ISACA Podcast

The Future of IT Audit: Key Changes in ITAF 5 May 28, 2026 1792 Technology is transforming how organizations operate — and IT audit and assurance must evolve alongside it. In this episode, Paul Phillips sits down with Mary Carmichael, contributor to the newly updated IT Audit and Assurance Framework (ITAF 5), to discuss how audit professionals can adapt to today’s increasingly complex digital enterprise. Together, they explore the major shifts shaping modern

Breaking the Compliance Mentality May 21, 2026 1426 In today’s evolving cybersecurity landscape, strong leadership is the foundation of an effective security posture. Yet many agencies struggle when a “compliance mentality” takes hold, where meeting minimum requirements overshadows proactive risk management. In this ISACA Podcast episode, Lisa Cook, ISACA's Principal Research Analyst, sits down with Patrick Bevill, Chief Information Security Office

Audit-Ready by Design: How AI Powers Smarter Identity Security May 19, 2026 1551 Compliance does not have to be a stressful, last-minute scramble. In this episode, we explore how AI-driven control and automation transforms identity security from a costly headache into an audit-ready powerhouse. We break down the steps to simplify your regulatory processes, reduce operational costs, and enhance security by effectively managing human and non-human identities. You will learn why

SheLeadsTech Fireside Chat: Celebrating Women in Cybersecurity Mar 4, 2026 3065 Women in cybersecurity leaders share their stories and career advice in this SheLeadsTech fireside chat celebrating International Women’s Day. In celebration of International Women’s Day and Women’s History Month, ISACA’s SheLeadsTech initiative brings together three inspiring leaders in cybersecurity for a special fireside conversation. Join Debbie Lew and Jo Stewart-Rattray, both ISACA Hall of F

Humans Are IT Security’s Weakest Link Mar 3, 2026 2997 On this episode of the ISACA Podcast, host Chris McGowan is joined by Amit Patel, Senior Vice President at Consulting Solutions, to explore one of the most underestimated threats in cybersecurity: the human element. From accidental errors to insider breaches, they discuss why employee behavior is at the heart of most security incidents—and what organizations can do about it. Amit shares insights

Secure Your Privacy: A security and privacy podcast: real conversations, real consequences, real solutions? Feb 19, 2026 4487 You’re listening to Secure Your Privates™ brought to you by ISACA Podcasts - where security meets privacy, risk meets reality, and governance finally makes sense. We’re here to cut through the noise and get real about what’s actually happening in cyber. The no-BS podcast on security and privacy. We talk about what’s broken, what’s working, and what nobody’s telling you in between.

Securing Data in the Age of AI with DSPM: Lessons from a High-Impact ISACA Webinar Feb 12, 2026 1553 In this ISACA Podcast episode, host Safia Kazi, Principal Research Analyst – Privacy, is joined by Dirk Schrader, VP of Security Research at Netwrix, to discuss how generative AI is revealing long-standing gaps in enterprise data security and governance. This episode builds on insights from a recent ISACA webinar that explored how generative AI is exposing weaknesses in enterprise data security an

Elevate Your Career with Lauren Hasson Sep 4, 2025 1086 Lauren Hasson is the Founder of DevelopHer, an award-winning career development platform. In this podcast, she'll share a bit about her background and give a sneak peek at her upcoming CPE-eligible event.

Cyberrisk Quantification: Strengthening Financial Resilience Jun 4, 2025 2133 In this episode, ISACA's Lisa Cook engages with Yakir Golan, Executive Officer (CEO) and Co-Founder of Kovrr, to explore the critical role of Cyberrisk Quantification (CRQ) in enhancing organizational financial resilience. They discuss how CRQ solutions provide objective assessments of an organization's cybersecurity posture, enabling leaders to make informed decisions that align risk mitigation s

Securing Desktops and Data from Ransomware Attacks May 15, 2025 2370 Ransomware remains one of the most formidable cybersecurity threats facing organizations worldwide. In this episode of the ISACA Podcast, host Chris McGowan speaks with Netwrix endpoint protection expert Jeremy Moskowitz, who explains how ransomware infiltrates and cripples desktop environments. He explains cybercriminals' tactics to exploit social engineering and system misconfigurations to gain

Cyberresilience and Cybersecurity Mar 11, 2025 1450 Cybersecurity and the role of internal audit, an urgent call to action: The forces driving business growth and efficiency contribute to a broad attack surface for cyber assaults. How is the end user protected with good service while not being compromised? First Line includes internet, cloud, mobile, and social technologies, now mainstream, are platforms inherently oriented for sharing. Outsourcin

Cybersecurity Predictions for 2025 Jan 7, 2025 1567 The prevalence of ransomware and the security concerns associated with AI have made the role of cybersecurity professionals vital for enterprise success. The complex security landscape can make cybersecurity jobs stressful, but enterprises can take steps to retain cybersecurity talent and ensure enterprise assets are protected. In this podcast, Justin Rende, founder and CEO at Rhymetec, shares ins

Examining Authentication in the Deepfake Era with Dr. Chase Cunningham Dec 10, 2024 2308 Given the dynamic nature of cyberthreats and the ever-expanding digital ecosystem, authentication is more critical than ever. In this episode, ISACA director of professional practices and innovation discusses a new content piece titled, "Examining Authentication in the Deepfake Era" with author Dr. Chase Cunningham. Their conversation of the paper explores the evolution, current state, and future

Safely and Responsibly Using Emerging Health Technology Dec 5, 2024 1510 Emerging healthcare technologies have the potential to revolutionize healthcare and accessibility-related concerns, but these advancements are not without risk. To maximize the value and minimize the harms associated with emerging health technologies, it is critical to address ethical, privacy, and societal concerns to ensure that these technologies help rather than hurt humanity. In this ISACA

Addressing SAP Security Gaps Sep 17, 2024 1549 SAP systems are treated differently than many other enterprise applications from a cybersecurity perspective. Most SAP security teams are siloed and left to meet security objectives on their own. Since SAP is so integral to organizations, it is unusual for SAP security objectives to not be on the radar of an existing 24/7 cybersecurity team executing response actions for Linux or Microsoft environ

What Enterprises Need to Know About ChatGPT and Cybersecurity Jul 24, 2024 1304 Many people are pondering whether generative artificial intelligence (AI) tool ChatGPT is a friend or a foe. In this ISACA podcast episode, Camelot Secure Director of Solutions Engineering Zachary Folks discusses not only his view of how ChatGPT can be considered an evolution of the encyclopedia, but importantly how it is aiding cybersecurity professionals and the overall goal of enterprise secu

The Cyber Standard Podcast - Episode 4 May 30, 2024 2925 Welcome to Episode 4 of "The Cyber Standard Podcast"! Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the world of cybersecurity standardization. In this episode, titled "Becoming a License Body," Ameet is joined by esteemed guests Bryan Lillie, Strategic Technical Lead at the UK Cyber Security Council, and Peter Leitch, Co-Founder and Managing Partner at

The Cyber Standard Podcast - Episode 3 Apr 25, 2024 3325 Welcome to Episode 3 of "The Cyber Standard Podcast"! Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the essential aspects of applying for and assessing candidates in the cybersecurity field. In this episode, titled "How to Apply," Ameet is joined by distinguished guests Ethan Duffell, representing the UK Cyber Security Council, and Allan Broadman, Direc

Effective Third Party Risk Management in 2024: AI’s Impact and Future Trends Apr 24, 2024 1883 Traditional security questionnaires just aren't cutting it anymore. Tune into this ISACA Podcast episode, Chris McGowan chats with VISO TRUST CEO and Co-founder, Paul Valente as they delve into the evolving landscape of Third-Party Risk Management (TPRM), exposing the limitations of current methods and exploring how emerging AI trends are shaping a more secure future and driving more effective thi

Unlocking Strategic Value from a Bug Bounty Program Apr 3, 2024 1634 Are you curious about how to maximize the strategic value and impact of your bug bounty program? In this episode, you can learn how Adobe continuously develops and improves its bounty program to engage security researchers and hackers globally and improve its security posture from an adversary perspective. In this ISACA Podcast, Chris McGown, ISACA's Information Security Professional Practices Pri

The Cyber Standard Podcast - Episode 2 Mar 28, 2024 2555 Welcome to Episode 2 of "The Cyber Standard Podcast"! Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the intricacies of cybersecurity standardization. In this episode, titled "Audit and Assurance," Ameet is joined by esteemed guests Leanne Sperry, Project Manager for Standards Development at the UK Cyber Security Council, and Mike Hughes, the ISACA Immed

The Cyber Standard Podcast - Episode 1 Feb 28, 2024 2499 Tune in to the inaugural episode of "The Cyber Standard Podcast," “The Vision!” Join host Ameet Jugnauth as he interviews Robin Lyons, ISACA Principal, IT Audit Professional Practices, and Annmarie Dann, Director of Professional Standards at the UK Cyber Security Council, in a compelling discussion about the standardization of specialisms in cybersecurity. Explore the Council's and ISACA's visions

Measuring Security Risk Against Dynamic Threats Feb 21, 2024 1714 Getting dressed is a routine example of everyday life packed with choices. Should I wear pants or shorts? Do I need a sweater? Shoes or sandals? While we often make these choices subconsciously, even actions that don’t appear as choices include several microscopic risk-based calculations. These judgments are executed based on some estimate of risk, and as known in the cybersecurity industry, wha

Reflecting on 25 Years of Information Security Matters Feb 14, 2024 834 ISACA recently marked the 25th anniversary of Steve Ross’ ISACA Journal Information Security Matters column. Over the last quarter century, technology, security, and the workforce have evolved, while certain challenges remain the same. In this ISACA Podcast episode, Safia Kazi speaks to Steve about how he started writing for the Journal, societal shifts in security perceptions, and how writing ski

A View into CTEM Exposure Management: Reducing your Attack Surface 3x Feb 7, 2024 2580 Organizations can no longer rely on legacy vulnerability management solutions to protect against even basic attacks. Instead, vulnerability management is just one small component in a unified continuous threat exposure management (CTEM) approach to securing an enterprise from malicious intruders and ransomware. In addition to vulnerability management, security around misconfigurations, patching, i

Leveraging Agile Concepts for Neurodiverse Auditors Jan 17, 2024 1723 In this ISACA Podcast episode, we’ll delve into how leveraging Agile concepts can mitigate common challenges neurodiverse auditors face in the workplace. Neurodivergent auditors can bring a fresh and dynamic energy to projects if given appropriate accommodation. Join us as ISACA's Robin Lyons chats with Program External Audit IT Program Manager Amanda Tucker as they explore small changes that can

Minimizing Risk and Audit Requests Jan 3, 2024 1276 With the increasing demand for audits and risk assessments, artifact requests will not be going away anytime soon. However, the burden these activities bring to the organization can be drastically reduced when audit and risk work together. In this ISACA Podcast episode, Paul Phillips, Director of Event Content Development at ISACA, hosts Staff Governance, Risk, and Compliance Analyst Benjamin Bart

Issue Management Confidential: Tools and Best Practices for Improving IT Issue Management Dec 27, 2023 1720 Effective IT issue management is crucial for organizations to mitigate financial loss, reputational damage, and operational disruptions. Issue management tools streamline the process by tracking and resolving issues, while risk rating helps prioritize responses based on their impact and likelihood. In this ISACA Podcast episode, ISACA's GRC Professional Practices Principal, Lisa Cook chats with IT

Improving Security while Enabling Market Access with CCF Dec 13, 2023 1342 Software-as-a-Service (SaaS) providers continue to face increasing customer demand to attain security compliance certifications that demonstrate commitment to security, privacy, confidentiality, and more. Pursuing every national and international certification individually results in a repetitive cycle of ongoing walkthroughs, interviews, testing, and evidence requests (i.e., audits). A central CC

Scaling Your Threat Modeling Program Nov 15, 2023 1125 Understanding product security risk starts before a single code line is written. Teams can discover threats to the architecture of a system early in the development life cycle with Threat Modeling. While it’s not a new concept, how do we transform traditional ways of Threat Modeling to meet the complexities of modern software development at scale? In this ISACA Podcast episode, Chris McGowan chats

Secure your Supply Chain with an Effective Vendor Security Program Oct 5, 2023 943 Security risks introduced by vendors have become a top-of-mind concern for executives today, driven by recent supply chain incidents that have exposed organizations to operational and reputational risks. A robust vendor security program is now a must, as it helps ensure compliance and proactively identifies and mitigates these risks throughout the vendor lifecycle. However, many vendor security te

Cultivating Inspired Leaders with Kristi Hedges Oct 3, 2023 1271 If we want people to bring their most creative, innovative selves to work, we need to cultivate a culture where inspiration is given, encouraged, and fostered. In this ISACA Podcast, Kristi Hedges, executive coach, and leadership development consultant, speaker, and author, gives a sneak peek of her upcoming member-exclusive 'Cultivating Inspired Leaders, a CPE-eligible event. At the event, Kris

Exploring the Benefits of Neurodiversity within Cybersecurity Sep 27, 2023 2038 Neurodiversity within cybersecurity offers many benefits but requires organizations and hiring managers to re-evaluate hiring practices and job descriptions typically structured for neurotypical applicants. Join ISACA's Director of Professional Practices and Innovation as he hosts a conversation with a company helping to remove barriers and maximize the value neurodiverse talent brings to cybersec

Internal Audits That Create Stakeholder Value Adopting an Agile Mindset Aug 16, 2023 1329 Agile Scrum is a lightweight framework that promises to significantly improve internal audits by creating a mindset that generates stakeholder value through adaptive solutions for complex auditing problems. This mindset is needed as organizations face unprecedented changes and pressures in today's business landscape. Internal audits must keep leaders informed and aware of potential risks. Such a m

Strategies for Avoiding Burnout Aug 9, 2023 1599 Chronic workplace stress can lead to burnout, which poses a significant risk to the mental health of busy professionals, such as auditors. But how can these professionals protect themselves from burnout? And how can their employers help them do so? If you are interested in learning the answers to these questions, then watch as ISACA’s Robin Lyons and Dr. Elena Klevsky, Assistant Professor of Accou

The Danger of Distraction in Augmented Reality Aug 2, 2023 1295 While users of technology are becoming more educated in how to avoid cyberattacks such as phishing, a distracted user might be more prone to missing signs of social engineering. This project explored whether users immersed in augmented reality applications were more inclined to fall for an on-screen text message that prompted familiarity (such as a friend calling in) or urgency (such as a warning

Managing Human Risk Requires More Than Just Awareness Training Jul 26, 2023 1282 A comprehensive information security awareness program must be in place to ensure that employees are aware of and educated about the threats they may encounter at the workplace. The workforce needs to be prepared to know how to respond to these threats. It all starts with a risk assessment to identity the most critical of risks that need to be mitigated through preparedness. Making security a part

Preparing for Interruptions, Disruptions and Emergence Events Jul 19, 2023 2160 This podcast speaks about how an Information Systems (IS) Auditor can prepare for the Interruptions, Disruptions and the Emergence events that happen to the business and to technology. Describing the features of Interruptions, Disruptions and Emergence events and distinguishing the differences between them, special guest Anantha Sayana outlines how the IS Auditor can prepare, react, and contribute

IS Audit in Practice: Data Integrity On Demand Jul 11, 2023 2481 On this podcast, ISACA's Hollee Mangrum-Willis and special guest Cindy Baxter discuss the disparities between American communities and access to electronic health records. From there, they examine how key data insights from the ISACA community can help us all be healthier.

ISACA Live | Digital Trust Priorities for Privacy and Emerging Tech Jun 28, 2023 1734 ISACA Digital Trust Advisory Council Members Anne Toth and Michelle Finneran Dennedy will discuss privacy concerns and priorities around emerging tech and the most critical considerations for ensuring strong digital trust. Hosted by ISACA's Safia Kazi.

Processes of Engagement with Scott Gould Jun 21, 2023 1436 Scott Gould is the author of 'The Shape of Engagement: The Simple Process Behind how Engagement Works.' In this podcast, Scott gives a sneak peak at his upcoming member-exclusive, CPE-eligible event. Scott will discuss the essential frameworks for understanding and operationalizing engagement and building enduring connections with your networks and communities.

Delivering Security Value to Product Teams Using the Power of Data Jun 13, 2023 1320 In security, aligning with product teams has never been more important, especially when outmaneuvering adversaries. To foster a truly productive and action-oriented cybersecurity culture, security teams must begin addressing their product engineering counterparts as customers they serve rather than entities they govern. In this podcast, ISACA’s Chris McGowan listens in as Adobe’s Manager of Advers

AI Ethics and the Role of IT Auditors Jun 6, 2023 1808 We, as a society, have always lived by certain norms that are driven by our communities. These norms are enforced by rules and regulations, societal influence and public interactions. But is the same true for artificial intelligence (AI)? In this podcast we discuss and explore the answers to some of the key questions related to the rapid adoption of AI, such as: What are the risks associated with

Using a Risk-Based Approach to Prioritize Vulnerability Remediation Jun 1, 2023 1673 Organizations today struggle with vulnerability management. More specifically, remediating vulnerabilities in a timely manner poses a challenge. With vulnerability remediation backlogs growing at an alarming rate, what can organizations do to meet their established remediation timelines and to protect the organization from cybersecurity threats. Cybersecurity leader Ray Payano will discuss the exp

The True Cost of a Data Breach May 23, 2023 1918 Guests Jack Freund and Natalie Jorion discuss the need for additional data for quantitative risk analyses and methods to derive that data when it does not exist. They cover how this was done in the past and their updated method for interpolation of such data from record losses and other firmographic data. They end with a discussion of the role of model validation and how it can enable reliable ris

2023 IT Compliance and Risk Benchmark Report May 16, 2023 1479 Are you wondering about the ever-changing landscape of IT compliance and risk management? Look no further. Hyperproof, a leading SaaS compliance operations provider, conducts an annual survey of over 1,000 IT risk, compliance, and security professionals to uncover their top challenges. Tune in to this exclusive episode to hear about the top five most important statistics uncovered from the survey

What Kind of Glasses Are You Wearing? Your View of Risk May Be Your Biggest Risk of All May 9, 2023 1682 The world of business has changed dramatically over the past few years. Our digital world is more connected than ever, leaving security and technology teams stretched even thinner. Privacy and data regulations are increasing on a state and national level, threat actors are learning and evolving, and cybersecurity has finally become a boardroom priority! Now that you have leadership’s attention- wh

How Organizations Can Consistently Reduce Cyberrisk May 4, 2023 1946 Cyber threats are now a “clear and present danger” to most organizations, companies and governments of the world. A good cyber defense involves many, intricate layers. You can never have enough layers, just like you can never remove all the risk. In order for organizations to reduce as much risk as possible, in a rapidly shifting threat landscape, they must constantly make improvements. The threat

Key Considerations for Conducting Remote IT Audits May 2, 2023 1016 Conducting adequate preparation including risk assessments, assessing resource requirements and ensuring ongoing communication to harness both the benefits and to address the potential challenges faced when conducting hybrid or fully virtual audits.

Seven Things to Know Before Automating IT General Control Audits Apr 27, 2023 2026 This podcast is a practical discussion with two IT Internal Auditors, Frans Geldenhuys and Gustav Silvo, that have automated IT General Controls across their highly diversified and decentralized group. They will share some of the pitfalls they have experienced in their automation roll out and advise on how to avoid or manage these pitfalls with host, Robin Lyons. Check out Frans and Gustav’s full

Understanding, Assessing, Aligning and Transforming Organizational Culture Apr 20, 2023 1743 Organizational culture is crucial because it shapes behaviors and attitudes in the workplace, which can profoundly impact operations and overall success. However, it is sometimes difficult for CISOs and other infosec managers to fully understand their culture because they are inside it constantly. In this ISACA Podcast episode, author and journalist Mark Tarallo chats with ISACA's Safia Kazi about

Topics in Emerging Technology, Governance and Ethics Apr 18, 2023 1993 What are the primary risks associated with the adoption of emerging technologies, particularly during periods of high market volatility and changing governance requirements? We talk with Samuel Zaruba Smith, PhD(c) about his learnings from working in government regulated industries and emerging technology. We deep dive into the problems of business strategy, security, policy, social engineering et

Industry Spotlight - Julia Kanouse Apr 11, 2023 1314 Get to know Chief Membership and Marketing Officer Julia Kanouse as she sits down with childhood best friend and ISACA VP Amanda Raible. The duo discuss everything from leadership to motherhood while competing in Mario Kart! Tune in!

What Is Your IP Address Cybersecurity IQ? The Role of IP Address Data in a Digital World Apr 4, 2023 1700 There are literally thousands of VPN services on the market. Some are undeniably benign, but others offer a slate of features that are friendly to cyber criminals. Keeping your network safe from hackers requires you to understand the VPN market, and make decisions based on your company’s appetite for risk. Fortunately, by analyzing IP address data associated with these devices, security profession

The Future of Technology Risk: 4 Ways to Build Stakeholder Trust in the Technology Risk Imperative Mar 21, 2023 1532 Today, the pace of change across industries is quicker than ever before. Economic, political, and social unrest and a global climate crisis have placed unprecedented disruption and pressures on organizations looking to navigate a rapidly changing environment. Firms are being out-innovated and entire industries are being disrupted in a matter of months or years, as opposed to decades. Shifting regu

Measuring Security Resilience from the Lens of the Adversary Community Mar 14, 2023 1297 In a world where adversaries are constantly adapting to improve tactics, techniques, and procedures (TTPs), it is crucial to understand the unique traits and goals of various types of adversaries that actively seek to cause harm to an organization. The personification of these threats will ultimately help measure resilience against specific threat actors, identify investment and hardening opportun

Risky Business – Jon Brandt Mar 7, 2023 2952 For the average person, life moves quickly. But for business leaders and anyone involved in any aspect of IT, the pace at which technology is changing is overwhelming. Technology can help businesses and individuals do more with less and increase profit margins. However, technological advances carry tremendous risk and increase the criticality of risk management. No longer can business and personal

Building Digital Trust Through Advocacy Mar 2, 2023 1682 If you thought ISACA was only about certification and education, get ready to listen to this podcast and see how ISACA advocates for the IT Audit and Risk Management professions! Join Cindy Baxter, author of the Audit in Practice column in the ISACA Journal, as she interviews two members of the ISACA New England Board of Directors who attended ISACA’s Hill Day in Washington DC. Hear how they met

Advertising Information Security Feb 28, 2023 1376 In this episode, executive principal at Risk Masters International’s Steven Ross discusses why vendors of IT products and services are advertising information security, why businesses are not advertising their security and how to use information security as a component of organizations’ public images with host Safia Kazi.

Rethinking Identity Governance Feb 21, 2023 1667 SaaS is eating the world even more than we think. Companies are dealing with SaaS sprawl: hundreds of apps distributed across different owners that store sensitive data and which are used to orchestrate critical business workflows. Security-minded teams are turning to external compliance frameworks to help protect their customers and data. However, traditional identity governance controls have f

2023: The Year of Risk Feb 14, 2023 2562 A review of the events of 2022 shows that 2023 will not be the year of dire new cyber attacks waged by hoodie-wearing cyber criminals or office-bound nation-state APTs. Instead, 2023 will be when multiple regulatory bodies express their mounting frustration with public and private companies' collective inability to reduce the volume and impact of prior cyber attacks. Tune into this ISACA Episod

Improving Cyber Resilience in an Age of Continuous Attacks Feb 9, 2023 1946 We live in the age of continuous compromise. This podcast dives into why so many organizations continue to be breached even after spending money on cybersecurity point solutions. Many organizations gravitate towards silver bullet solutions without understanding the threat and impact. In this ISACA Podcast episode, Chris McGown speaks to Rex Johnson and Hamlet Khodaverdian about why a holistic and

Advancing Digital Trust Through Audit and Assurance Feb 7, 2023 1530 A strong audit and assurance function is critical to achieving digital trust in an organization. This conversation spotlights audit's role in digital trust and outlines key priorities. It also shares new ISACA resources for auditors. For more information, go to https://isaca.org/digital-trust

ISACA Live_Critical Infrastructure Security Feb 2, 2023 1608 ISACA's Chris Dimitriadis and the US GAO's Nick Marinos discuss the current state of critical infrastructure security, escalating threats and how to better prepare. For more information check out www.isaca.org/heightened-threats

ISACA Live | Risk Scenarios Jan 31, 2023 1369 Paul Philips and Lisa Young will discuss how risk scenarios help decision-makers understand how certain events can impact organizational strategy and objectives. Good risk scenario building is a skill and can take some time to truly master. Paul and Lisa will provide actionable advice on building the best possible scenarios to help your organization better manage risk For more information check ou

ISACA Live | How to Mature Your Privacy Compliance Program Jan 26, 2023 1567 Compliance with the world’s ever-increasing list of privacy laws can be a tricky undertaking for any organization, but by taking a few simple steps, you can begin to mature your privacy program from a series of check-box exercises into an intelligent compliance program that can help organizations to build consumer trust and protect brand reputation. Join this conversation with OneTrust DPO Linda T

Career Coach Advice: How to Launch Your IT Audit Career Jan 24, 2023 1090 Career coach Caitlin McGaw will share her top tips for young professionals and career changes on how to launch a successful career in IT audit--from acing your first interview and landing your first job to career resources to help your career continue to grow and thrive. To learn more, check out www.caitlinmcgaw.com

ISACA Live | Advancing Digital Trust Through Data Privacy Jan 19, 2023 1013 Learn more at isaca.org/digital-trust

ISACA Live | The Dark Future of Privacy Jan 17, 2023 1858 Privacy Mining will increase because of billions of IoT devices being connected every day. Combined with advanced psychologic research, this can be a very powerful tool for manipulating people's behavior. A Fake reality also poses a big threat to our future of privacy. Software, such as Deep Fakes, has the ability to use someone's facial structure and create fake videos featuring digitally created

Information Privacy Contradiction: Interest-Based Posture of Compliance and Violation Jan 12, 2023 1973 Why do individuals, organizations, institutions, nations, or responsible agents work hard to preserve their personal and enterprise data, personnel information, trade secrets, intellectual properties, technical know-how, or national data, yet easily trade on the individual and enterprise data and national data of others? To understand and answer the question appropriately, one must examine the und

ISACA Live | Advancing Digital Trust Through IT Jan 5, 2023 733 On National IT Professionals Day, ISACA's Kevin Keh explains how IT professionals can advance digital trust in their organizations and in their industries. Learn more at isaca.org/digital-trust

Should Cybersecurity Be Subject to a SOX-Type Regulation? Dec 29, 2022 1420 Numerous laws and regulations have been passed to protect sensitive information, both at the federal and state level, creating a patchwork of requirements for companies to comply with. However, with limited resources for cybersecurity investment, this uncoordinated approach has clouded objectives and led to decision paralysis within firms. Could cybersecurity implementation benefit from a Sarbane

Beware the Traps of Data Governance and Data Management Practice Dec 27, 2022 2171 Guy Pearce joins ISACA’s Lisa Villanueva for a conversation about the traps of Data Governance and management. Guy breaks down Lore vs. Data, reasons for not using information for decision-making, and why data is a shared benefit for the organization. Stay tuned until the close to hear Guy’s advice on using metaphors when communicating technical concepts to executive leadership. To read Guy's full

Convergence: Where Next? Dec 22, 2022 1329 ISACA’s Jeff Champion welcomes Steven Ross to the ISACA podcast. Steven asks what the effect of Convergence on the Control Community and concludes that everything is connected to every role, and it is becoming risky to have employees siloed within their own practice. He also remarks on how he once wrote an ISACA Journal article about companies creating a role for Chief Security Officer and now tha

Do Data Go To Waste Dec 20, 2022 1084 The Impact of SOX on the Industry 20 Years Ago and Today. Opponents of Sarbanes Oxley, (SOX) contend the law is too costly for companies to operationalize given the small benefit that SOX regulation provide. Proponents say that a world without SOX is a world in chaos. This article discusses how SOX measures up 20 years after the law was enacted. To read Cindy's ISACA Journal article, Do Data Go t

Protecting Your Enterprise and Deterring Fraud in a New Risk Era Dec 13, 2022 1322 As uncertainty persists due to the COVID-19 pandemic, the war in Ukraine, international cyberthreats, inflation, and a looming recession, it is clear that the world has entered a new era of risk. These factors have created the perfect storm for rising fraud. In the past year, unauthorized digital account openings increased by 21%, while smartphone-related cyberattacks soared by 71%, reflecting a c

The Circle of Failure: Why the Cyber Security Industry Doesn’t Work Dec 9, 2022 3035 Richard Hollis, Director of Rick Crew, is serious about asking the tough questions. ISACA’s Jon Brandt welcomes him to the ISACA podcast to have a conversation that challenges the status quo: Does the Cyber Security Industry work? After decades of experience in the security industry, Richard asks, “have I affected any change?” Richard points out that if we buy a toaster at the store and it doesn’t

Meeting Attackers Where They Are Nov 29, 2022 1353 The world's largest software companies leverage modern-day Red Teams to protect against real-world attacks. Many companies focus on vulnerability management, compliance, and patching to secure themselves, but this is only a tiny part of the big picture. An improved security posture is achieved by leveraging the Red Team to pressure test the attack surface and discover the impact that can be made b

Taking Security Strategy to the Next Level: The Cyber Kill Chain vs. MITRE ATT&CK Nov 22, 2022 1390 In an era of rampant ransomware and other malicious cyberattacks, it’s mandatory to double down on cybersecurity analysis and strategy to ensure an optimal security posture and the protection of critical assets and data. Today, two models can help security professionals harden network resources and protect against modern-day threats and attacks: the cyber kill chain (CKC)and the MITRE ATT&CK frame

Auditee Buy-In—A Key Component of Effective Audits Nov 10, 2022 1205 As you plan and execute your audit, do you take time to invest in the stakeholder relationship? This can be an often-overlooked element but essential in an effective audit. Tune into this ISACA Podcast as Steve Jackson, IT Audit Manager at Airbnb, chats with ISACA’s Robin Lyons about ways to gain auditee buy-in and have a successful and effective audit. To read Steve’s full-length article, “Audite

Episodes

Recommended

—