ISACA Podcast

Privacy Mining will increase because of billions of IoT devices being connected every day. Combined with advanced psychologic research, this can be a very powerful tool for manipulating people's behavior. A Fake reality also poses a big threat to our future of privacy. Software, such as Deep Fakes, has the ability to use someone's facial structure and create fake videos featuring digitally created characters with an uncanny resemblance of real people, such as celebrities.

This technology is so advanced, that our minds aren't sophisticated enough to comprehend the difference between real and fake data created by it, which leads to the next point. We are entering a trust crisis.

Trust is the foundation for innovation and technological advance. If people don't trust autonomous cars - they won't use them; if people don't certain websites - they won't read their news; Without trust, we cannot move forward, which is why we need to raise awareness about the dark future of privacy.

Why do individuals, organizations, institutions, nations, or responsible agents work hard to preserve their personal and enterprise data, personnel information, trade secrets, intellectual properties, technical know-how, or national data, yet easily trade on the individual and enterprise data and national data of others?

To understand and answer the question appropriately, one must examine the underlying of the Information Privacy Realities Contradiction Theory (IPRCT), which is integral to (1) our natural unity of opposites, (2) our material dialectic mechanism or struggle of choosing from the opposites, and (3) the role of our self-interest in time and circumstance. Therefore, understanding the intricacies of the IPRCT would be instrumental to the proper and timely introduction of privacy requirements early in our system development lifecycle and in the development and enactment of information privacy policies, directives, guidance, and regulations around the world.

In this ISACA Podcast episode, Safia Kazi host Dr. Patrick Offor, Chief Warrant Officer Five Retired (CW5(R)); Associate Faculty, to discuss his recently released ISACA Journal article.

To read Dr. Offor’s full article, please visit https://www.isaca.org/resources/isaca-journal/issues/2022/volume-6/the-information-privacy-contradiction.

To listen to more ISACA podcasts, please visit www.isaca.org/podcasts.

Numerous laws and regulations have been passed to protect sensitive information, both at the federal and state level, creating a patchwork of requirements for companies to comply with. 

However, with limited resources for cybersecurity investment, this uncoordinated approach has clouded objectives and led to decision paralysis within firms. Could cybersecurity implementation benefit from a Sarbanes-Oxley Act (SOX) type approach?

In this ISACA Podcast, Senior Director Mike Tomaselli joins ISACA’s Robin Lyons in this episode to discuss how this approach would create a risk-based, internal control model focused on cybersecurity that includes enforcement capabilities and requires third-party oversight and executive accountability.

To read Should Cybersecurity Be Subject to a SOX-Type Regulation? Please visit www.isaca.org/should-cybersecurity-be-subject-to-a-sox-type-regulation. 

To listen to more ISACA podcasts, please visit www.isaca.org/podcasts. 

Guy Pearce joins ISACA’s Lisa Villanueva for a conversation about the traps of Data Governance and management. Guy breaks down Lore vs. Data, reasons for not using information for decision-making, and why data is a shared benefit for the organization.

Stay tuned until the close to hear Guy’s advice on using metaphors when communicating technical concepts to executive leadership.

To read Guy's full article, visit: www.isaca.org/beware-the-traps-of-data-governance.

To listen to more ISACA podcasts, please visit: www.isaca.org/podcasts.

ISACA’s Jeff Champion welcomes Steven Ross to the ISACA podcast. Steven asks what the effect of Convergence on the Control Community and concludes that everything is connected to every role, and it is becoming risky to have employees siloed within their own practice. He also remarks on how he once wrote an ISACA Journal article about companies creating a role for Chief Security Officer and now that is becoming a reality within the industry. Tune in now!

To read Steven’s full-length article, visit: www.isaca.org/convergence-where-next

To listen to more ISACA podcasts, visit: www.isaca.org/podcasts

The Impact of SOX on the Industry 20 Years Ago and Today. Opponents of Sarbanes Oxley, (SOX) contend the law is too costly for companies to operationalize given the small benefit that SOX regulation provide. Proponents say that a world without SOX is a world in chaos. 

This article discusses how SOX measures up 20 years after the law was enacted.

To read Cindy's ISACA Journal article, Do Data Go to Waste, please visit: www.isaca.org/do-data-go-to-waste

To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.

As uncertainty persists due to the COVID-19 pandemic, the war in Ukraine, international cyberthreats, inflation, and a looming recession, it is clear that the world has entered a new era of risk. These factors have created the perfect storm for rising fraud. In the past year, unauthorized digital account openings increased by 21%, while smartphone-related cyberattacks soared by 71%, reflecting a changing threat landscape impacting enterprises and consumers alike.

According to one global survey, nearly half of all respondents experienced fraud in the past 24 months, 3 compromising financial resources, personal data, and peace of mind with frightening rapidity. Recent research we have completed also reflects that “60% of Consumers Don't Believe Companies Do Enough to Protect Their Data as Demand for Security Grows".

Listen to the CEO of GBG Americas, Christina Luttrell, as she explains that, as a result, identity verification is a priority for organizations and government agencies that view it as a strategic differentiator that allows them to enhance the customer experience while improving their defensive posture at a critical time in this ISACA podcast episode.

To read the ISACA Journal article, Protecting Your Enterprise and Deterring Fraud in a New Risk Era, please visit: https://www.isaca.org/protecting-your-enterprise.

To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.

Richard Hollis, Director of Rick Crew, is serious about asking the tough questions.

ISACA’s Jon Brandt welcomes him to the ISACA podcast to have a conversation that challenges the status quo: Does the Cyber Security Industry work? After decades of experience in the security industry, Richard asks, “have I affected any change?” Richard points out that if we buy a toaster at the store and it doesn’t work, we return it, but as security professionals, we don’t hold products to the same standards. Why is this? Jon and Richard go back and forth on FUD, vendors, false positives, and where accountability lies in the industry.

Join Richard and Jon in the conversation to think about how we can affect the positive change that we want to see in our industry in the future!

To read Richard's full report, please visit www.isaca.org/the-circle-of-failure.

To listen to more ISACA podcasts, visit www.isaca.org/podcasts.

The world's largest software companies leverage modern-day Red Teams to protect against real-world attacks. Many companies focus on vulnerability management, compliance, and patching to secure themselves, but this is only a tiny part of the big picture. An improved security posture is achieved by leveraging the Red Team to pressure test the attack surface and discover the impact that can be made by actively exploiting the soft spots of the company.

In this podcast, Justin Tiplitsky, Director of the Red Team at Adobe, talks about how his team uses adversary intel to perform continuous testing on the parts of the company that attackers are the most interested in targeting. This continuous testing leads to the relentless identification of the most opportunistic areas to attack, more closely emulating the never-ending threat from real adversaries. Testing is followed up by storytelling and data to influence change within the company.

To learn more about Adobe, please visit: www.adobe.com

To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts