ISACA Podcast

Internet security is a growing concern and IT leaders need to increase public awareness of cyber security. Unchecked cyber security risk factors can greatly harm enterprises. In this podcast, we discuss areas for improvement that could prevent cyberattacks.

Some chief information officers believe that it is unnecessary to build protections against cyberattackers because the attackers will always get through. But even if that were the case, there are still several steps that prudent enterprises should follow. In this podcast, we discuss the steps that can be taken to minimize risk if a cyberattack occurs.

The Internet of Things is evolving at a rapid pace, and it is becoming increasingly difficult to keep up with these “smart” devices. Because this technology is advancing so quickly, it is necessary to build security and privacy controls into connected devices. In this podcast, we discuss why these controls should be built in, how to incorporate security into device building and some of the barriers of developing with security in mind.

Because cyber security and information security are often conflated, their audit processes might also be conflated. Despite the lack of cyber security standards, it is possible to develop a cyber security audit process. In this podcast, we discuss the ways to develop a process for cyber security audits.

Should cyberattacks be considered privacy violations? If cyberattacks are framed as privacy violations, the Generally Accepted Privacy Principles could be applied to cyberattacks. In this podcast, we use GAPP to provide insight on how privacy can be protected from cyberattackers.

IT auditors have a very important role, but are often criticized by management or users of IT audit services. While some attitudes cannot be changed, auditors can work to gain the trust and respect of those whom they are auditing. In this podcast, we discuss some of the common critiques and how IT auditors can address these issues.

Cyberrisk can never be eliminated, but it can be minimized so that it is more manageable. In this podcast, we discuss the professionals who should be involved with cyberrisk management and what effectively managed cyberrisk looks like.

Auditing Agile can be difficult, but auditing Agile and Scrum artifacts can provide considerable value to an enterprise. In this podcast, we discuss how to audit Agile and the myriad benefits it can provide.

Information is one of the most valuable assets of every organization. Protecting information typically a high priority for chief information officers, but better protection is more likely if the CIO works with a chief information security officer. In this podcast, we discuss the role of the CIO and CISO and provide a management and reporting structure.

There are many widely held information security beliefs, but do all of them hold true? In this podcast, we challenge some commonly held information security beliefs and explore whether or not they should be held as truths.