Top IT Security Bloggers

Isaca
  • Effective IS Starts, Ends With Security Culture

    Isaca
    For an information security professional, one of the most important areas for an organization is building a corporate security culture. Building a security culture begins with the IS professional:  being transparent and passionate about security, speaking about security initiatives at company meetings, and providing recurring security awareness talks.This grass-roots, bottom-up approach should be coupled with an increased focus on executives. Getting their support and buy-in is absolutely cri...
  • Poland’s Supreme Audit Office Chooses COBIT 4.1 To Assess IT Security

    Isaca
    In a testament to COBIT's universal acceptance, the Supreme Audit Office of Poland (NIK) recently used the COBIT 4.1 framework to assess the level of security of the major IT systems used by Poland’s government agencies.The process began in 2014 when the NIK reviewed the involvement and performance of Poland’s government agencies to ensure IT security. The results of the review, published last year, showed that Poland, at the state level, was not prepared to deal with the serious threats comi...
  • Formation of ISACA Student Groups in Melbourne

    Isaca
    The thought of starting an ISACA student group in Melbourne emerged when my son was at university. I felt he needed to interact at Melbourne Chapter events and learn beyond the classroom. I encouraged him to enroll as an ISACA student member to allow him to network, learn, attend chapter events and connect with a few professionals as mentors.I then started networking with the academic community at various universities in Melbourne and was fortunate enough to set up 3 ISACA student chapters at...
  • Injecting Relevance: Getting Use Out of a Useful Risk Assessment

    Isaca
    A show of hands:  how many of you reading this have done a risk assessment, but felt that after it was completed it was never going to be used for much? I have done many and the results often fall on deaf ears. I have tried a variety of methods, used various tools, and done pretty much everything but stand on my head to get the results noticed. Then I realized what was missing:  relevance.I figured this out when I took a class on Operational Risk (see the excellent book written by Tony Blunde...
  • Tips on Cyber Security Auditing

    Isaca
    In celebration of Cyber Security Awareness Month this October I would like to share some practical tips on auditing cyber security.Tip #1:  Clarification on Cyber Security DomainAudit should bring clarity to the situation being audited. For this to happen, one should have strong foundation in the terms used when auditing cyber security. Google the definition of cyber security and look at results. Did you find the top results from authoritative sources on what cyber security is and what it is...
  • Eddie Schwartz: The State of the CISO

    Isaca
    Three decades ago, the invention of the chief information security officer (CISO) role seemed like a brilliant idea. Imagine the benefits of a C-suite position for cyber security and how such an executive role would help ensure members of senior management take the issue seriously and provide needed support across the organization. Maybe. Maybe not.The first generation of CISOs primarily focused on creating information security programs and the role of security relative to emerging compliance...
  • IT Auditors: Mind the (Database) Gap

    Isaca
    Everyone who has ever travelled on a train, metro or underground, particularly in London, will be familiar with the famous “Mind the Gap” announcement. It is made because the curved design of some platforms leaves an unsafe gap when the straight train carriages stop at the station. The design of some IT systems can also leave gaps, particularly between the application and the database. Understanding and pointing out these gaps should be the concern of all IT auditors. Examples of these gaps i...
  • The Beauty of Simplified Audit Programs

    Isaca
    If an enterprise is to be effective in meeting its objective and accomplishing its mission, it is important to identify key success factors. What are those goals where achievement is essential to the overall success of the enterprise? IS audits help enterprises ensure the effective, efficient, secure and reliable operation of the information technology that is critical to an enterprise’s success. The effectiveness of the audit depends largely on the quality of the audit program, according to...
  • Hacker, Futurist Holman Envisions Self-driving Everything, Cybersec Evolution

    Isaca
    Renowned hacker, inventor, entrepreneur and technology futurist, Pablos Holman, is on a quest to solve the world’s problems through the innovation of technology. Through his work at the Intellectual Ventures Lab, he has developed a brain surgery tool, a machine to suppress hurricanes, a self-sterilizing elevator button, a cure for cancer, a gun that shoots laser beams at malaria-carrying mosquitos, 3-D food printers, and he has contributed to visions for the future of urban transportation, ent...
  • A Call for Global Cyber Security Awareness Month

    Isaca
    As business leader--whether with an international non-profit organization like ISACA or a corporation, like my employer, Intralot--your perspective must always be global. That very perspective infused my thinking as I went to compose this ISACA point of view on National Cyber Security Month, which begins tomorrow. While events such as “National Cyber Security Month” have taken shape, grown and serve a purpose, their positive impact may fall short and be somewhat artificial because of the limi...