ISACA Now Blog

Knowledge & Insights > ISACA Now

How to Hack Neural Networks

Claudia Johnson, Cloud Technologist, Oracle
Posted: 9/20/2017 3:08:00 PM | Category: Security | Permalink | Email this post

Claudia JohnsonIf only neurologist Oliver Sacks, who wrote The Man Who Mistook His Wife for a Hat,” were still alive! He would find today’s neural networks (the hot new trend from the artificial intelligence community) extremely amusing.

His book describes a man whose brain damage results in the man thinking his wife’s head is a hat. Maybe there are more parallels between the brain and artificial neural networks than what meets the eye (no pun intended).

Neural networks are being leveraged increasingly often in information security to provide a higher level of protection, including against zero day attacks. However, what if the adversary targeted the neural network/machine learning algorithm itself?


Seven Tips for New IT Auditors

Adam Kohnke, CISA, CCNA: Sec, ITILv3 |Internal IT Auditor, Great Lakes Higher Education Corporation
Posted: 9/19/2017 3:23:00 PM | Category: Audit-Assurance | Permalink | Email this post

Adam KohnkeTransitioning into an IT audit or assurance role can be daunting, overwhelming and outright scary at first. Like for many roles these days, individual performance expectations are high, your engagement results are heavily scrutinized by the client and senior management constantly expects a high level of value to be provided through your efforts. This blog post mainly focuses on overcoming some of these challenges for individuals new to the IT audit or assurance profession, but it may be useful for others as well. Here’s what I’ve learned over the past two years; hopefully it serves you well.


The Elephant in the Room: SSH Key Management

Robin Lyons, Technical Research Manager, ISACA
Posted: 9/18/2017 1:52:00 PM | Category: Audit-Assurance | Permalink | Email this post

Robin LyonsIn the early days of computing, use of private networks was more prevalent than it is now. Given that, the use of a network protocol (such as Telnet) that transmitted data in plain text was not cause for much concern. As the use of public networks increased, however, a more secure network protocol was needed. Offering encryption, authentication, and other security mechanisms, the Secure Shell (SSH) protocol has been adopted by organizations as a more secure means to connect remote servers to clients.

The security mechanisms offered by SSH are worthy of this widespread adoption. The use of SSH, however, has an element that requires consideration. For the typical Fortune 500 enterprise that has several million SSH keys granting access to its production servers, a substantial portion of them are unused. This large number of keys can be attributed to those with SSH keys having the ability to generate additional keys outside of the enterprise’s access management process. Also, weaknesses in an enterprise’s process for disabling SSH keys when administrators or developers separate from the enterprise or move into new roles can contribute to unneeded SSH keys. So, the bottom line is an environment may exist where new keys are being generated while existing keys are not being disabled.


Five Questions with Technologist, Astrophysicist and CSX Europe Keynoter Ade McCormack

ISACA Now
Posted: 9/15/2017 3:00:00 PM | Category: Security | Permalink | Email this post

Ade McCormackEditor’s note: Ade McCormack is keenly interested in the anthropological factors that drive digital innovation. McCormack, who will deliver the opening keynote at CSX Europe 2017, to take place 30 October-1 November in London, UK, visited with ISACA Now about the main drivers that have set digital innovation in motion, why some CEOs are hesitant to invest in digital transformation and more. The following is a transcript, edited for length and clarity:

ISACA Now: How is our attention being ‘hijacked’ these days, and what can we do about it?
There is money in capturing people’s attention, so it has become a professional pursuit. The brain conceptually is a muscle, so we need to exercise it to improve our ability to maintain our attention.


GDPR: What a Data Protection Impact Assessment Is and Isn’t

Rebecca Herold, CISA, CISM, CISSP, CIPM, CIPT, CIPP/US, FIP, FLMI, President, SIMBUS, LLC and CEO of The Privacy Professor
Posted: 9/14/2017 3:09:00 PM | Category: Privacy | Permalink | Email this post

Rebecca HeroldThere has been a lot written over the past year or so about the EU General Data Protection Regulation (GDPR) – what is required, and what needs to be accomplished sooner rather than later in order to meet the May 25, 2018 compliance date. And with 99 articles, with hundreds of requirements within them, covered within the GDPR, there are certainly many topics that must be addressed.

While seven to eight months may seem like a long time to address them all, it is important for those responsible for GDPR compliance activities to realize that some of those activities will necessarily take many weeks of planning and preparation, and then most likely many additional weeks of actual implementation.

About This Blog

 

This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.

To volunteer to write a blog or suggest a topic send an email here.