ISACA Podcast

Application testing is a critical component of a software development lifecycle. A complete testing battery for any application includes not only functionality and usability testing but security and reliability testing as well. However, helping ensure that security testing in particular produces results that focus on actionable items – with accurate relative priorities – has been a persistent challenge. Are actionable items from testing actually going to move the needle in terms of product quality and resilience – especially in how they manage evolving threats? While the “OWASP Top 10” and “CWE/SANS Top 25” are still important, they represent merely a reasonable beginning to a security testing strategy. How do you go beyond those lists and become truly more “adversary-aware” in testing?  In addition, how do you make sure that these testing efforts genuinely help your development teams “shift left” in their thinking and implementation of better security controls in your applications? These are challenges Adobe set out to solve by not just making our testing efforts more extensive or frequent – but smarter, and with as tight of alignment as possible to the software development lifecycle and even closer in modeling real-world adversary threats.

We invite you to join Shannon Lietz, VP, Adobe Security, as she speaks with ISACA's IT Audit Professional Practices Principal, Robin Lyons for a discussion of these issues and others that we must address as an industry to make us genuinely more “DevSecOps”-minded in our approach to application security testing. Robin and Shannon will discuss Adobe’s overall strategy around our application testing efforts and how smarter testing is fundamental to achieving a true “shift left” approach around application security. They will also talk about how this effort is really going to help us deliver the safer digital experiences users are demanding.

For more information go to https://trust.adobe.com

Be sure to like, comment, and subscribe for more ISACA Productions content.

One of ISACA’s most popular Journal columnists joins us to discuss his most recent release, “Cyber Decisions Only Executives Can Make.” Steven Ross chats with ISACA’s Safia Kazi about cyber recovery plans that organizations have in place and that only when an attack disrupts normal business operations do those organizations realize they should have prepared and planned for operation continuity without the system and data they rely on. As Executive Principal for Risk Master International and fifty plus years of industry experience, Steven shares his insights into cyber recovery plans, categorizing cyberattacks, paying ransom to cyber criminals, and offers his advice on what organizations should do if they find themselves in the middle of a critical cyber decision.

To read the full ISACA Journal article, click here: https://www.isaca.org/resources/isaca-journal/issues/2022/volume-4/cyber-decisions-only-executives-can-make

Be sure to like, comment, and subscribe for more ISACA Productions content.

ESET, a global leader in cybersecurity, has released its T1 2022 Threat Report, which summarizes the most notable trends that shaped the threat landscape from January to April 2022. Join ISACA’s Research Advisor, Brian Fletcher, as he breaks down the ESET T1 2022 Threat Report with Chief Security Evangelist for ESET, Tony Anscombe.

For more information, check out ESET’s award-winning blog: WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

Be sure to like, comment, and subscribe for more ISACA Productions content.

Join ISACA's Lisa Villanueva as she talks with Guy Pearce about his recently released ISACA Journal article "Real-World Data Resilience". Guy has a deep knowledge of the movement of data and says "it’s about change and nothing is stable." Lisa asks Guy about AI model implications, Data Drift and cloud adoption. If you want to dive deeper, you can read the entire journal article and learn about data and resilience in its modern context at: https://www.isaca.org/resources/isaca-journal/issues/2022/volume-3/real-world-data-resilience-demands-an-integrated-approach-to-ai-data-governance-and-the-cloud 

To listen to more ISACA podcasts, visit: www.isaca.org/podcasts

Be sure to like, comment, and subscribe for more ISACA Productions content.

Jo Stewart-Rattray, the Director of Technology & Security Assurance for BRM Advisory, believes privacy is a team sport. Every organization needs to be responsible for asking, “what data is being collected,” “where is the information held,” “what purpose is the information being collected for,” and “how is the information being protected.”

Jo chats with ISACA's Safia Kazi about why it is essential that security and privacy teams collaborate when it comes to collecting data. She expands on why the central role of a CISO needs to be educating and communicating this team approach to organizations. Jo says that the issue of data privacy will only continue to grow as the digital economy grows and why privacy and security professionals play a critical role in ensuring that enterprises adhere to privacy laws and regulations that protect their customers’ personal data.

To read Jo's full article, follow this link www.isaca.org/where-privacy-meets-security

Be sure to like, comment, and subscribe for more ISACA Productions content.

On 9 August 2022, Dorie Clark will be the featured speaker at the Member Exclusive Speaker Series.

In this talk based on her book Stand Out: How to Find Your Breakthrough Idea and Build a Following Around It, Dorie Clark explains how to build a following around your ideas. Join Megan Moritz and Dorie Clark as they start the discussion about advancing your business or your cause and inspiring others to listen and take action.

Register for the Member Exclusive Speaker Series at isaca.org/training-and-events

Be sure to like, comment, and subscribe for more ISACA Productions content.

Jan Anisimowicz is an experienced senior IT manager with over 23 years of experience in GRC, data analysis, broad business, and technical perspective in telco, banking, pharma, and insurance. As the COO and EVP at C&F, he is consistently solving business problems by leveraging his all-around experience in creating and developing IT products and IT service offerings for businesses.

In this ISACA Industry Spotlight episode, Jan Anisimowicz chats with ISACA's Megan Moritz on what he believes the most pressing current business continuity issue is in this always-changing industry. With the recent pandemic, Jan also discusses his active participation in the digital transformation technology for vaccine manufacturers, the key component to the development and delivery of the vaccine. He also explains why he wants to travel to Mars, how some friends convinced him to run 9 marathons, and his dream to build a 14^th-century-style restaurant with archival computers and gaming devices!

To learn more about Jan, visit: linkedin.com/in/anisimowicz

To listen to more ISACA Podcasts, visit: isaca.org/podcasts

Climate resiliency and green innovations are of worldwide interest today, but what is the best way to use skills and expertise that will make a difference?  Cindy Baxter from What's the Risk, LLC talks with Frank O'Brian, leader of the East Boston Climate Coalition to hear about the Coalition's approach, the challenges they've faced, and what they do to overcome obstacles.  This discussion takes us into everyone's backyard to understand how IS audit and risk professionals can contribute to climate resiliency in an impactful way. Please join us to imagine the role you can play in environmental resiliency and justice!

To read Cindy's full ISACA Journal article - follow this link --> www.isaca.org/resilience-and-regulation

Be sure to like, comment, and subscribe for more ISACA Productions content!

With the growing emphasis on consent for collecting and processing data, some enterprises have turned to tricking data subjects into giving their consent by using privacy dark patterns. Privacy dark patterns can manifest in numerous ways, from confusing user interface design to manipulative language. In this episode Jonathan Brandt, ISACA's Director of Professional Practices and Innovation, is joined by ISACA's Privacy Professional Practices Principal, Safia Kazi, who defines and provides examples of privacy dark patterns, their consequences, and how to avoid them. Jon and Safia also discuss how privacy dark patterns affect digital trust, which can ultimately hurt an enterprise's reputation and customers.

To read the full article, Fostering Trust by Eliminating Dark Patterns click the link: https://www.isaca.org/fostering-trust-by-eliminating-dark-patterns.

Be sure to like, comment, and subscribe for more ISACA Productions content!

In 2019, Mark Thomas was on the road 40 weeks in 18 US states and 13 countries. In 2020, he pivoted to a workstyle of 1 location, 1 state and 1 country. He tells ISACA's Jessica Barnett that he was actually prepared for a pandemic-type of event that stopped travel in his business plan. Mark and Jessica dive deep into his career journey and their shared history of developing ISACA training content. He also was the CIO of a telecommunications startup that was all remote pre-pandemic. Mark is an accredited ISACA trainer and shares his advice on what credential you should get and how to grow your career. Tune in now to hear Mark's exciting story!

Visit markthomasonline.com for more information on Mark.

Visit isaca.org/podcasts for my ISACA podcasts.

Be sure to like, comment, and subscribe for more ISACA Productions content!