ISACA Journal Blog

Using AI as a Defensive Tool

Larry G. Wlosinski, CISA, CISM, CRISC, CAP, CBCP, CCSP, CDP, CIPM, CISSP, ITIL v3, PMP Posted: 1/13/2020 11:30:00 AM | Category: | Permalink | Email this post

In a previous Journal article, I wrote about artificial intelligence (AI) and talked about the massive amount of digital data that are being accumulated, how new digitally oriented technology is affecting us, the sources of online data (e.g., personal, private), how data are used and how a career in AI can be useful to those interested in developing the skills to use AI.

In my most recent Journal article, I look at AI from an information security and privacy perspective. The article outlines AI concerns, threats and risk factors as a way of understanding AI as a cyberthreat. Once we have an understanding of the threat, we discuss ways to protect the cyberdata (and personal privacy). Preventive measures, protective controls, and detective practices and tools are presented to help understand how to manage the threat by using AI and other countermeasures.


Innovating Yourself as an IS Auditor

K. Brian Kelley, CISA, CSPO, MCSE, Security+ Posted: 1/1/2020 8:20:00 AM | Category: Audit-Assurance | Permalink | Email this post

As new technologies are developed, we have to stay up to date with them. More so than almost any other practitioner interfacing with information technology, auditors have to work hard at continual education. It is not just the technology, though. We are also seeing orders of magnitude more data. More data to process means we have to be more efficient at sifting through those data to ensure we can protect our organizations. So how do we stay up with what is current?

First and foremost, we need to use technology for our benefit when we can. Data is a big deal, but as it has exploded, it is a big deal for just about everyone. That means companies are investing a lot of capital in developing systems to handle the reams and reams of information we have at our fingertips. These systems are able to spot trends and exceptions both. Why should these solutions be limited just to the folks doing financial forecasting? We can use them, too. That is a key attitude for us to take: When technology helps us, we have to come up to speed on it and leverage it for all its worth.


Leveraging Emerging Technology for Better Audits

Jake Nix, CISA, CPA Posted: 12/23/2019 2:42:00 PM | Category: Audit-Assurance | Permalink | Email this post

Jake NixMy first role post-graduation was working as a financial statement auditor. We used tick mark pencils on printed workpapers, and we manually footed (recalculated) balances. On my second engagement, I begged my manager to let me use annotation in PDF and Excel to expedite the process. He believed in me, and we accomplished the same level of quality in half the time it took the year prior.

We used the time savings to dive deeper into more meaningful work and, as an independent auditor, we accomplished something rare: true value-add feedback for the client. At the end of the project, I had spent the same amount of time as my predecessor, but I was able to accomplish so much more.


Addressing the Challenges of New Privacy Laws

Farbod H. Foomany, Ph.D., CISSP and Nathanael Mohammed Posted: 12/16/2019 2:59:00 PM | Category: Privacy | Permalink | Email this post

US State of California Senate Bill 327 Information Privacy: Connected Devices (SB 327) goes into effect January 2020. What does that mean for you? Even if your organization does not develop Internet of Things (IoT) devices, SB 327 is worth following. It is in a unique situation because of its scope and breadth, not only for privacy and security, but also for how privacy-based laws are enforced and regulated.

Think of it as representing new territory in privacy. We are now seeing the social responsibility lawmakers are taking on by legislating privacy and security requirements, and while no one can say that is a bad thing, how are lawmakers deciding what goes into these laws?


AI Practitioners: Our Future Is in Your Hands

Guy Pearce, CGEIT Posted: 12/9/2019 1:02:00 PM | Category: Security | Permalink | Email this post

Imagine it is sometime in the 22nd century and that the future you is preparing for a complex surgical procedure at the local robot-run hospital, where it has become commonplace for robots to perform sophisticated, repeatable tasks, such as heart surgery, on human patients. This is the first time a robot is tackling a septal myotomy on a human, on you no less. It is still one of the most complicated medical procedures in the world almost 160 years after it was first performed, and it still takes up to 6 grueling hours for a human doctor to do, all the while nothing but a machine keeps you alive.

In the days leading up to the procedure, the chief robot doctor of the facility, Dr. Ava—named after a character in a cult classic film made more than a century before—and all but indistinguishable from a human except for the odd irregular whirring sound occurring whenever she looked up toward the sky, sat you down to share the nature of some of the quite considerable risk factors involved in the procedure. At one point, your eyes wandered to see a few framed diplomas hanging on the wall, including one from the renowned C-3P0 institute, from where Dr. Ava must have learned her diplomacy and her disarmingly reassuring doctor’s bedside manner.

        Page: 1 of 93     Next >   Last >>