Filters

Video Type

Domain

Credentials

Subjects

Language

16 of 642 Results

Load More
Video

Information Privacy Contradiction: Interest-Based Posture of Compliance and Violation

Why do individuals, organizations, institutions, nations, or responsible agents work hard to preserve their personal and enterprise data, personnel information, trade secrets, intellectual properties, technical know-how, or national data, yet easily trade on the individual and enterprise data and national data of others? To understand and answer the question appropriately, one must examine the underlying of the Information Privacy Realities Contradiction Theory (IPRCT), which is integral to (1) our natural unity of opposites, (2) our material dialectic mechanism or struggle of choosing from the opposites, and (3) the role of our self-interest in time and circumstance. Therefore, understanding the intricacies of the IPRCT would be instrumental to the proper and timely introduction of privacy requirements early in our system development lifecycle and in the development and enactment of information privacy policies, directives, guidance, and regulations around the world. In this ISACA Podcast episode, Safia Kazi host Dr. Patrick Offor, Chief Warrant Officer Five Retired (CW5(R)); Associate Faculty, to discuss his recently released ISACA Journal article. To read Dr. Offor’s full article, please visit http://uf20.sys-filter.com/resources/isaca-journal/issues/2022/volume-6/the-information-privacy-contradiction. To listen to more ISACA podcasts, please visit uf20.sys-filter.com/podcasts.

338 views • 1 year ago
Video

Protecting Your Enterprise and Deterring Fraud in a New Risk Era

As uncertainty persists due to the COVID-19 pandemic, the war in Ukraine, international cyberthreats, inflation, and a looming recession, it is clear that the world has entered a new era of risk. These factors have created the perfect storm for rising fraud. In the past year, unauthorized digital account openings increased by 21%, while smartphone-related cyberattacks soared by 71%, reflecting a changing threat landscape impacting enterprises and consumers alike. According to one global survey, nearly half of all respondents experienced fraud in the past 24 months, 3 compromising financial resources, personal data, and peace of mind with frightening rapidity. Recent research we have completed also reflects that “60% of Consumers Don't Believe Companies Do Enough to Protect Their Data as Demand for Security Grows". Listen to the CEO of GBG Americas, Christina Luttrell, as she explains that, as a result, identity verification is a priority for organizations and government agencies that view it as a strategic differentiator that allows them to enhance the customer experience while improving their defensive posture at a critical time in this ISACA podcast episode. To read the ISACA Journal article, Protecting Your Enterprise and Deterring Fraud in a New Risk Era, please visit: http://uf20.sys-filter.com/protecting-your-enterprise To listen to more ISACA Podcasts, please visit uf20.sys-filter.com/podcasts.

327 views • 1 year ago
Video

Enabling Digital Trust through Canada's Digital Charter

Data are the lifelines of a digital economy. They drive innovation, enabling cutting-edge research and next-generation technologies, including artificial intelligence (AI), robotics, and the Internet of things (IoT). But these opportunities introduce new sources of risk that must be managed appropriately. Canadians are raising important questions such as, “How will personal data be used?” and “What controls are in place to safeguard privacy and security?” To encourage innovation within the digital economy while managing this risk, the Government of Canada has established the need for digital trust between citizens and organizations as an enabler by implementing a Digital Charter. As the Canadian government cites, “Trust is the foundation on which our digital and data-driven Canadian economy will be built.” This digital trust is defined by the “confidence that users have in the ability of people, technology, and processes to create a secure digital world. Tune into this ISACA Podcast as the Acting Director of Internal Assurance at the Office of Enterprise Risk & Assurance of the University of British Columbia (UBC), Mary Carmichael, join’s ISACA’s Safia Kazi to explore topics including what is the Digital Charter and how it supports digital trust; what are critical elements of the Digital Charter (e.g., AI Ethics, Privacy, Principles for the Digital Economy); what are the implications for organizations and the public. To read Mary’s full-length article, visit http://uf20.sys-filter.com/enabling-digital-trust-with-canadas-digital-charter. To listen to more ISACA podcasts, visit http://uf20.sys-filter.com/podcasts.

172 views • 2 years ago
Video

Foco de la industria - Arnulfo Espinosa Dominguez, Parte II

El vicepresidente del Capítulo Monterrey de ISACA y Director de Auditoría y Fraude de TI de uno de los Grupos Financieros más grandes de México, Arnulfo Espinosa Domínguez, se une a Jocelyn Alcantar de ISACA para compartir muchas cosas que ha aprendido durante sus 20 años de experiencia profesional en la industria. Habiéndose dado cuenta del valor de la información a una edad temprana, Arnulfo ha forjado su camino dentro de la comunidad de TI. Es un formador acreditado para múltiples certificaciones, asesor independiente y presidente de varios comités de Ciberseguridad, Riesgo y Auditoría, y es reconocido mundialmente por un apodo que sus compañeros le han dado, "El AudiTHOR". Como voluntario de ISACA desde hace mucho tiempo y orador de conferencias, Arnulfo ha sido premiado en numerosas ocasiones por sus destacados logros. En 2019, se le otorgó el "Premio al Líder de Capítulo Sobresaliente" (Outstanding Chapter Leader Award) de ISACA, en 2020, recibió el "Premio John Kuyers al Mejor Orador" (John Kuyers Award for Best), y recibió el mayor logro, el "Premio Salón de la Fama de ISACA" (ISACA Hall of Fame Award) en 2021.  ¡Únase a la escucha de este episodio mientras Arnulfo ofrece sus mejores consejos y prácticas para convertirse en un orador excepcional, consejos sobre cómo los profesionales emergentes pueden entrar en la industria, y cómo su alter ego, AudiTHOR, alimenta su pasión por la auditoría! Para leer más sobre Arnulfo, visite uf20.sys-filter.com/resources/news-and-trends/isaca-now-blog/2020/iamisaca-from-rock-star-to-speak-star Para escuchar más Podcasts de ISACA, visite uf20.sys-filter.com/podcasts

250 views • 2 years ago
Video

Industry Spotlight - Dr. Blake Curtis Part II

Link to Part I: http://youtu.be/AE-FykwzviU Author, editor, speaker, and educator, Dr. Blake Curtis is joined by Red Cross’s Senior Internal Auditor Niki Gomes to talk about everything from growing up in a small town to completing his master’s degree in 10 weeks and publishing his 600-page dissertation in this ISACA Industry Spotlight episode. In a meaningful conversation, Blake discusses how surviving a near-death experience transformed and motivated him to expand his understanding of what it means to be a human. He was inspired to supercharge his learning, career journey, and personal growth. Making the decision to become intentional in every interaction and giving 100% of his effort in every initiative, he blazed his path to success. At the 2022 ISACA North America Conference, Blake presented his findings from his ground-breaking and internationally known dissertation, "The Next Generation Cybersecurity Auditor.” His research discovered a technical competency gap in Big Four IT Auditors and SMEs and debunked the 10,000-hour rule and "years of experience" fallacy. His study proved that task-based experience is more objective than time-based experience. Blake is also the author of "How to Complete Your Master's Degree in One Semester," which has assisted over 150 students to complete their master’s degrees in record-setting times. Along his journey, he has earned over 30 IT certifications and gained additional impressive certificates for engineering, advising, managing, and leadership. Blake has an abundance of experience to share with ISACA’s audience. Tune in now to be inspired, uplifted, and enlightened by his techniques, advice, and wisdom that can help boost your career! Below you can find materials and resources that Blake would like to share with our audience. Links: How to regulate a profession pg. 261 and 265 of Creating the Next Generation Cybersecurity Auditor: Examining the Relationship between It Auditors’ Competency, Audit Quality, & Data Breaches - ProQuest Debunking Years of Experience: http://www.linkedin.com/posts/reginaldblakecurtis_science-hiring-experience-activity-6951573321901621248-cygl?utm_source=linkedin_share&utm_medium=member_desktop_web Videos Equitable Hiring YouTube Series link: http://www.youtube.com/watch?v=IsnoCNIA2WU&list=PLfr4LANhCPrCXIc6V_h_k2dyKwPP7wJJa Tools Inoreader: Inoreader - Take back control of your newsfeed Anki Notecards (Spaced Repetition): About - AnkiWeb Notion Books Art of Conversation – Judy Apps Verbal Judo – George Thompson The Science of Self-Learning – Peter Hollins Finish What Your Start – Peter Hollins The Power of Discipline – Daniel Walter

407 views • 2 years ago
Video

Industry Spotlight - Dr. Blake Curtis, Part I

Link to Part II: http://youtu.be/zlrGdTRP-OA Author, editor, speaker, and educator, Dr. Blake Curtis is joined by Red Cross’s Senior Internal Auditor Niki Gomes to talk about everything from growing up in a small town to completing his master’s degree in 10 weeks and publishing his 600-page dissertation in this ISACA Industry Spotlight episode. In a meaningful conversation, Blake discusses how surviving a near-death experience transformed and motivated him to expand his understanding of what it means to be a human. He was inspired to supercharge his learning, career journey, and personal growth. Making the decision to become intentional in every interaction and giving 100% of his effort in every initiative, he blazed his path to success. At the 2022 ISACA North America Conference, Blake presented his findings from his ground-breaking and internationally known dissertation, "The Next Generation Cybersecurity Auditor.” His research discovered a technical competency gap in Big Four IT Auditors and SMEs and debunked the 10,000-hour rule and "years of experience" fallacy. His study proved that task-based experience is more objective than time-based experience. Blake is also the author of "How to Complete Your Master's Degree in One Semester," which has assisted over 150 students to complete their master’s degrees in record-setting times. Along his journey, he has earned over 30 IT certifications and gained additional impressive certificates for engineering, advising, managing, and leadership. Blake has an abundance of experience to share with ISACA’s audience. Tune in now to be inspired, uplifted, and enlightened by his techniques, advice, and wisdom that can help boost your career! Below you can find materials and resources that Blake would like to share with our audience. Links: How to regulate a profession pg. 261 and 265 of Creating the Next Generation Cybersecurity Auditor: Examining the Relationship between It Auditors’ Competency, Audit Quality, & Data Breaches - ProQuest Debunking Years of Experience: http://www.linkedin.com/posts/reginaldblakecurtis_science-hiring-experience-activity-6951573321901621248-cygl?utm_source=linkedin_share&utm_medium=member_desktop_web Videos Equitable Hiring YouTube Series link: http://www.youtube.com/watch?v=IsnoCNIA2WU&list=PLfr4LANhCPrCXIc6V_h_k2dyKwPP7wJJa Tools Inoreader: Inoreader - Take back control of your newsfeed Anki Notecards (Spaced Repetition): About - AnkiWeb Notion Books Art of Conversation – Judy Apps Verbal Judo – George Thompson The Science of Self-Learning – Peter Hollins Finish What Your Start – Peter Hollins The Power of Discipline – Daniel Walter

940 views • 2 years ago
Video

Industry Spotlight - Arnulfo Espinosa Dominguez, Part II

Link to Part I: http://youtu.be/yNQvbf9onik Vice President of the ISACA Monterrey Chapter and IT Audit & Fraud Director of one of the largest Financial Groups in México, Arnulfo Espinosa Dominguez, joins ISACA’s Jocelyn Alcantar to share some of the many things he has learned over his 20 years of professional experience in the industry. Having realized the value of information at an early age, Arnulfo has forged his path within the IT community. He is an accredited trainer for multiple certifications, an independent advisor and chairman for various Cybersecurity, Risk, and Audit committees, and is globally recognized by a nickname his peers have given him, "The AudiTHOR.” As a long-time ISACA volunteer and conference speaker, Arnulfo has been awarded on numerous occasions for his outstanding achievements. In 2019, he was given the ISACA “Outstanding Chapter Leader Award,” in 2020, he received the “John Kuyers Award for Best Speaker”, and he received the highest achievement, the “ISACA Hall of Fame Award” in 2021. Tune into this episode as Arnulfo offers his best tips and practices for becoming an exceptional keynote speaker, advice on how the up-and-coming professionals can get into the industry, and how his alter ego, AudiTHOR, fuels his passion for auditing! To read more about Arnulfo, visit uf20.sys-filter.com/resources/news-and-trends/isaca-now-blog/2020/iamisaca-from-rock-star-to-speak-star. To listen to more ISACA Podcasts, visit uf20.sys-filter.com/podcasts.

110 views • 2 years ago
Video

Industry Spotlight - Arnulfo Espinosa Dominguez, Part I

Link to Part II: http://youtu.be/plxD2frpYk0 Vice President of the ISACA Monterrey Chapter and IT Audit & Fraud Director of one of the largest Financial Groups in México, Arnulfo Espinosa Dominguez, joins ISACA’s Jocelyn Alcantar to share some of the many things he has learned over his 20 years of professional experience in the industry. Having realized the value of information at an early age, Arnulfo has forged his path within the IT community. He is an accredited trainer for multiple certifications, an independent advisor and chairman for various Cybersecurity, Risk, and Audit committees, and is globally recognized by a nickname his peers have given him, "The AudiTHOR.” As a long-time ISACA volunteer and conference speaker, Arnulfo has been awarded on numerous occasions for his outstanding achievements. In 2019, he was given the ISACA “Outstanding Chapter Leader Award,” in 2020, he received the “John Kuyers Award for Best Speaker”, and he received the highest achievement, the “ISACA Hall of Fame Award” in 2021.   Tune into this episode as Arnulfo offers his best tips and practices for becoming an exceptional keynote speaker, advice on how the up-and-coming professionals can get into the industry, and how his alter ego, AudiTHOR, fuels his passion for auditing! To read more about Arnulfo, visit uf20.sys-filter.com/resources/news-and-trends/isaca-now-blog/2020/iamisaca-from-rock-star-to-speak-star. To listen to more ISACA Podcasts, visit uf20.sys-filter.com/podcasts.

274 views • 2 years ago
Video

Smarter Testing = Safer Digital Experiences

Application testing is a critical component of a software development lifecycle. A complete testing battery for any application includes not only functionality and usability testing but security and reliability testing as well. However, helping ensure that security testing in particular produces results that focus on actionable items – with accurate relative priorities – has been a persistent challenge. Are actionable items from testing actually going to move the needle in terms of product quality and resilience – especially in how they manage evolving threats? While the “OWASP Top 10” and “CWE/SANS Top 25” are still important, they represent merely a reasonable beginning to a security testing strategy. How do you go beyond those lists and become truly more “adversary-aware” in testing? In addition, how do you make sure that these testing efforts genuinely help your development teams “shift left” in their thinking and implementation of better security controls in your applications? These are challenges Adobe set out to solve by not just making our testing efforts more extensive or frequent – but smarter, and with as tight of alignment as possible to the software development lifecycle and even closer in modeling real-world adversary threats. We invite you to join Shannon Lietz, VP, Adobe Security, as she speaks with ISACA's IT Audit Professional Practices Principal, Robin Lyons for a discussion of these issues and others that we must address as an industry to make us genuinely more “DevSecOps”-minded in our approach to application security testing. Robin and Shannon will discuss Adobe’s overall strategy around our application testing efforts and how smarter testing is fundamental to achieving a true “shift left” approach around application security. They will also talk about how this effort is really going to help us deliver the safer digital experiences users are demanding. For more information go to http://trust.adobe.com Be sure to like, comment, and subscribe for more ISACA Productions content.

397 views • 2 years ago
Video

A Security Awareness Program for PCI-DSS Compliance

People are considered the weakest link in any organization’s cybersecurity defenses. Hence, in most cases, the primary targets of cyber-attackers are the employees of the organization. In addition, people are easier to compromise and exploit unlike finding a single software to breach an organization or enterprise business. While a lot of efforts go into improving the existing security infrastructure, ignorance of human resources would leave a significant gap in the defense strategy. Join ISACA’s Research Advisor, Brian Fletcher, as he is joined by Dr. Yasmin Razack, author of “A Security Awareness Program for PCI DSS Compliance: Implementation and Legal and Ethical Issues to Be Considered”. In this episode, they will be addressing the challenges in implementing a security awareness program to fill this gap and the legal/ethical issues that needs to be considered during implementation. As per the Payment Card Industry – Data Security Standard (PCI-DSS) requirement 12.6, a Security Awareness Program is mandatory to be held at least once a year and for new hires. However, it is not an easy task and cannot be a one-time activity. But if implemented effectively, awareness programs can be the human firewall of the organization. It will make the organization compliant to regulations like PCI-DSS thereby protecting it from fines due to non-compliance, defamation, costs of data breaches and will help improve customer trust and loyalty. To read Dr. Razack’s full article click here - uf20.sys-filter.com/pci-dss-compliance Be sure to like, comment, and subscribe for more ISACA Production content!

907 views • 2 years ago
Video

Industry Spotlight - Jo Stewart-Rattray

Making a difference within the cyber industry is of paramount importance to Jo Stewart-Rattray. She is incredibly passionate about encouraging, teaching, and mentoring more women into tech and security fields. In this episode of Industry Spotlight, Robyn Franko, Manager of Event Operations and Services at ISACA, chats with Jo about her background and career path, hobbies, and some interesting challenges the industry faces. Jo has over 25 years of experience in the IT field, some of which were spent as CIO in the Utilities and as Group CIO in the Tourism space, and with significant experience in the Information Security arena, including as CISO in the healthcare sector. She underpins her information technology and security background with her qualifications in education and management. She specializes in consulting in risk and technology issues with a particular emphasis on governance and security in both the commercial and operational areas of businesses. Jo provides strategic advice to organizations across a number of industry sectors, including banking and finance, utilities, manufacturing, tertiary education, retail, healthcare, and government. She has chaired several of ISACA’s international committees, including the Board Audit & Risk Committee, Leadership Development, and Professional Influence & Advocacy. She served as an Elected Director on ISACA’s International Board of Directors for seven years and was the founder of its global women’s leadership initiative, SheLeadsTech. Because of her involvement with ISACA and the SheLeadsTech program and her rural background Jo was selected from a large number of candidates to be one of only two non-government delegates and was invited to join the official Australian Government delegation to the 62nd Session of the United Nations Commission on the Status of Women (CSW62) held in New York in March 2018. She returned to the UN in 2019 and again spoke at two UN events this year. She has spoken on Capitol Hill during a Day of Advocacy designed to bring tech leaders together in one place to discuss issues related to women in technology and then to meet with congressional representatives and Senator’s offices. Be sure to like, comment, and subscribe for more ISACA Content. For more information check out - uf20.sys-filter.com/podcasts

315 views • 2 years ago
Video

Industry Spotlight with Raven David

"For me, it's all about working with people... at the end of the day, you want to work in a place where you can trust other individuals, you can get to know other individuals, and being personable with one another makes an organization great to work for," Raven David tells ISACA. In this Industry Spotlight episode, we meet Raven David, Cyber Risk and Governance Manager for The University of New South Wales (UNSW). Fascinated with technology at an early age, the native Australian recalls that he spent part of his childhood disassembling computers and putting them back together to understand better how they worked. This passion led him on a fantastic life journey and set him on a path to dominate the industry as a risk management, governance, compliance, assurance, and emerging technologies expert. Raven talks about his less traditional educational and career track. While working full-time, he managed a full-time class schedule simultaneously, to a career that allowed him to establish and manage a cyber risk and compliance team within a corporation of 5,000+ employees. Listen as Raven recaps the success of his cybersecurity awareness program, gives thoughtful advice to the next generation of young professionals, and discusses his current self-educating project, 3D printed chess set with Arduino-powered actuators and a Python chess engine.  As an active contributor to ISACA and the ISACA Sydney Chapter, Raven recently volunteered, mentored, and led the 2021 Oceania Conference Taskforce and is currently a CRISC Certification Working Group. In this ISACA Industry Spotlight episode, get to know the next-gen cybersecurity leader, Raven David. Connect with Raven David on LinkedIn: http://www.linkedin.com/in/ravendavid/  Press play now, and don’t forget to subscribe!

288 views • 2 years ago
Video

EuroCACS 2018 | COBIT 5 Foundation Workshop

Learn about the COBIT 5 Foundation workshop here: http://bit.ly/2pSrudX Bruno Horta Soares talks about his COBIT 5 Foundation workshop at EuroCACS 2018 in Edinburgh, Scotland. Learn the importance of an effective framework to enable business value. Delve into the elements of ISACA’s evolutionary framework to understand how COBIT 5 covers the business end-to-end and helps you effectively govern and manage enterprise IT. Developed for anyone interested in obtaining foundation-level knowledge of COBIT, the course explains the COBIT framework and supporting materials in a logical and example-driven approach. Earn the COBIT 5 Foundation Certificate! Attendees can take the Foundation Exam Monday, 28 May 2018 for an additional US $150! The exam will take place on Monday morning, before the opening keynote presentation. A study session will also be held on Sunday evening prior to the exam to prepare you as much as possible. In 2017, 100% of those who attended the COBIT 5 Foundation workshop and took the exam at the conference passed! Space is limited for the exam, so be sure to add it to your registration today to secure your spot! Learn about the COBIT 5 Foundation workshop here: http://bit.ly/2pSrudX Register for EuroCACS 2018 today: http://bit.ly/2pWTygr See the full program: http://bit.ly/2pRYaEd Learn more about our workshops: http://bit.ly/2pSrudX Check out our networking events: http://bit.ly/2pSr9YJ Explore Edinburgh with our interactive map: http://bit.ly/2pTNntf

281 views • 2 years ago
Video

ISACA CRISC Online Review Course Overview

Purchase ISACA's CRISC Online Review Course here: http://bit.ly/2wgNLYc Online review courses are also available for purchase through our enterprise sales team for larger organizations. Learn more here: http://bit.ly/2whvv0C Course Description The CRISC Online Review Course is an online preparation course that will prepare you for the CRISC certification exam using proven instructional design techniques and interactive activities. The course covers all four of the CRISC domains. The course incorporates video, interactive eLearning modules, downloadable, interactive workbooks, downloadable job aids, case study activities, and pre- and post-course assessments. You will be able to navigate the course at your own pace, following a recommended structure, or target preferred job practice areas. You may also start and stop the course based on your study schedule, picking up exactly where you left off the next time you access. Trained by ISACA. Certified by ISACA. Learning Objectives At the end of this course, the learner will be able to: --Identify the IT risk management strategy in support of business objectives and alignment with the Enterprise Risk Management (ERM) strategy. --Analyze and evaluate IT risk to determine the likelihood and impact on business objectives to enable risk-based decision making. --Determine risk response options and evaluate their efficiency and effectiveness to manage risk in alignment with business objectives. --Continuously monitor and report on IT risk and controls to relevant stakeholders to ensure the continued efficiency and effectiveness of the IT risk management strategy and its alignment with business objectives. Course Outline CRISC Self-Assessment --50 questions --Results broken down per domain Introduction --Welcome video --Getting started Job Aid Domain 1 — Risk Management --Collect and review environmental risk data Identify potential vulnerabilities to people, processes and assets --Develop IT scenarios based on information and potential impact to the organization --Identify key stakeholders for risk scenarios --Establish risk register --Gain senior leadership and stakeholder approval of the risk plan --Collaborate to create a risk awareness program and conduct training Domain 2 – IT Risk Assessment --Analyze risk scenarios to determine likelihood and impact --Identify current state of risk controls and their effectiveness --Determine gaps between the current state of risk controls and the desired state --Ensure risk ownership is assigned at the appropriate level --Communicate risk assessment data to senior management and appropriate stakeholders --Update the risk register with risk assessment data Domain 3 – Risk Response and Mitigation --Align risk responses with business objectives --Develop consult with and assist risk owners with development risk action plans --Ensure risk mitigation controls are managed to acceptable levels --Ensure control ownership is appropriately assigned to establish accountability --Develop and document control procedures for effective control --Update the risk register --Validate that risk responses are executed according to risk action plans Domain 4 – Risk and Control Monitoring and Reporting --Risk and control monitoring and reporting --Define key risk indicators (KRIs) and identify key performance indicators (KPIs) to enable performance measurement key risk indicators (KRIs) and key performance indicators (KPIs) --Determine the effectiveness of control assessments --Identify and report trends/changes to KRIs/KPIs that affect control performance or the risk profile CRISC Sample Exam --75 questions

2K views • 2 years ago
Video

ISACA CISM Online Review Course Overview

Purchase ISACA's CISM Online Review Course here: http://bit.ly/2wh1AWD Online review courses are also available for purchase through our enterprise sales team for larger organizations. Learn more here: http://bit.ly/2wgNbtu ________________________________________ CISM Online Review Course Description The CISM Online Review Course is an online preparation course that will prepare you for the CISM certification exam using proven instructional design techniques and interactive activities. The course covers all four of the CISM domains. The course incorporates video, interactive eLearning modules, downloadable, interactive workbooks, downloadable job aids, case study activities, and pre- and post-course assessments. You will be able to navigate the course at your own pace, following a recommended structure, or target preferred job practice areas. You may also start and stop the course based on your study schedule, picking up exactly where you left off the next time they access. Trained by ISACA. Certified by ISACA. Learning Objectives At the completion of this course the learner will be able to: --Establish and/or maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives. --Manage information risk to an acceptable level based on risk appetite to meet organizational goals and objectives. --Develop and maintain an information security program that identifies, manages and protects the organization’s assets while aligning to information security strategy and business goals, thereby supporting an effective security posture. --Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact. Course Outline CISM Self-Assessment --50 questions --Results are broken down per domain Introduction --Welcome video --Getting started Job Aid Domain 1 – Information Security Governance --Explain the need for and the desired outcomes of an effective information security strategy --Create an information security strategy aligned with organizational goals and objectives --Gain stakeholder support using business cases Identify key roles and responsibilities needed to execute an action plan --Establish metrics to measure and monitor the performance of security governance Domain 2 – Information Risk Management --Explain the importance of risk management as a tool to meet business needs and develop a security management program to support these needs --Identify, rank, and respond to a risk in a way that is appropriate as defined by organizational directives --Assess the appropriateness and effectiveness of information security controls --Report information security risk effectively Domain 3- Information Security Program Development and Management --Align information security program requirements with those of other business functions ​ --Manage the information security program resources --Design and implement information security controls ​ --Incorporate information security requirements into contracts, agreements and third-party management processes Domain 4 – Information Security Incident Management --Understand the concepts and practices of Incident Management --Identify the components of an Incident Response Plan and evaluate its effectiveness --Understand the key concepts of Business Continuity Planning, or BCP and Disaster Recovery Planning, or DRP --Be familiar with techniques commonly used to test incident response capabilities CISM Sample Exam --75 questions

5K views • 2 years ago
Video

Internal Control Using COBIT 5

Download your copy of the free corresponding whitepaper here: http://bit.ly/2uTpS8s A free Internal and Mitigating Control Selection Worksheet is also available under "Related Items" here: http://bit.ly/2uTpS8s Synopsis: In any organization, uncertainty is everywhere. External factors such as industry outlooks and consumer sentiment can have substantial impact on an organization’s growth and strategy. Internal factors within the organization also arise, such as IT security, ethics, and financial compliance. These external and internal factors introduce risk to an organization’s ability to meet goals and objectives. Every organization must establish processes that ensure risk is managed. These policies are called ”internal controls.” Failing to mitigate these risk factors may result in regulatory issues, ethical misconduct, or security breaches—the consequences of which can be severe. Therefore, it is vital to establish a properly managed control environment to create assurance and confidence in the organization’s activities and outcomes. An effective way to achieve that goal is to use the COBIT 5 framework for governance of enterprise IT as an overarching framework for various standards, frameworks and best practices being used in that control environment. At the enterprise level, the separation of governance controls and internal controls in many organizations may lead to miscommunication, inefficiency, and an inability to effectively deliver value to stakeholders. Using the COBIT 5 governance framework for internal controls can streamline and eliminate these inefficiencies, by aligning controls with business objectives, and by creating a cohesive methodology across the governance, risk, and compliance (GRC) functions. This video explores this concept in detail. Learn more: http://bit.ly/2uTpS8s

8K views • 2 years ago
Video

IT Audit in Practice: Survival When You are Small-business Continuity and Resilience

Everyone needs a resilient operating model, and the pandemic has been the reality check showing how necessary it is to have a plan. Was your small-business or corporation prepared for the shift to remote work in early 2020? If not, you probably realized that business continuity is more than having the right systems and applications in place. The most important factor is people! Although both large and small enterprises have accommodated and adapted, the smaller organizations with fewer resources and time have faced equal or greater hurdles when it comes to this type of planning. Join ISACA’s IT Professional Practices Lead, Kevin Keh, as he interviews Cindy Baxter, Director, What’s the Risk, LLC and discusses the importance of having a business continuity and resilience plan for your business. Cindy discusses consistently updating your crisis team and notification systems, the importance of allowing an auditor to fully understand your business, accepting critical feedback throughout the entire audit process vs. waiting for the final report and more! Cindy also mentions how small business owners and employees shouldn’t get defensive or take the findings personally. Remember, the value comes not in the result, but in the adoption of the results and recommendations. For more information on this topic, download ISACA’s IT Business Continuity/Disaster Recover Audit Program here: shorturl.at/uLZ16

141 views • 3 years ago
Video

Foco de la industria - Arnulfo Espinosa Dominguez, Parte I

El vicepresidente del Capítulo Monterrey de ISACA y Director de Auditoría y Fraude de TI de uno de los Grupos Financieros más grandes de México, Arnulfo Espinosa Domínguez, se une a Jocelyn Alcantar de ISACA para compartir muchas cosas que ha aprendido durante sus 20 años de experiencia profesional en la industria. Habiéndose dado cuenta del valor de la información a una edad temprana, Arnulfo ha forjado su camino dentro de la comunidad de TI. Es un formador acreditado para múltiples certificaciones, asesor independiente y presidente de varios comités de Ciberseguridad, Riesgo y Auditoría, y es reconocido mundialmente por un apodo que sus compañeros le han dado, "El AudiTHOR". Como voluntario de ISACA desde hace mucho tiempo y orador de conferencias, Arnulfo ha sido premiado en numerosas ocasiones por sus destacados logros. En 2019, se le otorgó el "Premio al Líder de Capítulo Sobresaliente" (Outstanding Chapter Leader Award) de ISACA, en 2020, recibió el "Premio John Kuyers al Mejor Orador" (John Kuyers Award for Best), y recibió el mayor logro, el "Premio Salón de la Fama de ISACA" (ISACA Hall of Fame Award) en 2021.  ¡Únase a la escucha de este episodio mientras Arnulfo ofrece sus mejores consejos y prácticas para convertirse en un orador excepcional, consejos sobre cómo los profesionales emergentes pueden entrar en la industria, y cómo su alter ego, AudiTHOR, alimenta su pasión por la auditoría! Para leer más sobre Arnulfo, visite uf20.sys-filter.com/resources/news-and-trends/isaca-now-blog/2020/iamisaca-from-rock-star-to-speak-star Para escuchar más Podcasts de ISACA, visite uf20.sys-filter.com/podcasts

207 views • 2 years ago
Digital Trust
Member Benefits
ISACA Community
Credentialing
Enterprise Performance
ISACA Foundation
IT Trends
Podcasts
Video

Information Privacy Contradiction: Interest-Based Posture of Compliance and Violation

Why do individuals, organizations, institutions, nations, or responsible agents work hard to preserve their personal and enterprise data, personnel information, trade secrets, intellectual properties, technical know-how, or national data, yet easily trade on the individual and enterprise data and national data of others? To understand and answer the question appropriately, one must examine the underlying of the Information Privacy Realities Contradiction Theory (IPRCT), which is integral to (1) our natural unity of opposites, (2) our material dialectic mechanism or struggle of choosing from the opposites, and (3) the role of our self-interest in time and circumstance. Therefore, understanding the intricacies of the IPRCT would be instrumental to the proper and timely introduction of privacy requirements early in our system development lifecycle and in the development and enactment of information privacy policies, directives, guidance, and regulations around the world. In this ISACA Podcast episode, Safia Kazi host Dr. Patrick Offor, Chief Warrant Officer Five Retired (CW5(R)); Associate Faculty, to discuss his recently released ISACA Journal article. To read Dr. Offor’s full article, please visit http://uf20.sys-filter.com/resources/isaca-journal/issues/2022/volume-6/the-information-privacy-contradiction. To listen to more ISACA podcasts, please visit uf20.sys-filter.com/podcasts.

338 Views • 1 year ago

Video

Protecting Your Enterprise and Deterring Fraud in a New Risk Era

As uncertainty persists due to the COVID-19 pandemic, the war in Ukraine, international cyberthreats, inflation, and a looming recession, it is clear that the world has entered a new era of risk. These factors have created the perfect storm for rising fraud. In the past year, unauthorized digital account openings increased by 21%, while smartphone-related cyberattacks soared by 71%, reflecting a changing threat landscape impacting enterprises and consumers alike. According to one global survey, nearly half of all respondents experienced fraud in the past 24 months, 3 compromising financial resources, personal data, and peace of mind with frightening rapidity. Recent research we have completed also reflects that “60% of Consumers Don't Believe Companies Do Enough to Protect Their Data as Demand for Security Grows". Listen to the CEO of GBG Americas, Christina Luttrell, as she explains that, as a result, identity verification is a priority for organizations and government agencies that view it as a strategic differentiator that allows them to enhance the customer experience while improving their defensive posture at a critical time in this ISACA podcast episode. To read the ISACA Journal article, Protecting Your Enterprise and Deterring Fraud in a New Risk Era, please visit: http://uf20.sys-filter.com/protecting-your-enterprise To listen to more ISACA Podcasts, please visit uf20.sys-filter.com/podcasts.

327 Views • 1 year ago

Video

Enabling Digital Trust through Canada's Digital Charter

Data are the lifelines of a digital economy. They drive innovation, enabling cutting-edge research and next-generation technologies, including artificial intelligence (AI), robotics, and the Internet of things (IoT). But these opportunities introduce new sources of risk that must be managed appropriately. Canadians are raising important questions such as, “How will personal data be used?” and “What controls are in place to safeguard privacy and security?” To encourage innovation within the digital economy while managing this risk, the Government of Canada has established the need for digital trust between citizens and organizations as an enabler by implementing a Digital Charter. As the Canadian government cites, “Trust is the foundation on which our digital and data-driven Canadian economy will be built.” This digital trust is defined by the “confidence that users have in the ability of people, technology, and processes to create a secure digital world. Tune into this ISACA Podcast as the Acting Director of Internal Assurance at the Office of Enterprise Risk & Assurance of the University of British Columbia (UBC), Mary Carmichael, join’s ISACA’s Safia Kazi to explore topics including what is the Digital Charter and how it supports digital trust; what are critical elements of the Digital Charter (e.g., AI Ethics, Privacy, Principles for the Digital Economy); what are the implications for organizations and the public. To read Mary’s full-length article, visit http://uf20.sys-filter.com/enabling-digital-trust-with-canadas-digital-charter. To listen to more ISACA podcasts, visit http://uf20.sys-filter.com/podcasts.

172 Views • 2 years ago

Video

Foco de la industria - Arnulfo Espinosa Dominguez, Parte II

El vicepresidente del Capítulo Monterrey de ISACA y Director de Auditoría y Fraude de TI de uno de los Grupos Financieros más grandes de México, Arnulfo Espinosa Domínguez, se une a Jocelyn Alcantar de ISACA para compartir muchas cosas que ha aprendido durante sus 20 años de experiencia profesional en la industria. Habiéndose dado cuenta del valor de la información a una edad temprana, Arnulfo ha forjado su camino dentro de la comunidad de TI. Es un formador acreditado para múltiples certificaciones, asesor independiente y presidente de varios comités de Ciberseguridad, Riesgo y Auditoría, y es reconocido mundialmente por un apodo que sus compañeros le han dado, "El AudiTHOR". Como voluntario de ISACA desde hace mucho tiempo y orador de conferencias, Arnulfo ha sido premiado en numerosas ocasiones por sus destacados logros. En 2019, se le otorgó el "Premio al Líder de Capítulo Sobresaliente" (Outstanding Chapter Leader Award) de ISACA, en 2020, recibió el "Premio John Kuyers al Mejor Orador" (John Kuyers Award for Best), y recibió el mayor logro, el "Premio Salón de la Fama de ISACA" (ISACA Hall of Fame Award) en 2021.  ¡Únase a la escucha de este episodio mientras Arnulfo ofrece sus mejores consejos y prácticas para convertirse en un orador excepcional, consejos sobre cómo los profesionales emergentes pueden entrar en la industria, y cómo su alter ego, AudiTHOR, alimenta su pasión por la auditoría! Para leer más sobre Arnulfo, visite uf20.sys-filter.com/resources/news-and-trends/isaca-now-blog/2020/iamisaca-from-rock-star-to-speak-star Para escuchar más Podcasts de ISACA, visite uf20.sys-filter.com/podcasts

250 Views • 2 years ago

Video

Foco de la industria - Arnulfo Espinosa Dominguez, Parte I

El vicepresidente del Capítulo Monterrey de ISACA y Director de Auditoría y Fraude de TI de uno de los Grupos Financieros más grandes de México, Arnulfo Espinosa Domínguez, se une a Jocelyn Alcantar de ISACA para compartir muchas cosas que ha aprendido durante sus 20 años de experiencia profesional en la industria. Habiéndose dado cuenta del valor de la información a una edad temprana, Arnulfo ha forjado su camino dentro de la comunidad de TI. Es un formador acreditado para múltiples certificaciones, asesor independiente y presidente de varios comités de Ciberseguridad, Riesgo y Auditoría, y es reconocido mundialmente por un apodo que sus compañeros le han dado, "El AudiTHOR". Como voluntario de ISACA desde hace mucho tiempo y orador de conferencias, Arnulfo ha sido premiado en numerosas ocasiones por sus destacados logros. En 2019, se le otorgó el "Premio al Líder de Capítulo Sobresaliente" (Outstanding Chapter Leader Award) de ISACA, en 2020, recibió el "Premio John Kuyers al Mejor Orador" (John Kuyers Award for Best), y recibió el mayor logro, el "Premio Salón de la Fama de ISACA" (ISACA Hall of Fame Award) en 2021.  ¡Únase a la escucha de este episodio mientras Arnulfo ofrece sus mejores consejos y prácticas para convertirse en un orador excepcional, consejos sobre cómo los profesionales emergentes pueden entrar en la industria, y cómo su alter ego, AudiTHOR, alimenta su pasión por la auditoría! Para leer más sobre Arnulfo, visite uf20.sys-filter.com/resources/news-and-trends/isaca-now-blog/2020/iamisaca-from-rock-star-to-speak-star Para escuchar más Podcasts de ISACA, visite uf20.sys-filter.com/podcasts

207 Views • 2 years ago

Video

Industry Spotlight - Dr. Blake Curtis Part II

Link to Part I: http://youtu.be/AE-FykwzviU Author, editor, speaker, and educator, Dr. Blake Curtis is joined by Red Cross’s Senior Internal Auditor Niki Gomes to talk about everything from growing up in a small town to completing his master’s degree in 10 weeks and publishing his 600-page dissertation in this ISACA Industry Spotlight episode. In a meaningful conversation, Blake discusses how surviving a near-death experience transformed and motivated him to expand his understanding of what it means to be a human. He was inspired to supercharge his learning, career journey, and personal growth. Making the decision to become intentional in every interaction and giving 100% of his effort in every initiative, he blazed his path to success. At the 2022 ISACA North America Conference, Blake presented his findings from his ground-breaking and internationally known dissertation, "The Next Generation Cybersecurity Auditor.” His research discovered a technical competency gap in Big Four IT Auditors and SMEs and debunked the 10,000-hour rule and "years of experience" fallacy. His study proved that task-based experience is more objective than time-based experience. Blake is also the author of "How to Complete Your Master's Degree in One Semester," which has assisted over 150 students to complete their master’s degrees in record-setting times. Along his journey, he has earned over 30 IT certifications and gained additional impressive certificates for engineering, advising, managing, and leadership. Blake has an abundance of experience to share with ISACA’s audience. Tune in now to be inspired, uplifted, and enlightened by his techniques, advice, and wisdom that can help boost your career! Below you can find materials and resources that Blake would like to share with our audience. Links: How to regulate a profession pg. 261 and 265 of Creating the Next Generation Cybersecurity Auditor: Examining the Relationship between It Auditors’ Competency, Audit Quality, & Data Breaches - ProQuest Debunking Years of Experience: http://www.linkedin.com/posts/reginaldblakecurtis_science-hiring-experience-activity-6951573321901621248-cygl?utm_source=linkedin_share&utm_medium=member_desktop_web Videos Equitable Hiring YouTube Series link: http://www.youtube.com/watch?v=IsnoCNIA2WU&list=PLfr4LANhCPrCXIc6V_h_k2dyKwPP7wJJa Tools Inoreader: Inoreader - Take back control of your newsfeed Anki Notecards (Spaced Repetition): About - AnkiWeb Notion Books Art of Conversation – Judy Apps Verbal Judo – George Thompson The Science of Self-Learning – Peter Hollins Finish What Your Start – Peter Hollins The Power of Discipline – Daniel Walter

407 Views • 2 years ago

Video

Industry Spotlight - Dr. Blake Curtis, Part I

Link to Part II: http://youtu.be/zlrGdTRP-OA Author, editor, speaker, and educator, Dr. Blake Curtis is joined by Red Cross’s Senior Internal Auditor Niki Gomes to talk about everything from growing up in a small town to completing his master’s degree in 10 weeks and publishing his 600-page dissertation in this ISACA Industry Spotlight episode. In a meaningful conversation, Blake discusses how surviving a near-death experience transformed and motivated him to expand his understanding of what it means to be a human. He was inspired to supercharge his learning, career journey, and personal growth. Making the decision to become intentional in every interaction and giving 100% of his effort in every initiative, he blazed his path to success. At the 2022 ISACA North America Conference, Blake presented his findings from his ground-breaking and internationally known dissertation, "The Next Generation Cybersecurity Auditor.” His research discovered a technical competency gap in Big Four IT Auditors and SMEs and debunked the 10,000-hour rule and "years of experience" fallacy. His study proved that task-based experience is more objective than time-based experience. Blake is also the author of "How to Complete Your Master's Degree in One Semester," which has assisted over 150 students to complete their master’s degrees in record-setting times. Along his journey, he has earned over 30 IT certifications and gained additional impressive certificates for engineering, advising, managing, and leadership. Blake has an abundance of experience to share with ISACA’s audience. Tune in now to be inspired, uplifted, and enlightened by his techniques, advice, and wisdom that can help boost your career! Below you can find materials and resources that Blake would like to share with our audience. Links: How to regulate a profession pg. 261 and 265 of Creating the Next Generation Cybersecurity Auditor: Examining the Relationship between It Auditors’ Competency, Audit Quality, & Data Breaches - ProQuest Debunking Years of Experience: http://www.linkedin.com/posts/reginaldblakecurtis_science-hiring-experience-activity-6951573321901621248-cygl?utm_source=linkedin_share&utm_medium=member_desktop_web Videos Equitable Hiring YouTube Series link: http://www.youtube.com/watch?v=IsnoCNIA2WU&list=PLfr4LANhCPrCXIc6V_h_k2dyKwPP7wJJa Tools Inoreader: Inoreader - Take back control of your newsfeed Anki Notecards (Spaced Repetition): About - AnkiWeb Notion Books Art of Conversation – Judy Apps Verbal Judo – George Thompson The Science of Self-Learning – Peter Hollins Finish What Your Start – Peter Hollins The Power of Discipline – Daniel Walter

940 Views • 2 years ago

Video

Industry Spotlight - Arnulfo Espinosa Dominguez, Part II

Link to Part I: http://youtu.be/yNQvbf9onik Vice President of the ISACA Monterrey Chapter and IT Audit & Fraud Director of one of the largest Financial Groups in México, Arnulfo Espinosa Dominguez, joins ISACA’s Jocelyn Alcantar to share some of the many things he has learned over his 20 years of professional experience in the industry. Having realized the value of information at an early age, Arnulfo has forged his path within the IT community. He is an accredited trainer for multiple certifications, an independent advisor and chairman for various Cybersecurity, Risk, and Audit committees, and is globally recognized by a nickname his peers have given him, "The AudiTHOR.” As a long-time ISACA volunteer and conference speaker, Arnulfo has been awarded on numerous occasions for his outstanding achievements. In 2019, he was given the ISACA “Outstanding Chapter Leader Award,” in 2020, he received the “John Kuyers Award for Best Speaker”, and he received the highest achievement, the “ISACA Hall of Fame Award” in 2021. Tune into this episode as Arnulfo offers his best tips and practices for becoming an exceptional keynote speaker, advice on how the up-and-coming professionals can get into the industry, and how his alter ego, AudiTHOR, fuels his passion for auditing! To read more about Arnulfo, visit uf20.sys-filter.com/resources/news-and-trends/isaca-now-blog/2020/iamisaca-from-rock-star-to-speak-star. To listen to more ISACA Podcasts, visit uf20.sys-filter.com/podcasts.

110 Views • 2 years ago

Video

Industry Spotlight - Arnulfo Espinosa Dominguez, Part I

Link to Part II: http://youtu.be/plxD2frpYk0 Vice President of the ISACA Monterrey Chapter and IT Audit & Fraud Director of one of the largest Financial Groups in México, Arnulfo Espinosa Dominguez, joins ISACA’s Jocelyn Alcantar to share some of the many things he has learned over his 20 years of professional experience in the industry. Having realized the value of information at an early age, Arnulfo has forged his path within the IT community. He is an accredited trainer for multiple certifications, an independent advisor and chairman for various Cybersecurity, Risk, and Audit committees, and is globally recognized by a nickname his peers have given him, "The AudiTHOR.” As a long-time ISACA volunteer and conference speaker, Arnulfo has been awarded on numerous occasions for his outstanding achievements. In 2019, he was given the ISACA “Outstanding Chapter Leader Award,” in 2020, he received the “John Kuyers Award for Best Speaker”, and he received the highest achievement, the “ISACA Hall of Fame Award” in 2021.   Tune into this episode as Arnulfo offers his best tips and practices for becoming an exceptional keynote speaker, advice on how the up-and-coming professionals can get into the industry, and how his alter ego, AudiTHOR, fuels his passion for auditing! To read more about Arnulfo, visit uf20.sys-filter.com/resources/news-and-trends/isaca-now-blog/2020/iamisaca-from-rock-star-to-speak-star. To listen to more ISACA Podcasts, visit uf20.sys-filter.com/podcasts.

274 Views • 2 years ago

Video

Smarter Testing = Safer Digital Experiences

Application testing is a critical component of a software development lifecycle. A complete testing battery for any application includes not only functionality and usability testing but security and reliability testing as well. However, helping ensure that security testing in particular produces results that focus on actionable items – with accurate relative priorities – has been a persistent challenge. Are actionable items from testing actually going to move the needle in terms of product quality and resilience – especially in how they manage evolving threats? While the “OWASP Top 10” and “CWE/SANS Top 25” are still important, they represent merely a reasonable beginning to a security testing strategy. How do you go beyond those lists and become truly more “adversary-aware” in testing? In addition, how do you make sure that these testing efforts genuinely help your development teams “shift left” in their thinking and implementation of better security controls in your applications? These are challenges Adobe set out to solve by not just making our testing efforts more extensive or frequent – but smarter, and with as tight of alignment as possible to the software development lifecycle and even closer in modeling real-world adversary threats. We invite you to join Shannon Lietz, VP, Adobe Security, as she speaks with ISACA's IT Audit Professional Practices Principal, Robin Lyons for a discussion of these issues and others that we must address as an industry to make us genuinely more “DevSecOps”-minded in our approach to application security testing. Robin and Shannon will discuss Adobe’s overall strategy around our application testing efforts and how smarter testing is fundamental to achieving a true “shift left” approach around application security. They will also talk about how this effort is really going to help us deliver the safer digital experiences users are demanding. For more information go to http://trust.adobe.com Be sure to like, comment, and subscribe for more ISACA Productions content.

397 Views • 2 years ago

Video

A Security Awareness Program for PCI-DSS Compliance

People are considered the weakest link in any organization’s cybersecurity defenses. Hence, in most cases, the primary targets of cyber-attackers are the employees of the organization. In addition, people are easier to compromise and exploit unlike finding a single software to breach an organization or enterprise business. While a lot of efforts go into improving the existing security infrastructure, ignorance of human resources would leave a significant gap in the defense strategy. Join ISACA’s Research Advisor, Brian Fletcher, as he is joined by Dr. Yasmin Razack, author of “A Security Awareness Program for PCI DSS Compliance: Implementation and Legal and Ethical Issues to Be Considered”. In this episode, they will be addressing the challenges in implementing a security awareness program to fill this gap and the legal/ethical issues that needs to be considered during implementation. As per the Payment Card Industry – Data Security Standard (PCI-DSS) requirement 12.6, a Security Awareness Program is mandatory to be held at least once a year and for new hires. However, it is not an easy task and cannot be a one-time activity. But if implemented effectively, awareness programs can be the human firewall of the organization. It will make the organization compliant to regulations like PCI-DSS thereby protecting it from fines due to non-compliance, defamation, costs of data breaches and will help improve customer trust and loyalty. To read Dr. Razack’s full article click here - uf20.sys-filter.com/pci-dss-compliance Be sure to like, comment, and subscribe for more ISACA Production content!

907 Views • 2 years ago

Video

Industry Spotlight - Jo Stewart-Rattray

Making a difference within the cyber industry is of paramount importance to Jo Stewart-Rattray. She is incredibly passionate about encouraging, teaching, and mentoring more women into tech and security fields. In this episode of Industry Spotlight, Robyn Franko, Manager of Event Operations and Services at ISACA, chats with Jo about her background and career path, hobbies, and some interesting challenges the industry faces. Jo has over 25 years of experience in the IT field, some of which were spent as CIO in the Utilities and as Group CIO in the Tourism space, and with significant experience in the Information Security arena, including as CISO in the healthcare sector. She underpins her information technology and security background with her qualifications in education and management. She specializes in consulting in risk and technology issues with a particular emphasis on governance and security in both the commercial and operational areas of businesses. Jo provides strategic advice to organizations across a number of industry sectors, including banking and finance, utilities, manufacturing, tertiary education, retail, healthcare, and government. She has chaired several of ISACA’s international committees, including the Board Audit & Risk Committee, Leadership Development, and Professional Influence & Advocacy. She served as an Elected Director on ISACA’s International Board of Directors for seven years and was the founder of its global women’s leadership initiative, SheLeadsTech. Because of her involvement with ISACA and the SheLeadsTech program and her rural background Jo was selected from a large number of candidates to be one of only two non-government delegates and was invited to join the official Australian Government delegation to the 62nd Session of the United Nations Commission on the Status of Women (CSW62) held in New York in March 2018. She returned to the UN in 2019 and again spoke at two UN events this year. She has spoken on Capitol Hill during a Day of Advocacy designed to bring tech leaders together in one place to discuss issues related to women in technology and then to meet with congressional representatives and Senator’s offices. Be sure to like, comment, and subscribe for more ISACA Content. For more information check out - uf20.sys-filter.com/podcasts

315 Views • 2 years ago

Video

Industry Spotlight with Raven David

"For me, it's all about working with people... at the end of the day, you want to work in a place where you can trust other individuals, you can get to know other individuals, and being personable with one another makes an organization great to work for," Raven David tells ISACA. In this Industry Spotlight episode, we meet Raven David, Cyber Risk and Governance Manager for The University of New South Wales (UNSW). Fascinated with technology at an early age, the native Australian recalls that he spent part of his childhood disassembling computers and putting them back together to understand better how they worked. This passion led him on a fantastic life journey and set him on a path to dominate the industry as a risk management, governance, compliance, assurance, and emerging technologies expert. Raven talks about his less traditional educational and career track. While working full-time, he managed a full-time class schedule simultaneously, to a career that allowed him to establish and manage a cyber risk and compliance team within a corporation of 5,000+ employees. Listen as Raven recaps the success of his cybersecurity awareness program, gives thoughtful advice to the next generation of young professionals, and discusses his current self-educating project, 3D printed chess set with Arduino-powered actuators and a Python chess engine.  As an active contributor to ISACA and the ISACA Sydney Chapter, Raven recently volunteered, mentored, and led the 2021 Oceania Conference Taskforce and is currently a CRISC Certification Working Group. In this ISACA Industry Spotlight episode, get to know the next-gen cybersecurity leader, Raven David. Connect with Raven David on LinkedIn: http://www.linkedin.com/in/ravendavid/  Press play now, and don’t forget to subscribe!

288 Views • 2 years ago

Video

IT Audit in Practice: Survival When You are Small-business Continuity and Resilience

Everyone needs a resilient operating model, and the pandemic has been the reality check showing how necessary it is to have a plan. Was your small-business or corporation prepared for the shift to remote work in early 2020? If not, you probably realized that business continuity is more than having the right systems and applications in place. The most important factor is people! Although both large and small enterprises have accommodated and adapted, the smaller organizations with fewer resources and time have faced equal or greater hurdles when it comes to this type of planning. Join ISACA’s IT Professional Practices Lead, Kevin Keh, as he interviews Cindy Baxter, Director, What’s the Risk, LLC and discusses the importance of having a business continuity and resilience plan for your business. Cindy discusses consistently updating your crisis team and notification systems, the importance of allowing an auditor to fully understand your business, accepting critical feedback throughout the entire audit process vs. waiting for the final report and more! Cindy also mentions how small business owners and employees shouldn’t get defensive or take the findings personally. Remember, the value comes not in the result, but in the adoption of the results and recommendations. For more information on this topic, download ISACA’s IT Business Continuity/Disaster Recover Audit Program here: shorturl.at/uLZ16

141 Views • 3 years ago

ISACAVision
COBIT
Conferences and Events
Archive
Video

EuroCACS 2018 | COBIT 5 Foundation Workshop

Learn about the COBIT 5 Foundation workshop here: http://bit.ly/2pSrudX Bruno Horta Soares talks about his COBIT 5 Foundation workshop at EuroCACS 2018 in Edinburgh, Scotland. Learn the importance of an effective framework to enable business value. Delve into the elements of ISACA’s evolutionary framework to understand how COBIT 5 covers the business end-to-end and helps you effectively govern and manage enterprise IT. Developed for anyone interested in obtaining foundation-level knowledge of COBIT, the course explains the COBIT framework and supporting materials in a logical and example-driven approach. Earn the COBIT 5 Foundation Certificate! Attendees can take the Foundation Exam Monday, 28 May 2018 for an additional US $150! The exam will take place on Monday morning, before the opening keynote presentation. A study session will also be held on Sunday evening prior to the exam to prepare you as much as possible. In 2017, 100% of those who attended the COBIT 5 Foundation workshop and took the exam at the conference passed! Space is limited for the exam, so be sure to add it to your registration today to secure your spot! Learn about the COBIT 5 Foundation workshop here: http://bit.ly/2pSrudX Register for EuroCACS 2018 today: http://bit.ly/2pWTygr See the full program: http://bit.ly/2pRYaEd Learn more about our workshops: http://bit.ly/2pSrudX Check out our networking events: http://bit.ly/2pSr9YJ Explore Edinburgh with our interactive map: http://bit.ly/2pTNntf

281 Views • 2 years ago

Video

ISACA CRISC Online Review Course Overview

Purchase ISACA's CRISC Online Review Course here: http://bit.ly/2wgNLYc Online review courses are also available for purchase through our enterprise sales team for larger organizations. Learn more here: http://bit.ly/2whvv0C Course Description The CRISC Online Review Course is an online preparation course that will prepare you for the CRISC certification exam using proven instructional design techniques and interactive activities. The course covers all four of the CRISC domains. The course incorporates video, interactive eLearning modules, downloadable, interactive workbooks, downloadable job aids, case study activities, and pre- and post-course assessments. You will be able to navigate the course at your own pace, following a recommended structure, or target preferred job practice areas. You may also start and stop the course based on your study schedule, picking up exactly where you left off the next time you access. Trained by ISACA. Certified by ISACA. Learning Objectives At the end of this course, the learner will be able to: --Identify the IT risk management strategy in support of business objectives and alignment with the Enterprise Risk Management (ERM) strategy. --Analyze and evaluate IT risk to determine the likelihood and impact on business objectives to enable risk-based decision making. --Determine risk response options and evaluate their efficiency and effectiveness to manage risk in alignment with business objectives. --Continuously monitor and report on IT risk and controls to relevant stakeholders to ensure the continued efficiency and effectiveness of the IT risk management strategy and its alignment with business objectives. Course Outline CRISC Self-Assessment --50 questions --Results broken down per domain Introduction --Welcome video --Getting started Job Aid Domain 1 — Risk Management --Collect and review environmental risk data Identify potential vulnerabilities to people, processes and assets --Develop IT scenarios based on information and potential impact to the organization --Identify key stakeholders for risk scenarios --Establish risk register --Gain senior leadership and stakeholder approval of the risk plan --Collaborate to create a risk awareness program and conduct training Domain 2 – IT Risk Assessment --Analyze risk scenarios to determine likelihood and impact --Identify current state of risk controls and their effectiveness --Determine gaps between the current state of risk controls and the desired state --Ensure risk ownership is assigned at the appropriate level --Communicate risk assessment data to senior management and appropriate stakeholders --Update the risk register with risk assessment data Domain 3 – Risk Response and Mitigation --Align risk responses with business objectives --Develop consult with and assist risk owners with development risk action plans --Ensure risk mitigation controls are managed to acceptable levels --Ensure control ownership is appropriately assigned to establish accountability --Develop and document control procedures for effective control --Update the risk register --Validate that risk responses are executed according to risk action plans Domain 4 – Risk and Control Monitoring and Reporting --Risk and control monitoring and reporting --Define key risk indicators (KRIs) and identify key performance indicators (KPIs) to enable performance measurement key risk indicators (KRIs) and key performance indicators (KPIs) --Determine the effectiveness of control assessments --Identify and report trends/changes to KRIs/KPIs that affect control performance or the risk profile CRISC Sample Exam --75 questions

2K Views • 2 years ago

Video

ISACA CISM Online Review Course Overview

Purchase ISACA's CISM Online Review Course here: http://bit.ly/2wh1AWD Online review courses are also available for purchase through our enterprise sales team for larger organizations. Learn more here: http://bit.ly/2wgNbtu ________________________________________ CISM Online Review Course Description The CISM Online Review Course is an online preparation course that will prepare you for the CISM certification exam using proven instructional design techniques and interactive activities. The course covers all four of the CISM domains. The course incorporates video, interactive eLearning modules, downloadable, interactive workbooks, downloadable job aids, case study activities, and pre- and post-course assessments. You will be able to navigate the course at your own pace, following a recommended structure, or target preferred job practice areas. You may also start and stop the course based on your study schedule, picking up exactly where you left off the next time they access. Trained by ISACA. Certified by ISACA. Learning Objectives At the completion of this course the learner will be able to: --Establish and/or maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives. --Manage information risk to an acceptable level based on risk appetite to meet organizational goals and objectives. --Develop and maintain an information security program that identifies, manages and protects the organization’s assets while aligning to information security strategy and business goals, thereby supporting an effective security posture. --Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact. Course Outline CISM Self-Assessment --50 questions --Results are broken down per domain Introduction --Welcome video --Getting started Job Aid Domain 1 – Information Security Governance --Explain the need for and the desired outcomes of an effective information security strategy --Create an information security strategy aligned with organizational goals and objectives --Gain stakeholder support using business cases Identify key roles and responsibilities needed to execute an action plan --Establish metrics to measure and monitor the performance of security governance Domain 2 – Information Risk Management --Explain the importance of risk management as a tool to meet business needs and develop a security management program to support these needs --Identify, rank, and respond to a risk in a way that is appropriate as defined by organizational directives --Assess the appropriateness and effectiveness of information security controls --Report information security risk effectively Domain 3- Information Security Program Development and Management --Align information security program requirements with those of other business functions ​ --Manage the information security program resources --Design and implement information security controls ​ --Incorporate information security requirements into contracts, agreements and third-party management processes Domain 4 – Information Security Incident Management --Understand the concepts and practices of Incident Management --Identify the components of an Incident Response Plan and evaluate its effectiveness --Understand the key concepts of Business Continuity Planning, or BCP and Disaster Recovery Planning, or DRP --Be familiar with techniques commonly used to test incident response capabilities CISM Sample Exam --75 questions

5K Views • 2 years ago

Video

Internal Control Using COBIT 5

Download your copy of the free corresponding whitepaper here: http://bit.ly/2uTpS8s A free Internal and Mitigating Control Selection Worksheet is also available under "Related Items" here: http://bit.ly/2uTpS8s Synopsis: In any organization, uncertainty is everywhere. External factors such as industry outlooks and consumer sentiment can have substantial impact on an organization’s growth and strategy. Internal factors within the organization also arise, such as IT security, ethics, and financial compliance. These external and internal factors introduce risk to an organization’s ability to meet goals and objectives. Every organization must establish processes that ensure risk is managed. These policies are called ”internal controls.” Failing to mitigate these risk factors may result in regulatory issues, ethical misconduct, or security breaches—the consequences of which can be severe. Therefore, it is vital to establish a properly managed control environment to create assurance and confidence in the organization’s activities and outcomes. An effective way to achieve that goal is to use the COBIT 5 framework for governance of enterprise IT as an overarching framework for various standards, frameworks and best practices being used in that control environment. At the enterprise level, the separation of governance controls and internal controls in many organizations may lead to miscommunication, inefficiency, and an inability to effectively deliver value to stakeholders. Using the COBIT 5 governance framework for internal controls can streamline and eliminate these inefficiencies, by aligning controls with business objectives, and by creating a cohesive methodology across the governance, risk, and compliance (GRC) functions. This video explores this concept in detail. Learn more: http://bit.ly/2uTpS8s

8K Views • 2 years ago

Find Professional Podcasts that Speak to Your Career