Collaborate Disseminate
IT security and privacy, IT governance and risk management, regulatory compliance, emerging technology and cloud computing are the key issues impacting IT audit plans in 2018, according to a benchmarking study from Protiviti and ISACA. To whom within t… Continue reading IT audit best practices: Technological changes give rise to new risks
The South Florida Chapter of ISACA has been holding an annual one-day conference each year in February known as the WOW! Event. In 2018, they held their 11th conference on Friday, February 16th at FIU’s Koven Conference Center at their Biscayne B… Continue reading Report on ISACA South Florida’s WOW Event
There are several local security conferences coming up in my general area, some of which I’ll be speaking at.
Here are the ones over the next few months:
* SecureMiami 2018, co-located with BrewMiami. Organized by DigitalEra, this is the second t… Continue reading Upcoming Conferences in early 2018
I don’t have dandruff. But if I did, then I could use a new sophisticated formula to cure my condition. Whether the problem is dandruff or a malware-related threat, the term sophisticated gets used quite a lot. Now don’t get me wrong; I love the word. … Continue reading Not everything is sophisticated, let’s keep it simple
Only 53 percent of surveyed business technology professionals believe their organization’s leadership is digitally literate, according to ISACA. The other 47 percent either don’t think their business leaders have a solid understanding of technology and its impacts, or are unsure. Digital literacy and receptiveness to emerging technologies among leadership A concerning 47 percent aren’t confident that their leaders are digitally literate, the data indicates. With nearly a quarter of these same leaders noted as needing … More → Continue reading Are your enterprise leaders digitally literate?
Headline-grabbing hacks like the Equifax breach provide “teachable moments” that can be used to leverage more cybersecurity investment from company executives, but even with enough money, there are other resources — like face time with the board, or skilled personnel — that are always in short supply, according a panel of chief information security officers that spoke with CyberScoop Tuesday. “Even though CISOs are getting more and more time in front of the board, we’re still not getting enough,” Tammy Moskites, CISO for cybersecurity company Venafi, told CyberScoop on the fringes of an ISACA cybersecurity event in Washington. ISACA, formerly known as the Information Systems Audit and Control Association, is a professional membership and advocacy non-profit based outside of Chicago. “I get 15 minutes with the board on a quarterly basis,” said Michael Raeder, CISO of Orbital ATK, a defense and space contractor recently purchased by Northrop Grumman. “I typically go over” time, provoking angry looks from […]
The post CISOs are finally getting access to the corporate board — but need more of it appeared first on Cyberscoop.
Continue reading CISOs are finally getting access to the corporate board — but need more of it
More than 90 percent of surveyed senior business leaders agree that strong technology governance contributes to improved business outcomes and increased agility, according to ISACA. Despite recognizing the link between governance and outcomes, a governance gap still exists, with 69 percent reporting that their leadership and board of director teams need to establish a clearer link between business and IT goals. “The boardroom must become hyper-vigilant in ensuring a tight linkage between business goals and … More → Continue reading How boardrooms are safeguarding digital assets
A new guide for auditors says SSH key management should be on their checklist because the proliferation of unmanaged keys for the ubiquitous encryption protocol means IT networks can’t be guaranteed as secure. The guidance, “SSH: Practitioner Considerations,” was published Tuesday by the nonprofit global membership association, ISACA, previously known as the Information Systems Audit and Control Association. The guidance includes an appendix listing controls that companies can use to ensure proper management of SSH keys. Secure Shell or SSH is an open-source cryptographic protocol used to enable secure, encrypted access by individual users to servers and other computer assets across the networks of a distributed enterprise. It also facilitates automated machine-to-machine communications in the same secure fashion. But without careful management, the digital keys that enable that communication can proliferate and end up stored in insecure, easily found locations on the network. “When auditors sign off on accounts …. when [a publicly traded] company management makes […]
The post Auditors get guidance on SSH key management appeared first on Cyberscoop.
Continue reading Auditors get guidance on SSH key management
A new strain of ransomware dubbed “Petya” is worming its way around the world with alarming speed. The malware appears to be spreading using a vulnerability in Microsoft Windows that the software giant patched in March 2017 — the same bug that was exploited by the recent and prolific WannaCry ransomware strain. Continue reading ‘Petya’ Ransomware Outbreak Goes Global
Conventional wisdom says one reason so many hackers seem to hail from Russia and parts of the former Soviet Union is that these countries have traditionally placed a much greater emphasis than educational institutions in the West on teaching information technology in middle and high schools, and yet they lack a Silicon Valley-like pipeline to help talented IT experts channel their skills into high-paying jobs. This post examines the first part of that assumption by examining a breadth of open-source data.
The supply side of that conventional wisdom seems to be supported by an analysis of educational data from both the U.S. and Russia, which indicates there are several stark and important differences between how American students are taught and tested on IT subjects versus their counterparts in Eastern Europe. Continue reading Why So Many Top Hackers Hail from Russia