
596.7K
Downloads
318
Episodes
The ISACA Podcast gives you insight into the latest regulations, trends and threats experienced by information systems auditors and governance and security professionals. Whether you are beginning your career or have decades of experience, the ISACA Podcast can help you be better equipped to address industry challenges and embrace opportunities.
The ISACA Podcast gives you insight into the latest regulations, trends and threats experienced by information systems auditors and governance and security professionals. Whether you are beginning your career or have decades of experience, the ISACA Podcast can help you be better equipped to address industry challenges and embrace opportunities.
Episodes

Nov 22, 2022
Nov 22, 2022
23 min
In an era of rampant ransomware and other malicious cyberattacks, it’s mandatory to double down on cybersecurity analysis and strategy to ensure an optimal security posture and the protection of critical assets and data.
Today, two models can help security professionals harden network resources and protect against modern-day threats and attacks: the cyber kill chain (CKC)and the MITRE ATT&CK framework.
Tim Liu, long-term security technologist, co-founder, and CTO, will provide an overview of these two frameworks and the limitations or benefits of each approach.
To read Taking Security Strategy to the Next Level, please visit www.isaca.org/taking-security-strategy-to-the-next-level.
To listen to more ISACA podcasts, please visit www.isaca.org/podcasts.

Nov 10, 2022
Nov 10, 2022
20 min
As you plan and execute your audit, do you take time to invest in the stakeholder relationship? This can be an often-overlooked element but essential in an effective audit.
Tune into this ISACA Podcast as Steve Jackson, IT Audit Manager at Airbnb, chats with ISACA’s Robin Lyons about ways to gain auditee buy-in and have a successful and effective audit.
To read Steve’s full-length article, “Auditee Buy-In—A Key Component of Effective Audits,” visit www.isaca.org/auditee-buy-in
To watch the ISACA Video Podcast of this episode, visit, https://youtu.be/nWFcXC24ueA.
For more ISACA Podcasts, please visit: www.isaca.org/podcasts or visit ISACA YouTube Channel at https://www.youtube.com/c/IsacaHq.

Nov 8, 2022
Breaking Down the ESET T2 2022 Threat Report
Nov 8, 2022
Nov 8, 2022
21 min
In this ISACA Podcast episode, ESET’s Chief Security Evangelist, Tony Anscombe, joins ISACA’s Principal, Emerging Technology Professional Practices, Collin Beder to discuss ESET’s recently released T2 2022 Threat Report.
As a global leader in cybersecurity, ESET’s T2 2022 Threat Report summarizes the most notable trends that have shaped the threat landscape for the past four months. This report dives into CloudMensis, the previously unknown macOS malware discovered by ESET researchers.
To read the full ESET report: https://www.welivesecurity.com/wpcontent/uploads/2022/10/eset_threat_report_t22022.pdf.
For more information, check out ESET’s award-winning blog: WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.
To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.

Nov 4, 2022
Nov 4, 2022
25 min
Data are the lifelines of a digital economy. They drive innovation, enabling cutting-edge research and next-generation technologies, including artificial intelligence (AI), robotics, and the Internet of things (IoT). But these opportunities introduce new sources of risk that must be managed appropriately. Canadians are raising important questions such as, “How will personal data be used?” and “What controls are in place to safeguard privacy and security?”
To encourage innovation within the digital economy while managing this risk, the Government of Canada has established the need for digital trust between citizens and organizations as an enabler by implementing a Digital Charter. As the Canadian government cites, “Trust is the foundation on which our digital and data-driven Canadian economy will be built.” This digital trust is defined by the “confidence that users have in the ability of people, technology, and processes to create a secure digital world.
Tune into this ISACA Podcast as the Acting Director of Internal Assurance at the Office of Enterprise Risk & Assurance of the University of British Columbia (UBC), Mary Carmichael, join’s ISACA’s Safia Kazi to explore topics including what is the Digital Charter and how it supports digital trust; what are critical elements of the Digital Charter (e.g., AI Ethics, Privacy, Principles for the Digital Economy); what are the implications for organizations and the public.
To read Mary’s full-length article, visit https://www.isaca.org/enabling-digital-trust-with-canadas-digital-charter.

Nov 1, 2022
It’s About (Down) Time
Nov 1, 2022
Nov 1, 2022
14 min
It is all about the system's downtime.
In this ISACA Podcast episode, Risk Masters International's Steven Ross tells ISACA's Collin Beder that organizations should start focusing on hours of unavailable systems and data when measuring the cost of a cyber-attack. Steven also discusses the causes and targets of system downtime and why he thinks the IT world is currently living in a dangerous time.
To read Steven's full-length article, visit www.isaca.org/its-about-down-time.
To listen to more ISACA Podcasts, visit www.isaca.org/podcasts.

Oct 27, 2022
Oct 27, 2022
15 min
We are subjected to phishing scams almost every day, and even the most seasoned professional must examine an email to ensure the links included are safe.
Brown University and Federal Reserve Bank of Cleveland's Allen Dziwa says people are the weakest link and that customized messaging using regional language for targeted attacks is becoming more prevalent. Allen breaks down the many types of attacks (phishing, spear phishing, smishing, vishing, whaling) with ISACA's Kevin Keh. Tune in now to learn how to be vigilant when facing potential attacks from scammers.
To read Allen’s full article, please visit: www.isaca.org/how-social-engineering-bypasses-technical-controls
To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts

Oct 26, 2022
Oct 26, 2022
23 min
Ryan Cloutier's child came home from school one day and told him that he had figured out the staff Wi-Fi password. Frustrated that the security wasn't better for a school network, Ryan decided to do something about it. Since then, his career has been focused on serving K12, local government, and socio-economically disadvantaged communities with his company Security Studio.
ISACA's Jeff Champion asks him about ways to overcome technical language barriers when completing risk assessments and Ryan discusses key issues with risk assessments and a path forward to resolving them. Tune in to start thinking about more interesting ways to approach risk assessments!
To read Ryan's full-length article, visit: www.isaca.org/what-makes-risk-assessments-so-unpleasant
To listen to more ISACA Podcasts, visit: www.isaca.org/podcasts

Oct 21, 2022
ISACA CyberPros – Naomi Buckwalter
Oct 21, 2022
Oct 21, 2022
40 min
Executive Director of Cybersecurity Gatebreakers Foundation, Naomi Buckwalter, joins ISACA’s Jon Brandt to discuss burnout.
There are many factors at play when discussing burnout: company culture, work-from-home flexibility, unrealistic expectations from supervisors, and industry pressure, but Naomi gives you multiple action plans for combatting workplace burnout and creating healthy boundaries with your colleagues. Tune into this ISACA Podcast now!
To learn more about Naomi, please visit: https://www.linkedin.com/in/naomi-buckwalter/
To listen to more ISACA podcasts, please visit: www.isaca.org/podcasts

Oct 18, 2022
Quantifying the Qualitative Risk Assessment
Oct 18, 2022
Oct 18, 2022
27 min
In this ISACA podcast episode, IT Risk Director and Senior Vice President Mike Powers and IT Segment Risk Manager Julie Ebersbach discuss using the qualitative risk assessment as part of an organization's enterprise risk framework, focusing on using data to inform subjective judgments.
The value and accuracy of a qualitative risk assessment, based on subject matter expert judgment, can be improved with focused data. Tune in now to hear Mike and Julie chat with ISACA's Jeff Champion about how quantifiable data increases the qualitative risk assessment's reliability, accuracy, and credibility.
To read ISACA Journal article, Quantifying the Qualitative Technology Risk Assessment, please visit: www.isaca.org/quantifying-the-qualitative-technology-risk-assessment
To listen to more ISACA Podcasts, please visit www.isaca.org/podcasts.

Oct 13, 2022
Oct 13, 2022
36 min
In today’s dynamic world of distributed computing and cloud-scale systems, traditional security data platforms and tools such as SIEM typically fall short of actually delivering the intelligence needed to better adapt to the rapidly changing threat landscape. This is primarily due to a lack of core data lifecycle management, analytics, and integration capabilities. In addition to closing these functional gaps, security organizations could benefit by making AI/ML-driven advanced analytics a core component of their security intelligence capabilities. While there is admittedly a lot of hype around the concept of a “security data lake” in the industry, most approaches to date have not really delivered the type of usable intelligence needed to be as nimble as we must be in today’s cybersecurity world.
To address these issues, Adobe is taking a holistic approach to data and analytics that aims to enable efficiencies and scale for its Security organization. We have embarked on a journey to build an integrated and holistic security data and analytics platform as a foundational building block in its security organization. Join Krishna Patil, Principal Architect, Security, from Adobe as he discusses with ISACA's Collin Beder the approach we have taken to provide insights you can use to help tackle the problem of not just gathering the right data but making it more actionable to your security teams. Tune into this ISACA Podcast now!
To learn more about Adobe, please visit: www.adobe.com
To listen to more ISACA Podcasts, please visit: www.isaca.org/podcasts
