The ISACA Podcast gives you insight into the latest regulations, trends and threats experienced by information systems auditors and governance and security professionals. The experts interviewed in the ISACA Podcast have valuable perspectives they have gained from their years of experience in the field. Whether you are beginning your career or have decades of experience, the ISACA Podcast can help you be better equipped to address industry challenges and embrace opportunities.
Cyber Risk and Communicating to a Board of Directors
Digital transformation has heightened due to the pandemic. We went from, “we can’t work from home” to “we can only work from home moving forward”. Because of this change, our cyber risk increases and organizations need to take new action when it comes to risk. Join ISACA’s Risk IT Risk Professional Practices Lead, Paul Philips as he talks with Dr. Jack Freund—Head of Cyber Risk Methodology at VisibleRisk—about how to effectively communicate Cyber Risk to a Board of Directors. Organizations need to understand the financial ramifications of all aspects of cyber risk. Along with risk quantification, organizations need to work with and inform the BOD about the risk appetite for certain projects, how much risk tolerance the organization can afford to deal with and more.
US DoD’s CMMC Guidelines — What You Need to Know
Cybersecurity Maturity Model Certification or CMMC is a new security program being released by the US DoD. If you are a DoD contractor, your livelihood could be at stake as contract requirements and contractors will need to be certified or a contract won’t be awarded. Listen in as TelaTek's Director of Operations, Johann Dettweiler breaks down these new requirements published in his latest journal article with ISACA's CMMI Professional Practice Lead, Kileen Harrison. Johann discusses the importance of all organizations —big or small—going through the different levels of security in the CMMC guidelines, starting at Level 1 and working their way up. What is the most important thing an organization needs to get started? The ability to read, familiarize and understand the different levels of CMMC otherwise, they won’t know how to implement it in their organization and will have to hire a third party. These CMMC requirements are here to stay and will only continue to get more stringent the more hacks and attacks keep increasing.
Security As A Service
What is security as a service and when is it needed? Tune in as ISACA’s Cyber Pros explain how the increase in hacks and attacks are forcing companies to take cyber security more seriously. The bad news is, there is a lack of cyber security professionals in the field and those who do have the necessary skillset to manage a company’s security are becoming more and more costly. Academia is trying to help get the security workforce up to speed quickly, but they are failing. Until we see an influx of new and skilled cyber security professionals, security as a service is an option that can save your company both time and money and help assure that your company’s data and information is safe and secure.
For more information, check out ISACA’s State of Cybersecurity 2021.
IT Audit in Practice: Survival When You are Small-business Continuity and Resilience
Everyone needs a resilient operating model, and the pandemic has been the reality check showing how necessary it is to have a plan. Was your small-business or corporation prepared for the shift to remote work in early 2020? If not, you probably realized that business continuity is more than having the right systems and applications in place. The most important factor is people! Although both large and small enterprises have accommodated and adapted, the smaller organizations with fewer resources and time have faced equal or greater hurdles when it comes to this type of planning.
Join ISACA’s IT Professional Practices Lead, Kevin Keh, as he interviews Cindy Baxter, Director, What’s the Risk, LLC and discusses the importance of having a business continuity and resilience plan for your business. Cindy discusses consistently updating your crisis team and notification systems, the importance of allowing an auditor to fully understand your business, accepting critical feedback throughout the entire audit process vs. waiting for the final report and more! Cindy also mentions how small business owners and employees shouldn’t get defensive or take the findings personally. Remember, the value comes not in the result, but in the adoption of the results and recommendations.
For more information on this topic, click here to download ISACA’s IT Business Continuity/Disaster Recover Audit Program.
Privacy-Preserving Analytics and Secure Multiparty Computation
Organizations are increasingly concerned about data security in several scenarios, including collecting and retaining sensitive personal information; processing personal information in external cloud environments, and information sharing. Commonly implemented solutions do not provide strong protection from data theft and privacy disclosures.
Privacy and risk management professionals are particularly concerned about the privacy and security of data analytics that are shared externally. Compliance of privacy regulations such as the US State of California Consumer Privacy Act (CCPA), the EU General Data Protection Regulation (GDPR) and other emerging regulations around the world require techniques for secure processing of sensitive data.
Listen in as ISACA’s Safia Kazi interviews Chief Security Strategist and data protection expert, Ulf Mattsson on the latest on privacy-preserving techniques.
Why Should I Listen to You?
Why should you listen to ISACA’s CyberPros? Find out as Dustin Brewer and Frank Downs explain how they got started in the cybersecurity field and grew their knowledge and experience to become the cyber professionals they are today. Dustin and Frank discuss their traditional and non-traditional paths to learning, their experience working in the US government and the importance of earning a certification and continuing your education. Want to know how to get started in Cybersecurity? Start here by listening to this podcast.
Please add more podcasts
I really enjoy listening to the ISACA podcasts. I can get through a lot of these on my commute to work. Definitely more convenient than the journals and online articles.
Empowering, insightful and actionable! 🙌
Whether you’re well established as someone innovating in the cybersecurity world, or just getting started as a catalyst for change - this is a must-listen podcast for you! Abby and the entire ISACA team do an incredible job bringing together insightful conversations that cover a huge breadth of topics related to the ins and outs of successfully navigating an ever changing regulatory landscape - with leaders who are actually in the field themselves. Highly recommend listening and subscribing!