends that shaped the threat landscape from January to April 2022. Join ISACA’s Research Advisor, Brian Fletcher, as he breaks down the ESET T1 2022 Threat Report with Chief Security Evangelist for ESET, Tony Anscombe.

For more information, check out ESET’s award-winning blog: WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

Be sure to like, comment, and subscribe for more ISACA Productions content.

Join ISACA's Lisa Villanueva as she talks with Guy Pearce about his recently released ISACA Journal article "Real-World Data Resilience". Guy has a deep knowledge of the movement of data and says "it’s about change and nothing is stable." Lisa asks Guy about AI model implications, Data Drift and cloud adoption. If you want to dive deeper, you can read the entire journal article and learn about data and resilience in its modern context at: https://www.isaca.org/resources/isaca-journal/issues/2022/volume-3/real-world-data-resilience-demands-an-integrated-approach-to-ai-data-governance-and-the-cloud 

To listen to more ISACA podcasts, visit: www.isaca.org/podcasts

Be sure to like, comment, and subscribe for more ISACA Productions content.

Jo Stewart-Rattray, the Director of Technology & Security Assurance for BRM Advisory, believes privacy is a team sport. Every organization needs to be responsible for asking, “what data is being collected,” “where is the information held,” “what purpose is the information being collected for,” and “how is the information being protected.”

Jo chats with ISACA's Safia Kazi about why it is essential that security and privacy teams collaborate when it comes to collecting data. She expands on why the central role of a CISO needs to be educating and communicating this team approach to organizations. Jo says that the issue of data privacy will only continue to grow as the digital economy grows and why privacy and security professionals play a critical role in ensuring that enterprises adhere to privacy laws and regulations that protect their customers’ personal data.

To read Jo's full article, follow this link www.isaca.org/where-privacy-meets-security

Be sure to like, comment, and subscribe for more ISACA Productions content.