ISACA Podcast

Numerous laws and regulations have been passed to protect sensitive information, both at the federal and state level, creating a patchwork of requirements for companies to comply with. 

However, with limited resources for cybersecurity investment, this uncoordinated approach has clouded objectives and led to decision paralysis within firms. Could cybersecurity implementation benefit from a Sarbanes-Oxley Act (SOX) type approach?

In this ISACA Podcast, Senior Director Mike Tomaselli joins ISACA’s Robin Lyons in this episode to discuss how this approach would create a risk-based, internal control model focused on cybersecurity that includes enforcement capabilities and requires third-party oversight and executive accountability.

To read Should Cybersecurity Be Subject to a SOX-Type Regulation? Please visit www.isaca.org/should-cybersecurity-be-subject-to-a-sox-type-regulation. 

To listen to more ISACA podcasts, please visit www.isaca.org/podcasts. 

Guy Pearce joins ISACA’s Lisa Villanueva for a conversation about the traps of Data Governance and management. Guy breaks down Lore vs. Data, reasons for not using information for decision-making, and why data is a shared benefit for the organization.

Stay tuned until the close to hear Guy’s advice on using metaphors when communicating technical concepts to executive leadership.

To read Guy's full article, visit: www.isaca.org/beware-the-traps-of-data-governance.

To listen to more ISACA podcasts, please visit: www.isaca.org/podcasts.

ISACA’s Jeff Champion welcomes Steven Ross to the ISACA podcast. Steven asks what the effect of Convergence on the Control Community and concludes that everything is connected to every role, and it is becoming risky to have employees siloed within their own practice. He also remarks on how he once wrote an ISACA Journal article about companies creating a role for Chief Security Officer and now that is becoming a reality within the industry. Tune in now!

To read Steven’s full-length article, visit: www.isaca.org/convergence-where-next

To listen to more ISACA podcasts, visit: www.isaca.org/podcasts

The Impact of SOX on the Industry 20 Years Ago and Today. Opponents of Sarbanes Oxley, (SOX) contend the law is too costly for companies to operationalize given the small benefit that SOX regulation provide. Proponents say that a world without SOX is a world in chaos. 

This article discusses how SOX measures up 20 years after the law was enacted.

To read Cindy's ISACA Journal article, Do Data Go to Waste, please visit: www.isaca.org/do-data-go-to-waste

To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.

As uncertainty persists due to the COVID-19 pandemic, the war in Ukraine, international cyberthreats, inflation, and a looming recession, it is clear that the world has entered a new era of risk. These factors have created the perfect storm for rising fraud. In the past year, unauthorized digital account openings increased by 21%, while smartphone-related cyberattacks soared by 71%, reflecting a changing threat landscape impacting enterprises and consumers alike.

According to one global survey, nearly half of all respondents experienced fraud in the past 24 months, 3 compromising financial resources, personal data, and peace of mind with frightening rapidity. Recent research we have completed also reflects that “60% of Consumers Don't Believe Companies Do Enough to Protect Their Data as Demand for Security Grows".

Listen to the CEO of GBG Americas, Christina Luttrell, as she explains that, as a result, identity verification is a priority for organizations and government agencies that view it as a strategic differentiator that allows them to enhance the customer experience while improving their defensive posture at a critical time in this ISACA podcast episode.

To read the ISACA Journal article, Protecting Your Enterprise and Deterring Fraud in a New Risk Era, please visit: https://www.isaca.org/protecting-your-enterprise.

To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.

Richard Hollis, Director of Rick Crew, is serious about asking the tough questions.

ISACA’s Jon Brandt welcomes him to the ISACA podcast to have a conversation that challenges the status quo: Does the Cyber Security Industry work? After decades of experience in the security industry, Richard asks, “have I affected any change?” Richard points out that if we buy a toaster at the store and it doesn’t work, we return it, but as security professionals, we don’t hold products to the same standards. Why is this? Jon and Richard go back and forth on FUD, vendors, false positives, and where accountability lies in the industry.

Join Richard and Jon in the conversation to think about how we can affect the positive change that we want to see in our industry in the future!

To read Richard's full report, please visit www.isaca.org/the-circle-of-failure.

To listen to more ISACA podcasts, visit www.isaca.org/podcasts.

The world's largest software companies leverage modern-day Red Teams to protect against real-world attacks. Many companies focus on vulnerability management, compliance, and patching to secure themselves, but this is only a tiny part of the big picture. An improved security posture is achieved by leveraging the Red Team to pressure test the attack surface and discover the impact that can be made by actively exploiting the soft spots of the company.

In this podcast, Justin Tiplitsky, Director of the Red Team at Adobe, talks about how his team uses adversary intel to perform continuous testing on the parts of the company that attackers are the most interested in targeting. This continuous testing leads to the relentless identification of the most opportunistic areas to attack, more closely emulating the never-ending threat from real adversaries. Testing is followed up by storytelling and data to influence change within the company.

To learn more about Adobe, please visit: www.adobe.com

To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

In an era of rampant ransomware and other malicious cyberattacks, it’s mandatory to double down on cybersecurity analysis and strategy to ensure an optimal security posture and the protection of critical assets and data.

Today, two models can help security professionals harden network resources and protect against modern-day threats and attacks: the cyber kill chain (CKC)and the MITRE ATT&CK framework.

Tim Liu, long-term security technologist, co-founder, and CTO, will provide an overview of these two frameworks and the limitations or benefits of each approach. 

To read Taking Security Strategy to the Next Level, please visit www.isaca.org/taking-security-strategy-to-the-next-level.

To listen to more ISACA podcasts, please visit www.isaca.org/podcasts.

As you plan and execute your audit, do you take time to invest in the stakeholder relationship? This can be an often-overlooked element but essential in an effective audit.

Tune into this ISACA Podcast as Steve Jackson, IT Audit Manager at Airbnb, chats with ISACA’s Robin Lyons about ways to gain auditee buy-in and have a successful and effective audit.

To read Steve’s full-length article, “Auditee Buy-In—A Key Component of Effective Audits,” visit www.isaca.org/auditee-buy-in

To watch the ISACA Video Podcast of this episode, visit, https://youtu.be/nWFcXC24ueA. 

For more ISACA Podcasts, please visit: www.isaca.org/podcasts or visit ISACA YouTube Channel at https://www.youtube.com/c/IsacaHq.

 In this ISACA Podcast episode, ESET’s Chief Security Evangelist, Tony Anscombe, joins ISACA’s Principal, Emerging Technology Professional Practices, Collin Beder to discuss ESET’s recently released T2 2022 Threat Report.

As a global leader in cybersecurity, ESET’s T2 2022 Threat Report summarizes the most notable trends that have shaped the threat landscape for the past four months. This report dives into CloudMensis, the previously unknown macOS malware discovered by ESET researchers.

To read the full ESET report: https://www.welivesecurity.com/wpcontent/uploads/2022/10/eset_threat_report_t22022.pdf.

For more information, check out ESET’s award-winning blog: WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.