Top IT Security Bloggers

Isaca
  • The 2010s: A Decade of Growth and New Focal Points for ISACA

    Isaca
    The 2010s have seen remarkable growth at ISACA.From the debut of the CRISC certification to the addition of the CMMI Institute to the creation of the SheLeadsTech program and the added emphasis on providing cybersecurity resources, as underscored by the launch of the Cybersecurity Nexus (CSX), we are drawing near to the close of what has been a dynamic decade in ISACA’s 50-year evolution. “You see the importance of the work ISACA is engaged in moreso than ever,” said member Erik Rolland.Add...
  • What Capital One Got Right

    Isaca
    The massive cyber breach of Capital One, reported in late July, quickly brought a chorus of condemnation of the company from a wide circle of pundits, concerned customers, competitors and potential investors. Lost in the media fray was Capital One’s exceptional incident response. The facts are impressive when compared to other cyber incidents. Capital One’s cybersecurity team detected the incident within days (as opposed to the industry average of over 100 days before detection.) Critically,...
  • How Company Culture Helps Shape the Risk Landscape

    Isaca
    In today’s environment, companies all over the globe are experiencing culture risk. Yes, culture indeed has an impact on risk and every company has a unique culture. The key is to understand it, manage it, and leverage it when possible to obtain competitive advantage. Every company is faced with both positive and negative risk – that is, threats and vulnerabilities that could adversely impact the organization, its reputation and stock value, as well as opportunities that could have a positive...
  • Sizing Up Email Security Protocols

    Isaca
    Given the many instances of email security compromises, it has become vital to provide additional security to emails from the domain administrator level. Security protocols such as Domain-Based Message Authentication, Reporting and Conformance (DMARC), Domain Keys Identified Mail (DKIM), Sender Policy Framework (SPF) and Brand Indicators for Message Identification (BIMI) to prevent address spoofing are considered below. Before getting into the security protocols, spoofing needs to be understo...
  • Has GDPR Been a Success So Far?

    Isaca
    Since 25 May, 2018, the General Data Protection Regulation (GDPR) has been providing unified rules for data processing, requiring wider protection for the rights and interests of data subjects, and establishing important guidelines around the flow of information in the European Union. One year later, the first “anniversary” of the GDPR offered an exceptional opportunity to assess past achievement and to set goals for the future that were summarized in the communication from the European Commis...
  • Third-Party Vendor Selection: If Done Right, It’s a Win-Win

    Isaca
    The benefits that can be realized from using third parties to support the delivery of products and services are always part of any good sales pitch by prospective vendors. Often these benefits include reductions in operational spend, scalability, improved delivery time, specialized capabilities, and the availability of proprietary tools or software, all of which equate to a competitive advantage for companies leveraging third-party relationships effectively. Companies recognize and capitalize...
  • US Government Innovates Cyber Job Fulfillment

    Isaca
    Cybersecurity professionals believe their teams are understaffed, many teams have unfilled positions, open positions often take six months or more to fill, and job candidates often are not qualified for the positions for which they applied, as evidenced in the last several State of Cybersecurity annual surveys conducted by ISACA. However, it seems progress is being made on the cyber staffing shortfall, at least anecdotally. At the 10th Annual Billington Cybersecurity Summit conducted 4-5 Sept...
  • CISOs Must Address Their Blind Spot for Effective Oversight of ICS Security

    Isaca
    Cybersecurity resilience of Industrial Control Systems (ICS), Building Management Systems (BMS) and other Operational Technology (OT) systems is falling behind, a critical challenge considering the potential impact of a cyberattack on ICS and OT could result in the loss of lives and/or major environmental damage. These grave threats, of course, are in addition to the financial, reputational and compliance impacts of cyber incidents that affect all industries. Given the high stakes, it is time...
  • Improve ROI From Technology By Addressing the Digital Risk Gap

    Isaca
    All too often, IT and risk management professionals seem to be speaking a different language—that is, if they even speak at all. Bridging the Digital Risk Gap, the new report jointly authored by RIMS, the risk management society®, and ISACA, promotes understanding, collaboration and communication between these professionals to get the most out of their organizations’ technological investments.Digital enterprise strategy and execution are emerging as essential horizontal competencies to suppor...
  • How Responsible Are Cloud Platforms for Cloud Security?

    Isaca
    These days, just about every software platform or app available has some kind of cloud functionality. They might host your data in the cloud, give you cross-platform access to your account, or allow you to upload and download files anywhere. This is remarkably convenient, and a major breakthrough for productivity and communication in the workplace, but it also comes with its share of vulnerabilities. A security flaw could make your data available to someone with malicious intentions. Cloud se...