ISACA Podcast

The word “cyber” is growing in usage, but there is a lack of verbal clarity with respect to what it actually means. This ambiguity can lead to uncertainty about how to handle cyberrisk. In this podcast, we discuss the definitions of cybertheft, cyberattacks, cyberthreats and cyber security and the implications of these definitions.

How are organizations complying with the US National Institute of Standards and Technology Cybersecurity Framework? In this podcast, we look at the framework as though it were a standard to determine how organizations can adhere to it.

Building security into software is a prerequisite for information assurance, and it is far cheaper to fix a defect in design than to fix it after production. Auditors can play a role in ensuring security is built into software. In this podcast, we discuss the ways in which organizations can incorporate security into the software design process.

Who is responsible when customer-facing systems crash? Program crashes can cause security problems. In this podcast, we explore how many causes of unexpected downtime are the same as those that lead to security breaches.

Internet security is a growing concern and IT leaders need to increase public awareness of cyber security. Unchecked cyber security risk factors can greatly harm enterprises. In this podcast, we discuss areas for improvement that could prevent cyberattacks.

Some chief information officers believe that it is unnecessary to build protections against cyberattackers because the attackers will always get through. But even if that were the case, there are still several steps that prudent enterprises should follow. In this podcast, we discuss the steps that can be taken to minimize risk if a cyberattack occurs.

The Internet of Things is evolving at a rapid pace, and it is becoming increasingly difficult to keep up with these “smart” devices. Because this technology is advancing so quickly, it is necessary to build security and privacy controls into connected devices. In this podcast, we discuss why these controls should be built in, how to incorporate security into device building and some of the barriers of developing with security in mind.

Because cyber security and information security are often conflated, their audit processes might also be conflated. Despite the lack of cyber security standards, it is possible to develop a cyber security audit process. In this podcast, we discuss the ways to develop a process for cyber security audits.

Should cyberattacks be considered privacy violations? If cyberattacks are framed as privacy violations, the Generally Accepted Privacy Principles could be applied to cyberattacks. In this podcast, we use GAPP to provide insight on how privacy can be protected from cyberattackers.

IT auditors have a very important role, but are often criticized by management or users of IT audit services. While some attitudes cannot be changed, auditors can work to gain the trust and respect of those whom they are auditing. In this podcast, we discuss some of the common critiques and how IT auditors can address these issues.