ISACA Now Blog

Knowledge & Insights > ISACA Now

Perimeters Aren’t Dead – They’re Valuable

Marcus J. Ranum, Security Consultant
Posted: 2/23/2018 3:00:00 PM | Category: Audit-Assurance | Permalink | Email this post

Marcus RanumSince I first began building internet firewalls in the late 1980s, I have periodically encountered claims that “the perimeter is dead” or “firewalls don’t work.” These claims are rather obviously wrong: your firewall or perimeter are simply a way of separating things so you can organize them better. An internet firewall is an organizing principle between “stuff that’s not your problem” (the internet) and “stuff that’s your problem” (your network).

At a finer level of detail, you might apply other organizing principles such as “my data center” and “the unmanaged cloud of desktops” or “our PCI cloud.” If you think of firewalls or perimeters as a way of organizing the various entities you deal with, you’ll be able to better understand your strategic objectives for where data moves, how it moves and where it sits. Without that type of organization, the idea of a network that is “yours” is purely imaginary.

Combating the Rising Threat of Malicious AI Uses: A Strategic Imperative

Phil Zongo, Head of Cybersecurity, Author and Public Speaker
Posted: 2/22/2018 11:15:00 AM | Category: Security | Permalink | Email this post

Phil ZongoA group of academics and researchers from leading universities and thinktanks – including Oxford, Yale, Cambridge and Open AI – recently published a chilling report titled, The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation. The report raised alarm bells about the rising possibilities that rogue states, criminals, terrorists and other malefactors could soon exploit AI capabilities to cause wide spread harm. These risks are weighty and disturbing, albeit not surprising. Several politicians and humanitarians have repeatedly advocated for the need to regulate AI, with some calling it humanity’s most plausible existential threat.

Five Questions on Board-Level Cybersecurity Considerations with Dottie Schindlinger

Posted: 2/21/2018 3:16:00 PM | Category: Security | Permalink | Email this post

Dottie SchindlingerEditor’s note: Dottie Schindlinger, VP/Governance Technology Evangelist with Diligent and a panelist on the importance of tech-savvy leadership at ISACA’s CSX North America conference last October, recently told Forbes that cybercriminals target organizations perceived to be low-hanging fruit. Schindlinger visited with ISACA Now to discuss how organizations can avoid falling into that category and other key board-level cybersecurity considerations. The following is an edited transcript:

Look Back at ISACA’s First Half-Century – and Into the Future

Rob Clyde, CISM, Vice-Chair of ISACA Board of Directors, Executive Chair, White Cloud Security
Posted: 2/19/2018 3:36:00 PM | Category: ISACA | Permalink | Email this post

Rob ClydeConsider the year 1969. The Beatles played their last concert. The Godfather was a best-seller. Astronaut Neil Armstrong became the first human to set foot on the moon. The microprocessor was invented – although it would be another two years before the Intel 4004 processor helped launch the personal computer revolution.

While technology had come a long way by 1969, “state of the art” was primitive by today’s standards. In the mid-1960s, punch cards, batch systems and 7.5-megabyte removable disks were still used to operate mainframe systems. Given the vast benefits of computerization, however, businesses and governments were wholeheartedly investing in technology. The number of computers installed in US-based companies increased fourfold between 1962 and 1967.

Organizations Outside the EU Must Not Overlook GDPR Requirements

Dragan Jovicic, CISA, CIA, CRMA, Information Security Audit Manager, Serbia
Posted: 2/15/2018 3:00:00 PM | Category: Privacy | Permalink | Email this post

Dragan JovicicWith less than 100 days to 25 May, many organizations outside the European Union have the same question: “Does the General Data Protection Regulation (GDPR) apply to my organization?”

The answer has to be “it depends” – although this is an answer that no one likes. You cannot immediately say yes or no. Instead, you need to take a step-by-step approach to identify the requirements of GDPR, the organization’s connection with the personal data of EU citizens and consult an attorney specializing in GDPR as needed. The answer to this question can only be given based on an analysis of the organization’s operations and usage of personal data, based on Article 3, which defines territorial scope. This article is really important for organizations outside of the EU to determine whether they need to adhere to GDPR. The article states that organizations must comply with GDPR if they offer goods or services to EU citizens, even without payment, or monitor behavior of EU citizens (data subjects). In today’s digital world, these practices are not rare.

About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.

To volunteer to write a blog or suggest a topic send an email here.