ISACA Journal Blog

Innovating Innovation Governance

Robert E. Davis, DBA, CISA, CICA Posted: 3/19/2018 8:22:00 AM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

Robert DavisAlmost every enterprise aspires to use technology for integrating information, achieving process efficiencies and transforming service delivery into a paragon of effectiveness. Organizational leaders should manage innovation by creating processes that sustain or increase business performance and growth. If properly integrated, among other benefits, information technology can provide a competitive advantage for innovative products and services. Nonetheless, there is a need for innovation governance to ensure IT is achieving management’s objectives.


How to Prioritize Security Controls Implementation

Rassoul Ghaznavi-Zadeh, CISM, COBIT Foundation, CISSP, SABSA SCF, TOGAF 9 Posted: 3/12/2018 3:01:00 PM | Category: Security | Permalink | Email this post

When developing an information security architecture framework in a new organization, there are a few steps that normally have to be taken to identify the business requirements, the right framework and the controls needed to mitigate/minimize business risk. In my Journal article, I explained the process of how this works.

Once the controls are identified, it is time to create projects and implement them. This might not be a big issue when dealing with a mature company that already has many of controls in place and only needs a few additions. However; this could be challenging when the number of projects and controls increase. The question is how to prioritize these projects and controls and implement the most important ones first.


First Steps for Automating Your IOC Provision Sources

Ofir Eitan, CISM, and Aviv Srour
Posted: 3/8/2018 3:03:00 PM | Category: Security | Permalink | Email this post

Ofir Eitan, CISM, and Aviv SrourThe first step is always the hardest. If your organization lacks adequate cybersecurity intelligence processes and you are looking for a quick win solution, we are here to assist. We have compiled a complementary list of cyberthreat intelligence sources that yield positive results from some of the most notable cybersecurity companies available on the Internet.

The first step is to automate the data mining processes from these websites. Therefore, we highly recommended organizations invest in programming a crawling process using Python or, if available, set up a communication line between your database and the source by using an application programming interface (API). Furthermore, we advise you to contact your required sources, whether that be a security company or indicators of compromise (IOC) provider, for additional information regarding their services and the best methods to consume them.


Cryptographically Protecting Databases Against Data Breaches

Josh Joy
Posted: 3/5/2018 3:23:00 PM | Category: Security | Permalink | Email this post

Information security professionals should start considering cryptographic approaches to protect enterprise data and mitigate database breaches. System security in layers provides an approach for many organizations today. However, these approaches depend on human factors. Cryptographic measures ensure that databases are protected even if a database is stolen or there is an insider attack.

Professionals need to start today by evaluating and building cryptographically secure databases. By starting now, professionals will be able to accurately assess the impact, development requirement, operational support and costs. Then, an accurate model can be shared with management to deploy into the enterprise environment.


Developing a DLP Program

Posted: 2/26/2018 3:17:00 PM | Category: Security | Permalink | Email this post

Larry G. WlosinskiWe live in an age where a tremendous amount of information is shared freely on the Internet, and, in many cases, with little regard for the consequences. In some cases, we do not even recognize sensitive or confidential information, which can come in many forms and exists in every organization. The loss or exposure of this data can affect people, their families, their well being (e.g., healthcare), the organization and, in some instances, the country.

It is because of these concerns that I wrote my recent Journal article. The article begins with an identification of the types of data that need protection and where they are located. From there, it goes on to provide examples of threats, the associated risk factors and the causes of data loss. These areas are presented as an awareness and training outline for all organizations to improve their in-house rules of behavior, security and privacy training programs, and internal data protective procedures.

        Page: 1 of 78     Next >   Last >>