ISACA Podcast

Paul Philips and Lisa Young will discuss how risk scenarios help decision-makers understand how certain events can impact organizational strategy and objectives. Good risk scenario building is a skill and can take some time to truly master. Paul and Lisa will provide actionable advice on building the best possible scenarios to help your organization better manage risk.

For more information check out https://www.isaca.org/resources/it-risk

Data now includes, consumer's social media, news, view and even browser searches. From 2010-2020, the amount of data created, captured, and copied in the world increased from 1.2 trillion GB to 59 trillion GB and the amount created in the next 5 years is projected to double. With that massive amount of data being collected, there is a growing sense of distrust with consumers when it comes to privacy. 

RGP's Janis Parthun and Lynn Rohland join ISACA's Safia Kazi for a discussion about data privacy. Janis and Lynn discuss trends from their clients, challenges that AI is introducing and the effect that the pandemic has had on the industry.

Visit ISACA.org/podcasts for more ISACA Podcasts!

Be sure to like, comment, and subscribe for more ISACA content!

"Cybersecurity is only as good as an organization's weakest link" - Ali Pabrai

Join ISACA's Senior Manager, CMMI Professional Practice, Kileen Harrison as she talks with ecfirst's Chief Executive Officer, Ali Pabrai about his recently released articles, “What Cyberprofessionals Should Know About CUI”, and “US DoD Launches Comprehensive CMMC 2.0 Cybersecurity Framework”. Ali explains the three levels of CCMC 2.0 and goes further in depth on CUI classification.

By the end of this episode, you'll have all the CMMC and CUI "Rocket Fuel" that you need to understand this latest certification.

To read Ali's full articles - https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2022/volume-8/what-cyberprofessionals-should-know-about-cui

https://www.isaca.org/resources/news-and-trends/industry-news/2022/us-dod-launches-comprehensive-cmmc-2-cybersecurity-framework

Be sure to like, comment, and subscribe for more ISACA content.

Cyber continues to influence not just business but global conflict too.

In this episode, ISACA’s CyberPro, Jon Brandt chats with Founder and CEO of Anchor Systems, Fred Carr about the current threat landscape, challenges, and misalignment between public and private sectors, and impacts on national and global security. They also dive into the role non-combatants now play on the battlefield and talk about recent US efforts to thwart ransomware.

For more information, check out - https://www.isaca.org/training-and-events/cybersecurity

Be sure to like, comment, and subscribe for more ISACA Production content.

People are considered the weakest link in any organization’s cybersecurity defenses. Hence, in most cases, the primary targets of cyber-attackers are the employees of the organization. In addition, people are easier to compromise and exploit unlike finding a single software to breach an organization or enterprise business. While a lot of efforts go into improving the existing security infrastructure, ignorance of human resources would leave a significant gap in the defense strategy.

Join ISACA’s Research Advisor, Brian Fletcher, as he is joined by Dr. Yasmin Razack, author of “A Security Awareness Program for PCI DSS Compliance: Implementation and Legal and Ethical Issues to Be Considered”. In this episode, they will be addressing the challenges in implementing a security awareness program to fill this gap and the legal/ethical issues that needs to be considered during implementation. As per the Payment Card Industry – Data Security Standard (PCI-DSS) requirement 12.6, a Security Awareness Program is mandatory to be held at least once a year and for new hires. However, it is not an easy task and cannot be a one-time activity. But if implemented effectively, awareness programs can be the human firewall of the organization. It will make the organization compliant to regulations like PCI-DSS thereby protecting it from fines due to non-compliance, defamation, costs of data breaches and will help improve customer trust and loyalty.

To read Dr. Razack’s full article click here - www.isaca.org/pci-dss-compliance

Be sure to like, comment, and subscribe for more ISACA Production content!

Making a difference within the cyber industry is of paramount importance to Jo Stewart-Rattray. She is incredibly passionate about encouraging, teaching, and mentoring more women into tech and security fields. In this episode of Industry Spotlight, Robyn Franko, Manager of Event Operations and Services at ISACA, chats with Jo about her background and career path, hobbies, and some interesting challenges the industry faces.

Jo has over 25 years of experience in the IT field, some of which were spent as CIO in the Utilities and as Group CIO in the Tourism space, and with significant experience in the Information Security arena, including as CISO in the healthcare sector. She underpins her information technology and security background with her qualifications in education and management. She specializes in consulting in risk and technology issues with a particular emphasis on governance and security in both the commercial and operational areas of businesses. Jo provides strategic advice to organizations across a number of industry sectors, including banking and finance, utilities, manufacturing, tertiary education, retail, healthcare, and government. 

She has chaired several of ISACA’s international committees, including the Board Audit & Risk Committee, Leadership Development, and Professional Influence & Advocacy.  She served as an Elected Director on ISACA’s International Board of Directors for seven years and was the founder of its global women’s leadership initiative, SheLeadsTech. Because of her involvement with ISACA and the SheLeadsTech program and her rural background Jo was selected from a large number of candidates to be one of only two non-government delegates and was invited to join the official Australian Government delegation to the 62^nd Session of the United Nations Commission on the Status of Women (CSW62) held in New York in March 2018.  She returned to the UN in 2019 and again spoke at two UN events this year. She has spoken on Capitol Hill during a Day of Advocacy designed to bring tech leaders together in one place to discuss issues related to women in technology and then to meet with congressional representatives and Senator’s offices.

It's hard to believe the quarter century mark has almost arrived!  Have you thought about what you would like your work world to be in 2025?  Have you dreamed of more flexibility or better access to information so you can get work done faster? ISACA’s IT Professional Practices Lead, Kevin Keh, sits down with Cindy Baxter, Director of What's the Risk, LLC to talk about her recently released article “The Transformative Power of Mobility”. Cindy spoke with three professionals from three different industries and asked them how the promise of mobility could change their work lives.  Hear about the work her interviewees do and the aspirations they have for themselves and their professions.  Can IS risk and audit professionals make their mobility dreams come true?  Tune in to the conversation and see what you think!

To Read Cindy’s full ISACA Journal Article click here - www.isaca.org/power-of-mobility

Please like, comment, and subscribe to the ISACA Media channels to keep up to date with all of ISACA’s new content.

"For me, it's all about working with people... at the end of the day, you want to work in a place where you can trust other individuals, you can get to know other individuals, and being personable with one another makes an organization great to work for," Raven David tells ISACA.

In this Industry Spotlight episode, we meet Raven David, Cyber Risk and Governance Manager for The University of New South Wales (UNSW).

Fascinated with technology at an early age, the native Australian recalls that he spent part of his childhood disassembling computers and putting them back together to understand better how they worked. This passion led him on a fantastic life journey and set him on a path to dominate the industry as a risk management, governance, compliance, assurance, and emerging technologies expert.

Raven talks about his less traditional educational and career track. While working full-time, he managed a full-time class schedule simultaneously, to a career that allowed him to establish and manage a cyber risk and compliance team within a corporation of 5,000+ employees.

Listen as Raven recaps the success of his cybersecurity awareness program, gives thoughtful advice to the next generation of young professionals, and discusses his current self-educating project, 3D printed chess set with Arduino-powered actuators and a Python chess engine. 

As an active contributor to ISACA and the ISACA Sydney Chapter, Raven recently volunteered, mentored, and led the 2021 Oceania Conference Taskforce and is currently a CRISC Certification Working Group.

In this ISACA Industry Spotlight episode, get to know the next-gen cybersecurity leader, Raven David.

Connect with Raven David on LinkedIn: https://www.linkedin.com/in/ravendavid/ 

Press play now, and don’t forget to subscribe!

Is Privacy a commodity? This episode explores the future direction of privacy and the demise of privacy in the digital age. Could privacy become something that people cannot afford, creating a two-tier system of internet users — those who can afford privacy and those who cannot?

Join Safia Kazi, ISACA's Privacy Professional Practice Advisor, as she speaks with Steven Ross, Executive Principal of Risk Masters International, about his recently released ISACA article "Privacy for Sale.” Listen in as they chat about what privacy could be worth, and if this is a decision we must make soon?

To read Steve’s full ISACA Journal article, please check out www.isaca.org/privacy-for-sale

We would love to hear from you, please leave your comments below. If you enjoyed this episode, please click the like and subscribe buttons for more from ISACA!

Join ISACA’s Performance Based Training Engineer, Collin Beder as he speaks with Tom Schneider, Senior Associate of Proactive Advisory for Cyber Defense Labs as they discuss Tom’s recently released article “Ensuring that Cybersecurity is Everyone’s Job”.  Employees expect to focus on the responsibilities that are communicated to them, for example in their job descriptions. If cybersecurity and privacy responsibilities are not documented in job descriptions, then it is likely that staff will assume that cybersecurity is not a primary responsibility for them because management did not consider it significant enough to include. Collin and Tom will delve into these topics and why keeping cybersecurity on everyone’s mind will be better in the long run.

To read Tom’s  full article, please check out https://www.isaca.org/resources/isaca-journal/issues/2022/volume-2/ensuring-that-cybersecurity-is-everyones-job

We would love to hear from you, please leave your comments below. If you enjoyed this episode, please click the like and subscribe buttons for more from ISACA!