Top IT Security Bloggers
Isaca
-
Life (and Your Career) Is Not a Spectator Sport
IsacaJackie Robinson, the world-famous baseball star, once said, “Life is not a spectator sport. If you're going to spend your whole life in the grandstand just watching what goes on, in my opinion, you're wasting your life.” Your career and mine may not have the cultural significance that Jackie’s did, but how many of us accidently, or metaphorically, spend our lives or careers in the comfort zone of the grandstands? Watching and waiting for something to happen. We turn and talk to our fellow gra... -
The Quest for Leadership Presence: Finding Your Voice
IsacaWhen you listen to Indra Nooyi, PepsiCo CEO, you hear calm, measured confidence. When you listen to Sheryl Sandberg, Facebook COO, you hear upbeat, energized confidence. And when you listen to Mary Barra, GM CEO, you hear the concise messaging and confidence of a been-there-done-that leader. Each of these women telegraphs leadership through her voice. When you listen, you don’t think, “I am listening to a woman leader.” You just know you are listening to a leader, a person with a passion for... -
Former White House CIO Talks Cyber Awareness, Protecting POTUS’s Data, and More
IsacaISACA Now recently sat down with Theresa Payton, Former White House chief information officer (CIO), cybersecurity authority and expert on identity theft and the Internet of Things, for a Q&A on the future of cybersecurity, her days in the White House, and how women (and men) can break into the cybersecurity profession. Payton will present Big Data and the Internet of Things: Boon or Bust for Your Cybersecurity Efforts? in General Session 1 at the 2016 Governance, Risk and Control (GRC) Co... -
June’s COBIT 5 Poster Details Process Capability
IsacaThe June edition of the monthly COBIT 5 poster series features a graphic summary of the six levels of process capability and their related attributes. These capability levels attributes are aligned with ISO/IEC 15504.The poster charts the six levels of capability that a process can achieve, from an incomplete process that is not implemented or fails, to an optimized process.Each capability level can only be achieved after the previous level has been fully met. For example, before assessing a... -
Using Risk Scenarios for COBIT 5 to Help Achieve Business Success
IsacaIf I had a £1 for every time a client said “it won’t happen to us,” I would be a very rich man and probably would not be writing this blog!Risk management is about minimizing the chance that it will happen to us, by anticipating what might occur to affect the successful delivery of an enterprises’ business goals or objectives and to implement an appropriate risk response to minimize the risk of an adverse business impact materializing.This is how risk management is usually seen. However, a g... -
Women in Cybersecurity/IT: A Matter of Strategy
IsacaIf an organization has a culture of diversity and inclusiveness, there is typically a strategy in place to hire more women in cybersecurity/IT. This is especially true in consulting, where there is a concerted effort to hire more women. From a recruiting perspective, there is a small talent pool of women in cyber/IT to hire from. But I am starting to see more effort/focus on pipeline development coming from schools and organizations.A female CISO I recently spoke to said, “I am not seeing a l... -
Book of the Month: Advanced Persistent Threats: How to Manage the Risk to Your Business
IsacaThe book Advanced Persistent Threats: How to Manage the Risk to Your Business is a nice overview of advanced persistent threats (APTs) that lays out a framework for addressing the risk associated with APT. The book provides enough detail to give any practitioner the starting points for additional research. As with most ISACA publications, the book takes a risk-based approach to the APT problem so that it can be used as a guide to help information security professionals build the business cas... -
The Pervasiveness of COBIT
IsacaCOBIT—which turned 20 this year— not only has technical value, but is also an enabler that can improve our careers and our networking opportunities.ISACA offers IT professionals education, conferences and training to take our careers to a higher level. These activities allow us to create and maintain rich professional contacts and, of course, friendships. In my case, ISACA and COBIT allow me to participate in IT governance and management publications, audit conferences and sustainability event... -
Traveling the Road to GRC Maturity
IsacaToday’s business environment is fraught with risk. However, to successfully seize growth opportunities in the market, organizations need to effectively position themselves to embrace risk with confidence instead of simply avoiding it. Technology, economic and market conditions affect organizations on a daily basis. The constantly changing landscape of risk is a leading topic in headlines, industry forums, media outlets and board rooms. We are moving to a world where your risk management appr... -
From Control to Enablement: Key Lessons From the IT Audit Director Forums
IsacaDigital transformation, emerging technologies, cybersecurity, Internet of Things (IoT), increased adoption/understanding of technology by business areas and other trends are having a huge impact on organizations and the IT audit profession. Speed to market and innovative implementation of technologies are more important today than even five years ago. It’s innovate or perish. At the same time, organizations are intent on increasing their understanding of cybersecurity threats and managing th...