This podcast speaks about how an Information Systems (IS) Auditor can prepare for the Interruptions, Disruptions and the Emergence events that happen to the business and to technology. Describing the features of Interruptions, Disruptions and Emergence events and distinguishing the differences between them, special guest Anantha Sayana outlines how the IS Auditor can prepare, react, and contribute to all the three. Hosted by ISACA's Hollee Mangrum-Willis.

On this podcast, ISACA's Hollee Mangrum-Willis and special guest Cindy Baxter discuss the disparities between American communities and access to electronic health records. From there, they examine how key data insights from the ISACA community can help us all be healthier.

ISACA Digital Trust Advisory Council Members Anne Toth and Michelle Finneran Dennedy will discuss privacy concerns and priorities around emerging tech and the most critical considerations for ensuring strong digital trust. Hosted by ISACA's Safia Kazi. 

Scott Gould is the author of 'The Shape of Engagement: The Simple Process Behind how Engagement Works.' In this podcast, Scott gives a sneak peak at his upcoming member-exclusive, CPE-eligible event. Scott will discuss the essential frameworks for understanding and operationalizing engagement and building enduring connections with your networks and communities.

In security, aligning with product teams has never been more important, especially when outmaneuvering adversaries. To foster a truly productive and action-oriented cybersecurity culture, security teams must begin addressing their product engineering counterparts as customers they serve rather than entities they govern. In this podcast, ISACA’s Chris McGowan listens in as Adobe’s Manager of Adversary Intelligence Gurpartap “GP” Sandhu provides unique insight into how he’s bringing...

We, as a society, have always lived by certain norms that are driven by our communities. These norms are enforced by rules and regulations, societal influence and public interactions. But is the same true for artificial intelligence (AI)? In this podcast we discuss and explore the answers to some of the key questions related to the rapid adoption of AI, such as: What are the risks associated with AI and the impact of its increasing adaption within almost every industry? And, what role should...

Organizations today struggle with vulnerability management. More specifically, remediating vulnerabilities in a timely manner poses a challenge. With vulnerability remediation backlogs growing at an alarming rate, what can organizations do to meet their established remediation timelines and to protect the organization from cybersecurity threats. Cybersecurity leader Ray Payano will discuss the exponential increase in published vulnerabilities, the lack of resources in cybersecurity to perform...

Guests Jack Freund and Natalie Jorion discuss the need for additional data for quantitative risk analyses and methods to derive that data when it does not exist. They cover how this was done in the past and their updated method for interpolation of such data from record losses and other firmographic data. They end with a discussion of the role of model validation and how it can enable reliable risk management decision making. Hosted by ISACA's Safia Kazi.

Are you wondering about the ever-changing landscape of IT compliance and risk management? Look no further. Hyperproof, a leading SaaS compliance operations provider, conducts an annual survey of over 1,000 IT risk, compliance, and security professionals to uncover their top challenges. Tune in to this exclusive episode to hear about the top five most important statistics uncovered from the survey and get an overview of how your industry peers are managing IT risk and compliance programs...

The world of business has changed dramatically over the past few years. Our digital world is more connected than ever, leaving security and technology teams stretched even thinner. Privacy and data regulations are increasing on a state and national level, threat actors are learning and evolving, and cybersecurity has finally become a boardroom priority! Now that you have leadership’s attention- what will you do? If your answer is “risk management as usual”, that may be holding you...

Cyber threats are now a “clear and present danger” to most organizations, companies and governments of the world. A good cyber defense involves many, intricate layers. You can never have enough layers, just like you can never remove all the risk. In order for organizations to reduce as much risk as possible, in a rapidly shifting threat landscape, they must constantly make improvements. The threat groups are making rapid improvements and increasing their expertise at a steady rate. They are...

Conducting adequate preparation including risk assessments, assessing resource requirements and ensuring ongoing communication to harness both the benefits and to address the potential challenges faced when conducting hybrid or fully virtual audits.

This podcast is a practical discussion with two IT Internal Auditors, Frans Geldenhuys and Gustav Silvo, that have automated IT General Controls across their highly diversified and decentralized group. They will share some of the pitfalls they have experienced in their automation roll out and advise on how to avoid or manage these pitfalls with host, Robin Lyons. Check out Frans and Gustav’s full ISACA Industry News article, “Seven Things to Know Before Automating IT General Control Audits,”...

Organizational culture is crucial because it shapes behaviors and attitudes in the workplace, which can profoundly impact operations and overall success. However, it is sometimes difficult for CISOs and other infosec managers to fully understand their culture because they are inside it constantly. In this ISACA Podcast episode, author and journalist Mark Tarallo chats with ISACA's Safia Kazi about how infosec managers can assess the organizational culture by using a culture model to examine...

What are the primary risks associated with the adoption of emerging technologies, particularly during periods of high market volatility and changing governance requirements? We talk with Samuel Zaruba Smith, PhD(c) about his learnings from working in government regulated industries and emerging technology. We deep dive into the problems of business strategy, security, policy, social engineering ethics, and audits within a business environment of emerging technology systems such as Artificial...

Get to know Chief Membership and Marketing Officer Julia Kanouse as she sits down with childhood best friend and ISACA VP Amanda Raible. The duo discuss everything from leadership to motherhood while competing in Mario Kart! Tune in!

There are literally thousands of VPN services on the market. Some are undeniably benign, but others offer a slate of features that are friendly to cyber criminals. Keeping your network safe from hackers requires you to understand the VPN market, and make decisions based on your company’s appetite for risk. Fortunately, by analyzing IP address data associated with these devices, security professionals can get access to a wealth of VPN contextual data that helps them distinguish between...

Today, the pace of change across industries is quicker than ever before. Economic, political, and social unrest and a global climate crisis have placed unprecedented disruption and pressures on organizations looking to navigate a rapidly changing environment. Firms are being out-innovated and entire industries are being disrupted in a matter of months or years, as opposed to decades. Shifting regulations, data as an asset, dynamic customer behavior and employee expectations of continued...

In a world where adversaries are constantly adapting to improve tactics, techniques, and procedures (TTPs), it is crucial to understand the unique traits and goals of various types of adversaries that actively seek to cause harm to an organization. The personification of these threats will ultimately help measure resilience against specific threat actors, identify investment and hardening opportunities, and improve trust with customers. In this podcast, Daniel Ventura, Manager of Product...

For the average person, life moves quickly. But for business leaders and anyone involved in any aspect of IT, the pace at which technology is changing is overwhelming. Technology can help businesses and individuals do more with less and increase profit margins. However, technological advances carry tremendous risk and increase the criticality of risk management. No longer can business and personal use of technology be viewed in siloes. ISACAs Director of Professional Practices and Innovation,...

If you thought ISACA was only about certification and education, get ready to listen to this podcast and see how ISACA advocates for the IT Audit and Risk Management professions! Join Cindy Baxter, author of the Audit in Practice column in the ISACA Journal, as she interviews two members of the ISACA New England Board of Directors who attended ISACA’s Hill Day in Washington DC.  Hear how they met with their government representatives and with ISACA’s help, discussed legislation that supports...

In this episode, executive principal at Risk Masters International’s Steven Ross discusses why vendors of IT products and services are advertising information security, why businesses are not advertising their security and how to use information security as a component of organizations’ public images with host Safia Kazi.

SaaS is eating the world even more than we think. Companies are dealing with SaaS sprawl: hundreds of apps distributed across different owners that store sensitive data and which are used to orchestrate critical business workflows. Security-minded teams are turning to external compliance frameworks to help protect their customers and data. However, traditional identity governance controls have fallen short of delivering real security outcomes in this digital-first world. They’re missing a...

A review of the events of 2022 shows that 2023 will not be the year of dire new cyber attacks waged by hoodie-wearing cyber criminals or office-bound nation-state APTs. Instead, 2023 will be when multiple regulatory bodies express their mounting frustration with public and private companies' collective inability to reduce the volume and impact of prior cyber attacks.   Tune into this ISACA Episode as Hyperproof’s Field CISO, Kayne McGladrey, speaks with ISACA’s Jeff Champion on how 2023 will...

We live in the age of continuous compromise. This podcast dives into why so many organizations continue to be breached even after spending money on cybersecurity point solutions. Many organizations gravitate towards silver bullet solutions without understanding the threat and impact. In this ISACA Podcast episode, Chris McGown speaks to Rex Johnson and Hamlet Khodaverdian about why a holistic and collaborative approach is absolutely critical to creating cyber-resilience.  For more information...