No items have been added to your cart yet
People, their behaviors and the processes they follow can drive an organization’s success. But they also can be the root of problems.
Digitally native enterprises have found that there are better ways to organize their people than the haunted and dated organizational design paradigms that were first practiced long before the rise of the modern...
How does an internal audit team conduct a culture audit, especially when the subjectivity of culture can take auditors out of their comfort zones?
When the widespread availability of information is enhanced by the excessive compulsion by some people to engage in excessive sharing on social media, social engineers can have a field day.
This case study provides insight into Highmark Health’s transition to RiskOps and highlights some of its immediate process improvements, including capacity creation to address emerging risk...
Selective compatibility is achieved through a set of technical tools, processes and protocols that allow a conditional connection between several information systems...
Some risk assessments may be entirely quantitative, but most enterprises find an exclusively mathematical approach flawed and subject to manipulation and bias.
Could cybersecurity implementation benefit from a US Sarbanes-Oxley Act of 2002 (SOX)-type approach?
Enterprises should revisit their strategies for managing the cybersecurity workforce and build resilient environments with a focus on learning and development, job rotation, security culture and investment in people.
The ISACA Journal is consistently cited by ISACA members as one of the most valued benefits of their membership package.
It is important that we stop measuring the cost of cyberattacks only in the number of records breached and start focusing on hours of unavailable systems and data.
Is there a way that the risk management and audit professions can get through the soft, unquantifiable information to produce actionable recommendations?
What are the essential personal skills IS auditors should possess to effectively carry out audit work?
An enterprise that manages a large amount of sensitive information is subject to a complex patchwork of laws and regulations, including privacy regulations, laboratory regulations, human subject protection requirements and ethical considerations.
Audit needs to evolve to address the technological advances and changes in the information systems landscape.
It is critical for practitioners to understand 5G’s risk factors such as unique identifiers, software-defined networking (SDN) vulnerabilities, and interoperability’s impact on strong access control.
Segregation of duties is central to achieving compliance with laws and regulations and assuring shareholders that proper governance is applied, and it is included as an activity in COBIT.
Fintech organizations can become significant players impacting the entire financial system, and regulators cannot afford to let them fail.
Organizations should take the lead to follow the privacy by design approach by proactively embedding privacy into the design and operation of technology systems, infrastructure and business practices.
Cyberspace must be considered a hostile environment. Although it has enormous potential, threats are always present, even in the most protected virtual worlds or within home networks.
The rapid development of blockchain technology and cryptocurrency has influenced the financial industry by creating a new crypto economy, which has been compounded by next-generation decentralized applications that do not involve a trusted third party.
Cybersecurity risk is a critical enterprise concern. Cybersecurity incidents such as ransomware have the potential to bring an organization’s operations to a standstill.
