No items have been added to your cart yet
Karen Franklin, ISACA member and participant in the Mentorship Program, calls pursuing her CISA certification 'one of the most pivotal decisions' she made along her career journey.
Automation and a compliance by design approach can empower organizations to build a more secure, compliant and efficient IT environment.
Recipients of the ISACA Foundation's Cybersecurity Month scholarships share their aspirations for making their mark on the cybersecurity profession.
ISACA prevailed in a recent court ruling, which will free up more time and resources to put the focus back where it belongs: on delivering value for members and certification-holders.
NIS2 is intended to improve cybersecurity resilience, but to reach its potential, there will need to be real consequences for organizations that are simply going through the motions.
Eight key takeaways that helped one CRISC-holder improve upon his first exam attempt and reach his goal of attaining CRISC certification.
Being an ISACA board director is much more than an honorary role, and requires expertise in a range of areas, including a strong command of global strategy.
Ejona Preci, a Germany-based CISO, says she has met 'true powerhouses' through ISACA that have helped accelerate and enrich her career journey.
Building a successful career in cybersecurity can be a smoother process by identifying organizations with healthy security culture, avoiding monotonous tasks, embracing continuing education and showing an ability to learn from failure.
The cybersecurity industry is facing a growing internal crisis that is not rooted in technology or external threats but in the culture underpinning our current workforce.
Open-source software can lead to many benefits while simultaneously introducing security risks, creating the need for a substantive open-source ingestion policy.
The ISACA China Hong Kong Chapter recently featured a panel exploring how organizations can make artificial intelligence more trustworthy and more effective.
A focus on prevention alone was not sufficient in The Shawshank Redemption and it is similarly not going to do the job in building successful, modern security programs.
ISACA just published its Vision Paper on “Empowering Europe’s Digital Future with Cyber Resilience, Competitiveness and Digital Trust.
ISACA’s UK Vision Paper 2024: A manifesto for bridging the UK’s digital skills gap and improving cyber resilience.
Knowing your organization's risk appetite is the first step toward effectively integrating cyber risk quantification into an organization's cyber risk governance.
Joining ISACA means not only becoming better equipped to succeed in your current job, but also for future opportunities throughout your career journey.
Recruiting and nurturing neurodiverse talent is a winning strategy for organizations looking to enhance their GRC and cybersecurity capabilities.
Understanding the relationship between artificial intelligence and data is critical for organizations as they increasingly leverage AI in their business operations.
Internal auditors are not always met with open-minded attitudes from key stakeholders, but they can break down resistance by taking the right approaches.
Artificial intelligence is having a large impact on the risk landscape in the financial sector, underscoring the need for AI governance frameworks and thorough AI risk assessments.
Technical acumen can be valuable in working toward cybersecurity compliance, but non-technical elements also play a significant role in achieving compliance.
ISACA’s Career Catalyst Stories showcase how members have been supported by ISACA throughout all stages of their careers. Today, we profile Abigael Bada, founder, Fortini Tech.
Systematically analyzing threats from the beginning of the design phase enables practitioners to build security into systems in time to make a difference amid a difficult threat landscape.
Strengthening approaches to retention of personal data can lead to more business resilience, reducing risk of personal data exposure and sharper operational efficiency.
Bits don't know borders, meaning emphasis on building digital resilience and digital trust is paramount in this era to protect organizations and their reputations.
New regulations such as the Digital Operational Resilience Act (DORA) are intended to improve risk management and make operational resilience easier to attain.
The European Union’s NIS2 Directive will align key cybersecurity practices throughout the EU, increasing member-states' ability to prevent cyber incidents and lessen their impact.
Generative AI comes with several promising applications for audits and risk professionals, who also must be mindful of the environment in which they are working and diligently steer clear of potential AI pitfalls.
ISACA member Jay Hira has moved from continent to continent for various job roles, but finds his relationship with ISACA to be a constant wherever his career has taken him.
The recent Crowdstrike incident underscored the need to reduce complexity and limit risky interdependencies to avoid widespread outages.
When assembling the elements needed for a successful integrated risk management program, organizations should start with their end goal in mind.
The risk management space is undergoing big changes driven by the rise of artificial intelligence, resulting both in promising advancements and significant potential pitfalls.
AI governance expert Meghan Maneval shared best approaches for more effective AI usage on the enterprise landscape in a recent Ask Me Anything discussion on ISACA's Engage platform,
Engagement with local ISACA chapters can be a springboard to further success both within and beyond the ISACA professional network.
Post-quantum cryptography algorithms will increasingly become a focal point for organizations as quantum computing makes strides forward.
An ISACA white paper examining authentication challenges in the deepfake era identifies challenges organizations face and methods that can overcome them.
Focusing on robust communication, keeping current with the regulatory landscape and aligning with key business objectives are among the approaches that can set modern CISOs up for success.
Board directors need to be aware of key cybersecurity-related strategies and investments and make sure they are aligned with the organization's risk appetite.
There is a saying that I expect many have heard before: “How do you eat an elephant”? “One bite, one part at a time.”
Artificial intelligence ethics considerations must be top-of-mind for organizations when leveraging AI as trust, bias, security, privacy and other important elements should not be overlooked.
Push notifications in augmented reality applications carry overlooked risks, and app developers should help mitigate them by working closely with privacy and legal experts
When it comes to merging AI and mobile robots, standards, guidance and testing are critically important to ensure that developers and other key players in the ecosystem are operating responsibly.
Clear scope, vetting vendors carefully and retaining key resources can position organizations for success in technology transformation projects.
Insider threats remain overlooked by many organizations even though they are potentially more devastating than many incidents coming from external attackers.
ISACA's Digital Trust Ecosystem Framework provides organizations with the guidance needed to build and maintain trust with customers and other organizational stakeholders.
A secure Internet of Things ecosystem demands a multi-faceted approach, including specialized security solutions and layered defense mechanisms.
Through the ISACA Scholarship Program and the Digital Trust Workforce Inclusion Program, the ISACA Foundation helps to create equitable access to education, training, and career opportunities.
Learning to navigate disagreements, adapting to emerging technology and keeping up to date on key regulations are among many pivotal factors in an internal auditor's career success.
ISACA's new Certified Cybersecurity Operations Analyst (CCOA) credential prepares early-career cybersecurity professionals for a range of in-demand roles in the field.
The ISO 27001 Risk Assessment is not just a standard or certification; it can serve as a beacon of trust for a range of stakeholders.
Implementing trustworthy artificial intelligence requires enterprises to put in place a solid governance structure and a comprehensive framework of controls.
Organizations will need to identify the needed audit and governance resources and skill sets in order to make implementation of the EU AI Act successful.
With exponential growth in data, addressing the related privacy, risk and security implications on the data landscape needs to be a top priority for digital trust professionals.
The risk landscape continues to transform, highlighting the need for cross-functional collaboration, leveraging of frameworks and effective third-party risk management.
The shifting ransomware landscape places responsibility on security professionals to keep pace with new attack types and trends that are especially targeting vulnerable industries.
Gain a firmer handle on AI risks, controls design, needed detection and monitoring capabilities, and best practices for AI implementations.
Auditors need to go beyond the cold, hard facts and incorporate time-tested storytelling methods to make their reports resonate more deeply with stakeholders.
An ISACA training course on AI for auditors explores categories of AI algorithms that auditors will encounter, relevant regulations, how to audit third-party AI dependencies and more.
ISACA's new white paper on privacy-enhancing technologies describes popular PETs, explores regulatory perspectives for using PETs for compliance and provides examples of how the technologies are being used.
ISACA's AI Audit Toolkit helps auditors to verify that artificial intelligence systems meet needed benchmarks for governance and ethical responsibility.
ISACA member George Goodwin credits his ISACA Mentorship Program mentor, Karen Franklin, with giving him the confidence and encouragement he needed at a critical juncture of his career.
Security-as-Code can ensure that key security protocols and good practices are automated and integrated directly into all components of the software development lifecycle.
Best practices for password hygiene remain fluid as many professionals eye a future where passwords will no longer be a fixture on the security landscape
Organizations that do not prioritize building digital trust open themselves up to significant business and reputational risks, as underscored by ISACA's 2024 State of Digital Trust research.
The growing influence of artificial intelligence on the security landscape was top of mind for many presenters and attendees at the recent 2024 RSA Conference.
When it comes to the looming arrival of quantum computing, the creation of a new Turing machine will be the necessary starting point.
Many of the guardrails that exist in the context of human thinking are not in place for artificial intelligence, which presents a range of significant challenges.
Technology is neither inherently good or bad, but it can be addictive, and digital trust professionals have a role to play in countering the harms that can result.
A least-vendor strategy can bring big benefits to organizations as they undergo digital transformation projects that otherwise can become complex and strain resources.
Solving The First Conversation Problem in AI can go a long way toward companies having greater impact in leveraging the promising technology.
When properly designed and implemented, patient-centric digital healthcare brings transformative potential to healthcare patients around the world.
ISACA's Digital Trust Ecosystem Framework helps auditors and other digital trust professionals ensure that AI is implemented in a way that strengthens the organization and inspires trust with stakeholders.
While the typical cost of a standard SOC 2 audit is going down, the skill level required for auditors to effectively perform them is increasing.
A new ISACA course on artificial intelligence governance can help professionals learn to design, develop, implement and monitor trustworthy AI within their organization.
New ISACA survey data on artificial intelligence realities show that companies need to ramp up training and policies to deal with emerging risks from the powerful technology.
The COBIT framework can help organizations implement artificial intelligence more responsibly and in ways that ultimately will create more value for the enterprise.
The 2023 ISACA Annual Report provides updates on ISACA's finances, leadership and important progress made throughout the year by ISACA's global community.
There are several benefits for rising IT auditors to take the CISA exam even before they have the full years of experience required to complete their certification.
In preparing for an ATM security audit, auditors will need to prioritize understanding core governance and business processes impacting ATM management.
Sushila Nair, ISACA Technology for Humanity award-winner, sizes up the intersection of technology and humanity and what drew her to the cybersecurity field.
Artificial intelligence can help security professionals counter the threats from cyberattacks that also are increasingly boosted by AI.
ISACA volunteers share their motivations and career benefits they have received through their volunteer activities.
The Vanity Address Attack is an under-the-radar automation capable of confusing blockchain users and opening the door to digital fraud.
Embracing change, drawing inspiration from others and staying curious are among the recipes for success and longevity in the audit profession.
Cloud misconfigurations and insecure APIs are among the major threats to cloud computing infrastructure that need to be remediated.
Getting certain foundational, baseline control requirements right, including a tailored approach to risk management, benefits organizations of all types.
Artificial intelligence can be a constructive force on the jobs landscape, especially for those in digital trust professions, with the right approach and commitment to ongoing learning.
Digital Trust Ecosystem Framework expert Mark Thomas recently shared his perspective on DTEF and digital trust during an Ask Me Anything conversation on ISACA's Engage community.
The evolving risk and technology landscapes has made the knowledge and expertise of the CRISC credential all the more valuable for risk practitioners.
The COBIT framework can be useful for enterprises as they look to responsibly operationalize and govern artificial intelligence.
Limited resources, misaligned priorities, lack of awareness, complexity of IT ecosystems and regulatory pressures are among the factors that make risk management especially challenging for small and medium-sized enterprises.
The 2024 CMMI Conference will spotlight recent updates and improvements that position the CMMI community for increasingly high impact.
The ISACA China Hong Kong Chapter contributed to a panel discussion with a focus on the potential impact of cyber commanders in the security governance ecosystem.
ISACA Foundation Women's Month Scholarship Award winners share their motivations and future ambitions for making their mark on digital trust professions
A new ISACA resource on artificial intelligence provides valuable insights applicable both to those beginning their journeys in AI as well as those with knowledge and experience.
Asking the right questions and meaningfully addressing business challenges through analytics can set internal auditors on the right path toward establishing a culture of data
Lessons learned from theft prevention in a retail environment have surprising relevance when it comes to compliance and access management.
The information you upload in a public AI engine is public domain from the moment you press enter: what are the consequences for IT and corporate governance?
Whether optimizing coverage in your compliance program, identifying similar risks across various business units or seeking more efficient risk management, AI-driven insight can help to connect the dots.
The convergence of artificial intelligence and cloud computing offers big opportunities for organizations alongside potential security and privacy risks.
ISACA's SheLeadsTech program has a refreshed focus and renewed commitment to offering expanded opportunities for women to make their mark on digital trust professions.
Protecting individuals' identities in the aftermath of a privacy incident begins with important communication from banking, credit, government and employment organizations.
The Digital Trust Ecosystem Framework and COBIT work well in tandem, with each playing a significant role in allowing organizations to build a stronger foundation for success.
Oleksii Baranovskyi, of Ukraine, recipient of the ISACA Educational Excellence Award, is proud to simultaneously be a security professional and an educator.
Cybersecurity leaders should be mindful of the composition of their security teams, including common characteristics of Gen Z cyber professionals, when devising their approaches to leadership.
Mitigating the technology and information security risks from terminating third parties calls for organizations to formulate nuanced security strategies.
A major breach in France reinforces the need for sharpened security practices and the overarching imperative to drive toward strengthening digital trust.
Ransomware often targets small-to-medium enterprises, so security teams need to take action to be more prepared for this potentially devastating line of attack.
The Cybersecurity Maturity Model Certification standard helps businesses to examine their computing ecosystem and enhance capabilities for stronger supply chain resilience.
As regulatory frameworks for the AI era continue to evolve, governments around the world will need to find a shared sense of purpose and collaborate on the best way forward.
Accounting for key characteristics of trustworthiness and considering perspectives from a range of stakeholders are among the needed ingredients to strengthen AI governance.
Avoiding these light-hearted 'tips' for preparing for the CISA exam will put you in better position for a successful exam-day experience.
Responsible development of artificial intelligence that recognizes the need for a balance between AI and human capabilities is the path to ensure the powerful technology's good outweighs the bad.
By asking the right questions around people, processes and technical controls, auditors can gather the evidence and documentations they need to successfully audit social engineering.
Prioritizing comprehensive cybersecurity strategy in support of overarching enterprise goals can position enterprises for success, even amid challenging threat and regulatory environments.
Court rulings that AI cannot be granted patents provided needed short-term clarity but there are still many open questions about how AI should be viewed in legal, ethical and practical contexts.
Technology-minded countries around the world can learn a lot from Rwanda, which, despite limited resources, has become a digital benchmark through an impressive set of initiatives and ingenuity.
Identifying the flows, assets and vulnerabilities are among the key building blocks when threat modeling for software applications.
Artificial intelligence is a human creation that reflects the people who developed it, meaning we must guard against humans' shortcomings and biases resulting in AI furthering inequality and other societal harms.
Global cybersecurity practitioners share their perspectives on Australia's new cyber shields strategy to provide more robust protection of digital assets in the coming years.
Ill-designed controls can waste organizations' time and resources, so make sure implementing controls is more than just a power move.
Organizations implementing artificial intelligence into their operations will need strong governance in place to ensure transparency and trust in their AI usage.
When executed properly, risk and control self-assessments become enablers for organizations to more effectively navigate the risk management landscape.
As the intersection between cybersecurity and privacy increases, security professionals can benefit from gaining a solid understanding of core privacy terminology and privacy principles.
Challenges on the privacy landscape can be successfully addressed through upskilling, privacy by design principles and solid training and awareness programs.
The ISACA Mentorship Program has proven to be rewarding for mentors and mentees alike, allowing for valuable connections to propel ISACA members' careers to new heights.
Focusing attention on understanding and building confidence in post-quantum cryptography now can save the security community major problems in the years to come.
ISACA’s Digital Trust Ecosystem Framework (DTEF) empowers organizations to build and sustain digital trust in the age of artificial intelligence and other impactful technological advancements.
An identity system based on trust in a third party could better protect personal data and improve trust throughout the digital ecosystem.
New ISACA digital trust resources, thought leadership, and upcoming events, both in-person and virtual, are among the coming attractions in 2024 for the ISACA community.
Promoting a culture of ongoing learning and upskilling is part of the equation for organizations looking to develop a more capable and resilient workforce
Defining and articulating a clear strategy for a security operations center (SOC) will make it much more likely that organizational leaders and other key stakeholders will support the SOC on an ongoing basis.
Given its focus on human behavior in an organizational change context, change management can lead to a fresh and valuable perspective on cybersecurity