Top IT Security Bloggers
Isaca
-
Continuous Security Validation
IsacaNo corporate executive should feel secure. Every day, we keep hearing about yet another company getting hacked or losing sensitive data. Many enterprises do not even realize their systems are compromised until they receive an unexpected notification from an external party. Cybersecurity remains a top risk for companies and a hot topic for boardrooms. To fend off cyber threats, most companies focus on: Hiring security professionals or third parties with expertise in various security domains... -
Extracting More Value from IoT, Using COBIT 2019
IsacaThe time for making predictions about the number of IoT devices in future years and waiting for that time to come is long gone (however, if you really want to know, one source predicts there are going to be 75 billion IoT devices in 2025). If enterprises still have not thought about the ways IoT could bring them new value, now is certainly the right time to get started.As the title suggests, COBIT 2019 and IoT could be a great combination for adding value to the enterprise. Auditors (includin... -
50th Anniversary Q&A with ISACA CEO David Samuelson
IsacaEditor's note: David Samuelson was appointed chief executive officer of ISACA on 1 April of 2019, the year of ISACA’s 50th anniversary. Samuelson recently visited with ISACA Now to discuss the meaning of joining the organization during its milestone year and how ISACA can draw upon its decades of industry leadership to become even more impactful in the future. The following is an abbreviated transcript of the Q&A interview. To read the full Q&A, visit the ISACA50.org Story Gallery. IS... -
How to Properly Review an SOC Report
IsacaAs a follow-up to a blog post previously published by The Mako Group’s Chief Audit Executive, Shane O’Donnell, let’s dig a little deeper into what you should be reviewing when you receive your vendors’ SOC 1, SOC 2 or SOC 3 reports.Each SOC (Security Operations Center) report follows a basic outline. You will find the vendor’s management assertion, the independent service auditor’s report, the vendor’s description of its system, and a listing of controls tested. Below are some key points to f... -
ISACA’s Future Brimming With Opportunity
IsacaAs my relationship with ISACA unfolded through various volunteer roles for the past 25 years, I have had the privilege of seeing the organization evolve – through good times and challenging times – just as many of us have experienced in our personal lives and careers.I’ve stayed with ISACA for the long haul because regardless of the hot technology or top-of-mind regulation of the day, I have consistently been proud to serve a global organization that provides the resources needed to advance b... -
Drive Your Own Destiny in Achieving Goals
IsacaAn individual would be hard-pressed to debate that behaviors and habits individuals exercise in their personal lives have no bearing or effects on their professional career. To that end, the ability to visualize, establish and pursue goals is a useful tool to realizing our personal desires, both personally and professionally. This blog post will provide some insight on basic, but useful, practices that individuals may adopt to help them start setting and achieving relevant goals, as well as ex... -
A Look at CIS Controls Version 7.1
IsacaCIS Controls Version 7.1, released in April 2019, was developed by Center for Internet Security (CIS), which consists of a community of IT experts. CIS Controls has a set of 20 prioritized controls, divided into three categories as basic, foundational and organizational, which are also termed as Implementation Group (IG) IG1, basic; IG2 – IG1, foundational; and IG3 – IG2, organizational. The basic category consists of controls for the inventory and control of hardware assets, inventory and co... -
ISACA at Infosecurity Europe: Expert Speakers and New Research at Europe’s Largest Infosec Event
IsacaISACA expert speakers, past board directors and chapter leaders provided insight and new research while ISACA representatives highlighted ISACA certifications and training solutions at Infosecurity Europe 2019, 4-6 June in London. With more than 400 exhibitors and 240 educational sessions, the annual exposition and conference attracts the largest infosec and cybersecurity crowd in the region. Vilius Benetis, president of the ISACA Lithuania chapter and CEO at NRD Cyber Security, presented twi... -
Integrating Human and Technical Networks in Organizational Risk Assessments
IsacaThe US government’s recent efforts to ban the introduction of specific foreign IT vendors’ equipment in government networks is emblematic of the growing concern among organizational leaders posed by global supply chains, highlighting the broad interdependencies between technical and human systems. Organizational leaders who are seeking greater efficiencies are finding that the confluence of technical, human, and supply chain-induced cybersecurity risk requires a deeper understanding of how ea... -
Why Don’t We Apply Due Diligence in Selecting Social Media Providers?
IsacaI’ve reviewed many social media implementations across a large variety of companies and, among the many concerns from a security perspective, is the total lack of due diligence over their selection.It’s a puzzle really. Why would any competent CIO approve an initiative that is set up on a cloud-based platform that does not really know who its users are, has no audit certification, is demonstrably insecure, and is subject to rampant fraud and impersonation. But that is exactly what is happenin...