ISACA Podcast

The Sarbanes-Oxley (SOX) Act was passed by the United States Congress in 2002. 20 years later, ISACA's IT Audit Professional Practice Lead, Robin Lyons chats with Cindy Baxter, Director at What’s the Risk, LLC on all things SOX. Cindy goes in-depth on the scandals that caused SOX to be enacted, legislation's effect on corporate behavior, how SOX has affected the audit profession, and what trends she sees in the regulatory landscape in 2022 and beyond!

Interested in reading Cindy’s full ISACA Journal article? Click the link and download a copy today! https://www.isaca.org/resources/isaca-journal/issues/2022/volume-1/the-impact-of-sox-on-the-industry-20-years-ago-and-today

We would love to hear from you, please leave your comments below. If you enjoyed this episode, please click the subscribe button for more from ISACA!

Listen in as Safia Kazi, ISACA's Privacy Professional Practice Advisor, as she speaks with Steve Ross, Executive Principal of Risk Masters International, about his article "Privacy in the Dark (Data)".

Organizations have a lot of “dark data”; information that they have collected, filed and forgotten.  Some of it concerns people, so there is a privacy concern about how that data is secured.  Both enterprising cyberattackers and litigants using eDiscovery tools have incentive to search through this dark data to see what they might make use of.  The potential for misuse calls for greater attention to the security of this data.

For more information, don't forget to check out https://www.isaca.org/resources/isaca-journal/issues/2022/volume-1/privacy-in-the-dark-data

ISACA's CyberPro Jon Brant breaks down industry news stories so far in the new year: Log4j, Cyber Insurance, Augmented Reality/Virtual Reality, Metaverse, Deep Fakes, and even the legal discussion around vehicle car data. Tune in now to hear Jon's hot takes on all this and more. Happy listening!

For more information, don't forget to check out https://www.isaca.org/resources/news-and-trends/isaca-podcast-library.

What are the main risks that most enterprises need to consider when it comes to social media? If you don’t know, you and your organization are in danger of serious reputational risk! Watch as ISACA’s IT Governance Job Practice Lead, Lisa Villanueva discusses the risks of social media with Robert Findlay, Global Head of IT Audit at Glanbia. Social media is one of the easiest platforms to hack and it isn’t just from external threat actors. Oftentimes, the hack is coming from inside the organization from current and recently released employees. And remember, it doesn’t matter who hacks into your social platform, it is your enterprise that gets the blame and negative press. Robert and Lisa also discuss the current state of security on social media platforms and how organizations can benefit by bringing in auditors to show how to control the management of social media and avoid these pitfalls.

Don't forget to check out https://www.isaca.org/resources/isaca... for more information!

Blake Curtis is a global business risk and security engineer for Deloitte Global and a research scientist completing his Ph.D. in cybersecurity and risk management. Today he breaks down frameworks, governance, and governmental controls from the board level to the code level. ISACA's Lisa Villanueva then asks him about years of experience vs. years of exposure as he gives his solution for the industry skills gap. In addition, he gives us some history on ISACA and CISA. Press play now to get into it with Blake!

A note from the author: Blake Curtis

Blake is asking for listeners' assistance in completing his research by taking a quick survey. He is collecting responses from IT auditors; however, we also collect survey responses from IT professionals and cybersecurity practitioners. To learn more please read below.

Your Choice: Anonymity or Engagement 

The participants' responses will remain anonymous. As a result, no one will be able to identify them or their answers. Additionally, no one will know whether they participated in the study unless they received a certificate of completion and decide to share it via social media or other media sources.

However, we strongly encourage each participant to share their certificate on LinkedIn and share the survey with other candidates. Their contributions will inform the scientific body of research and potentially influence equitable hiring decisions in the Governance, Risk, and Compliance (GRC), Cyber, and Audit professions.

ISACA’s Cyber Pro, Jon Brandt, invites information security guru, Naomi Buckwalter, Director of Information Security and IT to the podcast to discuss hot and heavy topics within Cybersecurity and the IT industry. Listen in as they hash out the current and future trends. 

While our development teams have been busy running full speed ahead using the latest and greatest technology to build amazing products, security teams haven’t always been known to keep the same pace – and we have reached a point of “developer revolt.” Security teams are still too often viewed as producers of “design constraints” by development teams versus “reliable partners” in helping them build better software. The path to changing this is getting security more tightly integrated into the DevOps pipeline – and working to make security even more of everyone’s responsibility. In this podcast Shannon Lietz, Adobe’s VP of Vulnerability Labs, will discuss some of the opportunities for security teams to become trusted partners, providing a roadmap for how DevSecOps needs to evolve to reach necessary maturity, and discuss some of the efforts that can help the broader security industry get better at this essential security muscle.

Join Kevin Keh, IT Professional Practices Lead - Research Development for ISACA, and guest, Ramses Gallego, International Chief Technology Officer for CyberRes in the latest session of our LinkedIn Live series on Emerging Technology as they discuss four of the most prominent forms of ultra-emerging technologies including Quantum Computing, Nanotechnology, Internet of Behavior (IoB) and XR/VR. For each technology, they’ll dive deep into what the technology is, why it’s considered emerging, and ultimately, why it’s something your organization should keep an eye on as it continues to evolve. Happy viewing!

ISACA’s Director, Channel Business Development, Chris DeMale is joined by ServiceNow’s Director of Product Marketing, Karl Klaessig in this follow up interview that takes a deeper look into his presentation during ISACA’s Virtual Summit session, Security Operations Challenges in 2021. The presentation discussed how opportunistic and tenacious cybercriminals can be. Klaessig takes explores how dissecting attackers' behavior and automating responses can better defend your attack surface.

This ISACA TV interview is a discussion about information security concerns (and challenges), evolution, and the future. Topics covered include mobile computing devices, the Internet of Things (IoT), artificial intelligence (AI), cyber threat intelligence (CTI), software tools, and malware. Threats, risk, safeguards, and countermeasures will be reviewed along with some new ideas and approaches. Tune in as ISACA’s Information Security Professional Practices Lead, Jon Brandt chat with Larry Wlosinski, Senior Consultant at Coalfire Federal about his recently release article, Cyberthreat intelligence as a Proactive Extension to Incident Response.