ISACA Podcast

Data are the lifelines of a digital economy. They drive innovation, enabling cutting-edge research and next-generation technologies, including artificial intelligence (AI), robotics, and the Internet of things (IoT). But these opportunities introduce new sources of risk that must be managed appropriately. Canadians are raising important questions such as, “How will personal data be used?” and “What controls are in place to safeguard privacy and security?” 

To encourage innovation within the digital economy while managing this risk, the Government of Canada has established the need for digital trust between citizens and organizations as an enabler by implementing a Digital Charter. As the Canadian government cites, “Trust is the foundation on which our digital and data-driven Canadian economy will be built.” This digital trust is defined by the “confidence that users have in the ability of people, technology, and processes to create a secure digital world.

Tune into this ISACA Podcast as the Acting Director of Internal Assurance at the Office of Enterprise Risk & Assurance of the University of British Columbia (UBC), Mary Carmichael, join’s ISACA’s Safia Kazi to explore topics including what is the Digital Charter and how it supports digital trust; what are critical elements of the Digital Charter (e.g., AI Ethics, Privacy, Principles for the Digital Economy); what are the implications for organizations and the public.

To read Mary’s full-length article, visit https://www.isaca.org/enabling-digital-trust-with-canadas-digital-charter.

It is all about the system's downtime.

In this ISACA Podcast episode, Risk Masters International's Steven Ross tells ISACA's Collin Beder that organizations should start focusing on hours of unavailable systems and data when measuring the cost of a cyber-attack. Steven also discusses the causes and targets of system downtime and why he thinks the IT world is currently living in a dangerous time.

To read Steven's full-length article, visit www.isaca.org/its-about-down-time.

To listen to more ISACA Podcasts, visit www.isaca.org/podcasts.

We are subjected to phishing scams almost every day, and even the most seasoned professional must examine an email to ensure the links included are safe.

Brown University and Federal Reserve Bank of Cleveland's Allen Dziwa says people are the weakest link and that customized messaging using regional language for targeted attacks is becoming more prevalent. Allen breaks down the many types of attacks (phishing, spear phishing, smishing, vishing, whaling) with ISACA's Kevin Keh. Tune in now to learn how to be vigilant when facing potential attacks from scammers.

To read Allen’s full article, please visit: www.isaca.org/how-social-engineering-bypasses-technical-controls

To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

Ryan Cloutier's child came home from school one day and told him that he had figured out the staff Wi-Fi password. Frustrated that the security wasn't better for a school network, Ryan decided to do something about it. Since then, his career has been focused on serving K12, local government, and socio-economically disadvantaged communities with his company Security Studio.

ISACA's Jeff Champion asks him about ways to overcome technical language barriers when completing risk assessments and Ryan discusses key issues with risk assessments and a path forward to resolving them. Tune in to start thinking about more interesting ways to approach risk assessments!

To read Ryan's full-length article, visit: www.isaca.org/what-makes-risk-assessments-so-unpleasant

To listen to more ISACA Podcasts, visit: www.isaca.org/podcasts

Executive Director of Cybersecurity Gatebreakers Foundation, Naomi Buckwalter, joins ISACA’s Jon Brandt to discuss burnout.

There are many factors at play when discussing burnout: company culture, work-from-home flexibility, unrealistic expectations from supervisors, and industry pressure, but Naomi gives you multiple action plans for combatting workplace burnout and creating healthy boundaries with your colleagues. Tune into this ISACA Podcast now!

To learn more about Naomi, please visit: https://www.linkedin.com/in/naomi-buckwalter/

To listen to more ISACA podcasts, please visit: www.isaca.org/podcasts

In this ISACA podcast episode, IT Risk Director and Senior Vice President Mike Powers and IT Segment Risk Manager Julie Ebersbach discuss using the qualitative risk assessment as part of an organization's enterprise risk framework, focusing on using data to inform subjective judgments. 

The value and accuracy of a qualitative risk assessment, based on subject matter expert judgment, can be improved with focused data. Tune in now to hear Mike and Julie chat with ISACA's Jeff Champion about how quantifiable data increases the qualitative risk assessment's reliability, accuracy, and credibility.

To read ISACA Journal article, Quantifying the Qualitative Technology Risk Assessment, please visit: www.isaca.org/quantifying-the-qualitative-technology-risk-assessment

To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.

In today’s dynamic world of distributed computing and cloud-scale systems, traditional security data platforms and tools such as SIEM typically fall short of actually delivering the intelligence needed to better adapt to the rapidly changing threat landscape. This is primarily due to a lack of core data lifecycle management, analytics, and integration capabilities. In addition to closing these functional gaps, security organizations could benefit by making AI/ML-driven advanced analytics a core component of their security intelligence capabilities. While there is admittedly a lot of hype around the concept of a “security data lake” in the industry, most approaches to date have not really delivered the type of usable intelligence needed to be as nimble as we must be in today’s cybersecurity world.
 
To address these issues, Adobe is taking a holistic approach to data and analytics that aims to enable efficiencies and scale for its Security organization. We have embarked on a journey to build an integrated and holistic security data and analytics platform as a foundational building block in its security organization. Join Krishna Patil, Principal Architect, Security, from Adobe as he discusses with ISACA's Collin Beder the approach we have taken to provide insights you can use to help tackle the problem of not just gathering the right data but making it more actionable to your security teams. Tune into this ISACA Podcast now! 

To learn more about Adobe, please visit: www.adobe.com

To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

There is no denying the passion that ecfirst's CEO, Ali Pabrai has for cybersecurity. In this ISACA Podcast, Ali tells ISACA's Hollee Mangrum-Willis that after all his years in the industry, he is still more excited than a two-year-old at the entrance to Disneyland.

Listen in as Ali discusses his origin story as a first-generation American working for Fermi National Accelerator Laboratory, creating a startup soon after the new millennium and how he has balanced all his career accomplishments while raising a neurodivergent child. Tune in now to hear about why Ali thinks we should compare the human body to cybersecurity and much more!

To learn more about Ali, please visit: https://www.linkedin.com/in/pabrai/

To learn more about OneInTech, please visit: www.oneintech.org

To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

Cybersecurity incidents like ransomware can potentially bring operations to a standstill. Recent regulatory changes by the FTC and proposed changes by the SEC show that both agencies are drafting cybersecurity rules similar to ERM concepts. This would include board oversight of cybersecurity and the responsibility of senior management to implement cybersecurity policies and procedures and provide training for information security staff that is sufficient for them to address relevant security risks. In addition, this could mean that your organization may be required to report incidents and disclose cybersecurity policies and procedures.

Tune in to this ISACA Podcast episode to listen in as Cyber Defense Labs’ Manager of Cybersecurity Advisory Services Tom Schneider tells ISACA’s Jeff Champion that any threat to this essential information is an enterprise risk that needs to be managed by the enterprise through teamwork, with leadership from both the board and senior management. Tom also gives insights into managing cybersecurity risk as an enterprise risk.

To read Managing Cybersecurity Risk as Enterprise Risk, please visit: www.isaca.org/managing-cybersecurity-risk-as-enterprise-risk.

To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts.

University of Florida's Ivy Munoko is passionate about AI and has plenty to share regarding implementation and usage, but ISACA's Collin Beder asks, "is it ethical"? 

Ivy breaks down the ethical considerations for AI and the four types of intelligence (Mechanical, Analytical, Intuitive, Empathetic), and she shares her take on why she thinks AI won't be replacing our jobs for a very long time to come

To read Ivy's article, please visit www.isaca.org/implementing-ai-capabilities-and-risk.

To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.