ISACA Podcast

The Internet of Things is evolving at a rapid pace, and it is becoming increasingly difficult to keep up with these “smart” devices. Because this technology is advancing so quickly, it is necessary to build security and privacy controls into connected devices. In this podcast, we discuss why these controls should be built in, how to incorporate security into device building and some of the barriers of developing with security in mind.

Because cyber security and information security are often conflated, their audit processes might also be conflated. Despite the lack of cyber security standards, it is possible to develop a cyber security audit process. In this podcast, we discuss the ways to develop a process for cyber security audits.

Should cyberattacks be considered privacy violations? If cyberattacks are framed as privacy violations, the Generally Accepted Privacy Principles could be applied to cyberattacks. In this podcast, we use GAPP to provide insight on how privacy can be protected from cyberattackers.

IT auditors have a very important role, but are often criticized by management or users of IT audit services. While some attitudes cannot be changed, auditors can work to gain the trust and respect of those whom they are auditing. In this podcast, we discuss some of the common critiques and how IT auditors can address these issues.

Cyberrisk can never be eliminated, but it can be minimized so that it is more manageable. In this podcast, we discuss the professionals who should be involved with cyberrisk management and what effectively managed cyberrisk looks like.

Auditing Agile can be difficult, but auditing Agile and Scrum artifacts can provide considerable value to an enterprise. In this podcast, we discuss how to audit Agile and the myriad benefits it can provide.

Information is one of the most valuable assets of every organization. Protecting information typically a high priority for chief information officers, but better protection is more likely if the CIO works with a chief information security officer. In this podcast, we discuss the role of the CIO and CISO and provide a management and reporting structure.

There are many widely held information security beliefs, but do all of them hold true? In this podcast, we challenge some commonly held information security beliefs and explore whether or not they should be held as truths.

The growth in connected devices is increasing the difficulty of managing devices and related network traffic. Software-defined networking can make the process of managing these devices more efficient. In this podcast, we discuss the benefits and challenges associated with software-defined networking.

Chief information security officers are typically thought of as being responsible for cyber security. But is this structural model the most effective way to manage cyber security? In this podcast, we discuss the merits of creating the role of chief cyber officer to deal with cyber security issues.