Top IT Security Bloggers
Isaca
-
Security Automation Isn’t AI Security
IsacaIn many spheres of employment, the application of Artificial Intelligence (AI) technology is creating a growing fear. Kevin Maney of Newsweek vividly summarized the pending transformation of employment and the concerns it raises in his recent article “How artificial intelligence and robots will radically transform the economy.”In the Information Security (InfoSec) community, AI is commonly seen as a savior – an application of technology that will allow businesses to more rapidly identify and... -
"My life story is not complete without ISACA"
IsacaMuch of Phillimon Zongo’s youth was spent walking or running great distances barefoot, sometimes en route to school, other times scouring the township for empty cola bottles he could sell for change. Whatever the distance, Zongo was determined to find a way to afford food to fill his belly and knowledge to fill his brain.Zongo’s first pair of shoes came when he was 12, prompting months of adjusting his steps to acclimate to the new sensation. But with or without footwear, in warm or wintry co... -
Ransomware: A top security threat for 2017
IsacaWith the dawn of 2017, ransomware continues to emerge as a top security threat. This form of attack that encrypts and locks computer files and devices until a ransom is paid looms ominously over large companies, SMEs and even individuals.Ransomware is part of the top 10 security threat predictions by various analysts and security labs across the world. In 2015, businesses paid $24 million to ransomware attackers, a figure that was expected to jump to $850 million in 2016, according to Carbon... -
Integrated Content Libraries – What You Should Know and Questions to Ask
IsacaHaving worked for most of the “Big Four” as well as several boutique consultancies, I have witnessed a well-marketed shift and the birth of a new industry as it pertains to integrated regulatory content. When I refer to integrated regulatory content, I mean taking statements from individual sources and mapping those to a single control statement. For example, PCI 3.2, Requirement 2.1 states that default account passwords for accounts shipped with a Commercial Off The Shelf (COTS) product shoul... -
2016 Accomplishments Poised to Drive 2017 Growth
IsacaWe hope 2017 finds you ready for another year of challenges, opportunities and achievements—much like the year we all have just enjoyed.In 2016, ISACA moved forward as an organization with the support of its 215 chapters around the world working to increase our visibility, influence and impact, locally and globally. Perhaps most encouraging is the progress we are making as a valued professional community, which has occurred amidst rapid changes and increasing complexity in and around our ke... -
How to Keep IT Employees Fully Engaged
IsacaIn my last article, I wrote about the importance of training, and how I believe it is the missing ingredient to IT success. This is something I feel rather strongly about and will discuss with anyone who listens.But as I mentioned, the word training comes with some negative connotations – at least for myself. I associate it with being a student in a structured classroom setting where I’m supposed to follow the teacher’s instructions. Unfortunately, I’m afraid that many of my peers feel the sa... -
Why Conquering Complexity Is a Critical Component of an Effective Security Program
IsacaSecurity professionals tend to have a penchant for making things more complicated than they need to be. But life and our work are complicated enough without us adding extra layers of needless complexity. When it comes to operating an effective enterprise security program, the old adage of “complexity being the enemy of security” really does ring true. Many CIOs and CISOs are guilty of chasing the cool blinking lights of newer technologies and keep adding additional technologies to an already... -
Telecom Organizations’ Strategy to Generate Revenue from Security Services
IsacaIn this digital age, with telecom service providers’ revenue per bit falling every year, network operators are clearly being forced to consider expanding their catalogue of services to something beyond basic voice connectivity. Providers need some way to unlock the full value of their investment in the network and to expand into new and profitable applications and services.For a decade or more, Western European and North American telecommunication companies have focused on capturing growth in... -
Three Common Mistakes to Avoid When Interviewing
IsacaSo you have read my blog about finding your next opportunity, and now you have started to interview. I would like to share three common mistakes I see interviewees make that can cost them the job they are hoping to land:1. Not doing your homework. Every interview situation is different, but most people would admit that interviewing is stressful. The best way to beat that stress is by being prepared. Being over-prepared is even better! The vast majority of candidates I help prepare to intervie... -
Three Ways to Make Information Security a Habit During Project Management
IsacaWith eyeballs rolling, they mumble, “Why do security people insist on stopping our projects?” As information security (IS) professionals, we have seen this response from project managers (PM), developers, and fill-in-your-favorite-role here, when we have derailed a project due to an unplanned InfoSec issue. What is an InfoSec Professional to Do?Police chiefs don’t lock our car doors, nor do CISOs read application teams’ code. Because InfoSec is a lifestyle, not an event, we need a security c...