ISACA Podcast

Organizations can no longer rely on legacy vulnerability management solutions to protect against even basic attacks. Instead, vulnerability management is just one small component in a unified continuous threat exposure management (CTEM) approach to securing an enterprise from malicious intruders and ransomware. In addition to vulnerability management, security around misconfigurations, patching, identity, software, external attack surfaces, and more must be included.

In this ISACA Podcast, Nanitor Chief Strategist Derek Melber explains that an organization can prevent breaches and ransomware by taking an asset-centric prioritized-security approach that includes all of these security areas.

For more ISACA Podcasts, visit www.isaca.org/podcasts

To learn more about Nanitor, please visit https://nanitor.com/

To view the Nanitor article, please click https://nanitor.com/resources/blog/cybersecurity/exploring-continuous-threat-exposure-management-ctem/

Software-as-a-Service (SaaS) providers continue to face increasing customer demand to attain security compliance certifications that demonstrate commitment to security, privacy, confidentiality, and more. Pursuing every national and international certification individually results in a repetitive cycle of ongoing walkthroughs, interviews, testing, and evidence requests (i.e., audits).

A central CCF can be considered a one-stop shop response to the complex alphabet soup of compliance standards on the market today.

In this ISACA Podcast episode, ISACA's Chris McGowan listens in as Zach Folk, Director of Solutions Engineering explains why having a central CCF can help various product engineering teams meet their security compliance needs and understand the level of effort required for each compliance certification.

In this ISACA Podcast episode, we?ll delve into how leveraging Agile concepts can mitigate common challenges neurodiverse auditors face in the workplace. Neurodivergent auditors can bring a fresh and dynamic energy to projects if given appropriate accommodation.

Join us as ISACA's Robin Lyons chats with Program External Audit IT Program Manager Amanda Tucker as they explore small changes that can significantly impact not only neurodiverse individuals on your team but the entire team itself. 

With the increasing demand for audits and risk assessments, artifact requests will not be going away anytime soon. However, the burden these activities bring to the organization can be drastically reduced when audit and risk work together.

In this ISACA Podcast episode, Paul Phillips, Director of Event Content Development at ISACA, hosts Staff Governance, Risk, and Compliance Analyst Benjamin Bartz. Ben takes a deeper dive and elaborates on some of the must-haves for this partnership to live to its full potential.

Effective IT issue management is crucial for organizations to mitigate financial loss, reputational damage, and operational disruptions. Issue management tools streamline the process by tracking and resolving issues, while risk rating helps prioritize responses based on their impact and likelihood.

In this ISACA Podcast episode, ISACA's GRC Professional Practices Principal, Lisa Cook chats with IT Risk Manager, Eric Peck about why acknowledging and addressing high-risk issues with a structured approach empowers organizations to protect themselves and ensure compliance in today's complex regulatory landscape.

Software-as-a-Service (SaaS) providers continue to face increasing customer demand to attain security compliance certifications that demonstrate commitment to security, privacy, confidentiality, and more. Pursuing every national and international certification individually results in a repetitive cycle of ongoing walkthroughs, interviews, testing, and evidence requests (i.e., audits).

A central CCF can be considered a one-stop shop response to the complex alphabet soup of compliance standards on the market today.

In this ISACA Podcast episode, ISACA's Lisa Cook listens in as James Huang, Global Cloud Compliance Senior Manager, explains why having a central CCF can help various product engineering teams meet their security compliance needs and understand the level of effort required for each compliance certification.

Understanding product security risk starts before a single code line is written. Teams can discover threats to the architecture of a system early in the development life cycle with Threat Modeling. While it?s not a new concept, how do we transform traditional ways of Threat Modeling to meet the complexities of modern software development at scale?

In this ISACA Podcast episode, Chris McGowan chats with Lauren Strope, Manager of Application Security at Adobe. Lauren offers her expertise on strategies for scaling your program and provides unique perspectives on the future of Threat Modeling.

Learn more about Adobe at www.adobe.com

For more ISACA Podcasts, please visit https://www.isaca.org/resources/news-and-trends/isaca-podcast-library 

Security risks introduced by vendors have become a top-of-mind concern for executives today, driven by recent supply chain incidents that have exposed organizations to operational and reputational risks.

A robust vendor security program is now a must, as it helps ensure compliance and proactively identifies and mitigates these risks throughout the vendor lifecycle. However, many vendor security teams today face an ever-growing backlog of security reviews, creating increased urgency and pressure for teams to maintain quality assessments. These reviews are often perceived as time-consuming in the procurement process, calling for a balance between meeting business demands and conducting thorough assessments to identify and isolate potential risks.

In this ISACA Podcast, Adobe's Manager of Vendor Security Nidhi Bandi shares about recent enhancements Adobe has made to calculate risk in the vendor space better and provides guidance on how you can stand up a strong vendor security program that balances procurement needs at your organization.

Learn more about Adobe at https://www.adobe.com/

Listen to more ISACA Podcasts at https://www.isaca.org/resources/news-and-trends/isaca-podcast-library 

If we want people to bring their most creative, innovative selves to work, we need to cultivate a culture where inspiration is given, encouraged, and fostered.

In this ISACA Podcast, Kristi Hedges, executive coach, and leadership development consultant, speaker, and author, gives a sneak peek of her upcoming member-exclusive 'Cultivating Inspired Leaders, a CPE-eligible event. At the event, Kristi Hedges will provide a roadmap for building an inspired mindset for leaders, teams, and individuals.

Register for this ISACA event at https://www.isaca.org/membership/member-exclusive-speaker-series

Neurodiversity within cybersecurity offers many benefits but requires organizations and hiring managers to re-evaluate hiring practices and job descriptions typically structured for neurotypical applicants.

Join ISACA's Director of Professional Practices and Innovation as he hosts a conversation with a company helping to remove barriers and maximize the value neurodiverse talent brings to cybersecurity.

For more ISACA Podcast, go to https://www.isaca.org/resources/news-and-trends/isaca-podcast-library 

Agile Scrum is a lightweight framework that promises to significantly improve internal audits by creating a mindset that generates stakeholder value through adaptive solutions for complex auditing problems. This mindset is needed as organizations face unprecedented changes and pressures in today's business landscape. Internal audits must keep leaders informed and aware of potential risks.

Such a mindset addresses some of the often-experienced auditing challenges such as a lack of senior management support, insufficient audit preparation time, difficult auditees and lack of time needed to write audit results.

Featuring special guest Thomas Bell and hosted by ISACA's Robin Lyons.

Chronic workplace stress can lead to burnout, which poses a significant risk to the mental health of busy professionals, such as auditors. But how can these professionals protect themselves from burnout? And how can their employers help them do so? If you are interested in learning the answers to these questions, then watch as ISACA?s Robin Lyons and Dr. Elena Klevsky, Assistant Professor of Accounting at the University of Tampa, discuss strategies for avoiding burnout.

Inspired by the Sustainable Model of Human Energy proposed by Ryan Quinn, Gretchen Spreitzer and Chak Fu Lam, these strategies focus on managing your personal energy by increasing resources, decreasing job demands, practicing skills and tasks, and monitoring energy.

Properly implementing these strategies has the potential to help busy professionals ensure that they have sufficient resources to meet their job demands, and, therefore, increase the likelihood that they feel energized instead of exhausted.

While users of technology are becoming more educated in how to avoid cyberattacks such as phishing, a distracted user might be more prone to missing signs of social engineering. This project explored whether users immersed in augmented reality applications were more inclined to fall for an on-screen text message that prompted familiarity (such as a friend calling in) or urgency (such as a warning to update software or be subject to an automatic device re-boot within a certain timeframe).

Featuring special guest Sarah Katz and hosted by ISACA's Collin Beder.

A comprehensive information security awareness program must be in place to ensure that employees are aware of and educated about the threats they may encounter at the workplace. The workforce needs to be prepared to know how to respond to these threats. It all starts with a risk assessment to identity the most critical of risks that need to be mitigated through preparedness. Making security a part of the organization?s culture reduces these risks to an acceptable level.

Featuring special guest Chris Madeksho and hosted by ISACA's Lisa Cook.

This podcast speaks about how an Information Systems (IS) Auditor can prepare for the Interruptions, Disruptions and the Emergence events that happen to the business and to technology.

Describing the features of Interruptions, Disruptions and Emergence events and distinguishing the differences between them, special guest Anantha Sayana outlines how the IS Auditor can prepare, react, and contribute to all the three.

Hosted by ISACA's Hollee Mangrum-Willis.

On this podcast, ISACA's Hollee Mangrum-Willis and special guest Cindy Baxter discuss the disparities between American communities and access to electronic health records. From there, they examine how key data insights from the ISACA community can help us all be healthier.

ISACA Digital Trust Advisory Council Members Anne Toth and Michelle Finneran Dennedy will discuss privacy concerns and priorities around emerging tech and the most critical considerations for ensuring strong digital trust. Hosted by ISACA's Safia Kazi. 

Scott Gould is the author of 'The Shape of Engagement: The Simple Process Behind how Engagement Works.' In this podcast, Scott gives a sneak peak at his upcoming member-exclusive, CPE-eligible event. Scott will discuss the essential frameworks for understanding and operationalizing engagement and building enduring connections with your networks and communities.

In security, aligning with product teams has never been more important, especially when outmaneuvering adversaries. To foster a truly productive and action-oriented cybersecurity culture, security teams must begin addressing their product engineering counterparts as customers they serve rather than entities they govern.

In this podcast, ISACA?s Chris McGowan listens in as Adobe?s Manager of Adversary Intelligence Gurpartap ?GP? Sandhu provides unique insight into how he?s bringing intrapreneurship to life in product security through a key project that delivers actionable data that product teams can use to enhance their security posture more rapidly.

They?ll also discuss how his team is harnessing strong adversary focus using the power of data and share advice on how you can stay ahead of adversaries by better predicting their next move in the ever-changing threat landscape. Tune into this ISACA Podcast to learn more!

Check out more from Adobe, https://www.adobe.com/trust.html

For more ISACA podcasts, www.isaca.org/podcasts

We, as a society, have always lived by certain norms that are driven by our communities. These norms are enforced by rules and regulations, societal influence and public interactions. But is the same true for artificial intelligence (AI)?

In this podcast we discuss and explore the answers to some of the key questions related to the rapid adoption of AI, such as: What are the risks associated with AI and the impact of its increasing adaption within almost every industry? And, what role should we as IT Auditors should play in this fast changing technological landscape?

Hosted by ISACA's Hollee Mangrum-Willis and featuring special guest Jai Sisodia.

Organizations today struggle with vulnerability management. More specifically, remediating vulnerabilities in a timely manner poses a challenge. With vulnerability remediation backlogs growing at an alarming rate, what can organizations do to meet their established remediation timelines and to protect the organization from cybersecurity threats. Cybersecurity leader Ray Payano will discuss the exponential increase in published vulnerabilities, the lack of resources in cybersecurity to perform remediation and balancing remediation with reduced maintenance windows. These challenges contribute to organizations struggling with remediation backlogs. Ray will explain how calculating vulnerability risk can help organizations prioritize their vulnerabilities based on risk level to help determine the order in which vulnerabilities are addressed.

Hosted by ISACA's Chris McGowan.

Guests Jack Freund and Natalie Jorion discuss the need for additional data for quantitative risk analyses and methods to derive that data when it does not exist. They cover how this was done in the past and their updated method for interpolation of such data from record losses and other firmographic data. They end with a discussion of the role of model validation and how it can enable reliable risk management decision making.

Hosted by ISACA's Safia Kazi.

Are you wondering about the ever-changing landscape of IT compliance and risk management? Look no further. Hyperproof, a leading SaaS compliance operations provider, conducts an annual survey of over 1,000 IT risk, compliance, and security professionals to uncover their top challenges. Tune in to this exclusive episode to hear about the top five most important statistics uncovered from the survey and get an overview of how your industry peers are managing IT risk and compliance programs within their organizations.

We?ll cover:

? The top five findings from the survey

? How your peers are planning to handle compliance, audit management, and risk management in the midst of this year?s volatile economy

? What companies are doing differently in response to recent and highly publicized security breaches to avoid security lapses and compliance violations

Download Hyperproof?s 2023 IT Compliance and Risk Benchmark Report https://hyperproof.io/it-compliance-benchmarks/

The world of business has changed dramatically over the past few years. Our digital world is more connected than ever, leaving security and technology teams stretched even thinner. Privacy and data regulations are increasing on a state and national level, threat actors are learning and evolving, and cybersecurity has finally become a boardroom priority! Now that you have leadership?s attention- what will you do? If your answer is ?risk management as usual?, that may be holding you back.

Traditional risk management approaches make a lot of promises, but most of them are myths. Do any of these sound familiar?

? You can make better-informed decisions by using a single platform.

? You can use automation to achieve continuous compliance.

? You can implement risk management by creating a risk register.

? You can use qualitative attributes to measure and assess risk.

In this episode, we?ll assess risk management myths and discuss how to establish scalable, quantifiable, and always-on risk management for the future.

Hosted by Lisa Cook and featuring special guest Megan Maneval.

Cyber threats are now a ?clear and present danger? to most organizations, companies and governments of the world. A good cyber defense involves many, intricate layers. You can never have enough layers, just like you can never remove all the risk. In order for organizations to reduce as much risk as possible, in a rapidly shifting threat landscape, they must constantly make improvements. The threat groups are making rapid improvements and increasing their expertise at a steady rate. They are investing  in R&D and Zero-Day exploits. To offer a good defense, we must make progress at the same rate as the threat groups or we may fall behind, increasing risks and allowing the cyber world to become like the ?wild-wild west.?

Conducting adequate preparation including risk assessments, assessing resource requirements and ensuring ongoing communication to harness both the benefits and to address the potential challenges faced when conducting hybrid or fully virtual audits.

This podcast is a practical discussion with two IT Internal Auditors, Frans Geldenhuys and Gustav Silvo, that have automated IT General Controls across their highly diversified and decentralized group. They will share some of the pitfalls they have experienced in their automation roll out and advise on how to avoid or manage these pitfalls with host, Robin Lyons.

Check out Frans and Gustav?s full ISACA Industry News article, ?Seven Things to Know Before Automating IT General Control Audits,? http://www.isaca.org/automating-it-general-control-audits

For more ISACA Podcasts, https://www.isaca.org/podcasts

Organizational culture is crucial because it shapes behaviors and attitudes in the workplace, which can profoundly impact operations and overall success. However, it is sometimes difficult for CISOs and other infosec managers to fully understand their culture because they are inside it constantly.

In this ISACA Podcast episode, author and journalist Mark Tarallo chats with ISACA's Safia Kazi about how infosec managers can assess the organizational culture by using a culture model to examine the behaviors, relationships, attitudes, values, and environment that the culture sustains. It also discusses possible ways to lead a culture change initiative.

To read Mark's full ISACA Journal article, "Understanding, Assessing, Aligning and Transforming Organizational Culture," click the link https://www.isaca.org/organizational-culture

For more ISACA Podcasts: https://www.isaca.org/podcasts 

What are the primary risks associated with the adoption of emerging technologies, particularly during periods of high market volatility and changing governance requirements? We talk with Samuel Zaruba Smith, PhD(c) about his learnings from working in government regulated industries and emerging technology. We deep dive into the problems of business strategy, security, policy, social engineering ethics, and audits within a business environment of emerging technology systems such as Artificial Intelligence and Web3 decentralized technologies. Given the current business landscape of early 2023, changing market conditions and rapidly evolving governance concerns need to be top of the mind for all organizational leaders. Samuel provides insightful recommendations for improving your organizational structure and technology governance to create a more productive, inclusive, and ethical workplace. 

Get to know Chief Membership and Marketing Officer Julia Kanouse as she sits down with childhood best friend and ISACA VP Amanda Raible. The duo discuss everything from leadership to motherhood while competing in Mario Kart! Tune in!

There are literally thousands of VPN services on the market. Some are undeniably benign, but others offer a slate of features that are friendly to cyber criminals. Keeping your network safe from hackers requires you to understand the VPN market, and make decisions based on your company?s appetite for risk. Fortunately, by analyzing IP address data associated with these devices, security professionals can get access to a wealth of VPN contextual data that helps them distinguish between perfectly legitimate providers and those that turn a blind eye toward crime. In today?s world, it is vital for security professionals to know how to leverage IP address data and its contextual insights to protect enterprise networks.

Today, the pace of change across industries is quicker than ever before. Economic, political, and social unrest and a global climate crisis have placed unprecedented disruption and pressures on organizations looking to navigate a rapidly changing environment.

Firms are being out-innovated and entire industries are being disrupted in a matter of months or years, as opposed to decades. Shifting regulations, data as an asset, dynamic customer behavior and employee expectations of continued flexibility in a more virtual workplace add to the challenge.

Technology risk and compliance needs to adjust to this new reality. The strategy and value of an organization?s technology risk management are becoming essential to build and secure stakeholder trust. That means moving closer to the point where the risk events occur and using preventative, detective, and automated controls as much as possible.

In this podcast, Beth McKenney, a Principal in the KPMG Technology Risk service network, offers a game plan for companies to meet these today?s challenges with an eye on building stakeholder trust. That means having a proactive, rather than a reactive, approach to risk management.

In a world where adversaries are constantly adapting to improve tactics, techniques, and procedures (TTPs), it is crucial to understand the unique traits and goals of various types of adversaries that actively seek to cause harm to an organization. The personification of these threats will ultimately help measure resilience against specific threat actors, identify investment and hardening opportunities, and improve trust with customers.

In this podcast, Daniel Ventura, Manager of Product Security Incident Response Team (PSIRT), shares insight into Adobe?s approach to adversary personification as well as provides guidance on how you can better measure the security resilience of your products. He?ll also talk about Adobe?s bug bounty program which helps his team identify new trends in adversary interest and defend against real incident response events.

For the average person, life moves quickly. But for business leaders and anyone involved in any aspect of IT, the pace at which technology is changing is overwhelming. Technology can help businesses and individuals do more with less and increase profit margins. However, technological advances carry tremendous risk and increase the criticality of risk management. No longer can business and personal use of technology be viewed in siloes. ISACAs Director of Professional Practices and Innovation, Jon Brandt, is joined by Ryan Cloutier as they discuss some of the latest headlines and impact to intellectual property.

If you thought ISACA was only about certification and education, get ready to listen to this podcast and see how ISACA advocates for the IT Audit and Risk Management professions! Join Cindy Baxter, author of the Audit in Practice column in the ISACA Journal, as she interviews two members of the ISACA New England Board of Directors who attended ISACA?s Hill Day in Washington DC.  Hear how they met with their government representatives and with ISACA?s help, discussed legislation that supports our profession!  It?s an opportunity to think about the impacts you can have in your own back yard and with civic leaders!

In this episode, executive principal at Risk Masters International?s Steven Ross discusses why vendors of IT products and services are advertising information security, why businesses are not advertising their security and how to use information security as a component of organizations? public images with host Safia Kazi.

SaaS is eating the world even more than we think. Companies are dealing with SaaS sprawl: hundreds of apps distributed across different owners that store sensitive data and which are used to orchestrate critical business workflows. Security-minded teams are turning to external compliance frameworks to help protect their customers and data.   However, traditional identity governance controls have fallen short of delivering real security outcomes in this digital-first world. They?re missing a critical piece: automation. In this episode, ConductorOne?s CEO and Co-Founder, Alex Bovee joins this episode to discuss why we need to change the way we think about compliance and risk and what a security-led governance program could look like.

Learn more about ConductorOne at https://www.linkedin.com/company/conductorone/ or https://www.conductorone.com/blog/automating-compliance-controls-least-privilege-access/

A review of the events of 2022 shows that 2023 will not be the year of dire new cyber attacks waged by hoodie-wearing cyber criminals or office-bound nation-state APTs. Instead, 2023 will be when multiple regulatory bodies express their mounting frustration with public and private companies' collective inability to reduce the volume and impact of prior cyber attacks.  

Tune into this ISACA Episode as Hyperproof?s Field CISO, Kayne McGladrey, speaks with ISACA?s Jeff Champion on how 2023 will be the year of risk.  

Learn more about Hyperproof at:  

https://twitter.com/Hyperproof 

https://www.linkedin.com/company/hyperproof/ 

https://www.instagram.com/hyperproof/ 

Additional Hyperproof Resources:  

https://hyperproof.io/resource/the-ultimate-guide-to-enterprise-risk-management/ 

https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2022/three-key-predictions-for-2023-the-year-of-risk 

https://hyperproof.io/resource/risk-management-software-buyer-guide/ 

https://hyperproof.io/case-studies/pythian-uses-hyperproof-to-get-time-back-and-improve-its-risk-management-maturity/ 

We live in the age of continuous compromise. This podcast dives into why so many organizations continue to be breached even after spending money on cybersecurity point solutions. Many organizations gravitate towards silver bullet solutions without understanding the threat and impact.

In this ISACA Podcast episode, Chris McGown speaks to Rex Johnson and Hamlet Khodaverdian about why a holistic and collaborative approach is absolutely critical to creating cyber-resilience. 

For more information check out www.isaca.org/improving-cyberresilience-in-an-age-of-continuous-attacks 

A strong audit and assurance function is critical to achieving digital trust in an organization. This conversation spotlights audit's role in digital trust and outlines key priorities. It also shares new ISACA resources for auditors.

For more information, go to https://isaca.org/digital-trust

ISACA's Chris Dimitriadis and the US GAO's Nick Marinos discuss the current state of critical infrastructure security, escalating threats and how to better prepare.

For more information check out www.isaca.org/heightened-threats

Paul Philips and Lisa Young will discuss how risk scenarios help decision-makers understand how certain events can impact organizational strategy and objectives. Good risk scenario building is a skill and can take some time to truly master. Paul and Lisa will provide actionable advice on building the best possible scenarios to help your organization better manage risk

For more information check out https://www.isaca.org/resources/it-risk

Compliance with the world?s ever-increasing list of privacy laws can be a tricky undertaking for any organization, but by taking a few simple steps, you can begin to mature your privacy program from a series of check-box exercises into an intelligent compliance program that can help organizations to build consumer trust and protect brand reputation.

Join this conversation with OneTrust DPO Linda Thielova and ISACA's Paul Phillips to learn how to operationalize privacy compliance within your organization and get practical tips on how to mature your privacy compliance program.

Career coach Caitlin McGaw will share her top tips for young professionals and career changes on how to launch a successful career in IT audit--from acing your first interview and landing your first job to career resources to help your career continue to grow and thrive.

To learn more, check out www.caitlinmcgaw.com 

Learn more at isaca.org/digital-trust 

Privacy Mining will increase because of billions of IoT devices being connected every day. Combined with advanced psychologic research, this can be a very powerful tool for manipulating people's behavior. A Fake reality also poses a big threat to our future of privacy. Software, such as Deep Fakes, has the ability to use someone's facial structure and create fake videos featuring digitally created characters with an uncanny resemblance of real people, such as celebrities.

This technology is so advanced, that our minds aren't sophisticated enough to comprehend the difference between real and fake data created by it, which leads to the next point. We are entering a trust crisis.

Trust is the foundation for innovation and technological advance. If people don't trust autonomous cars - they won't use them; if people don't certain websites - they won't read their news; Without trust, we cannot move forward, which is why we need to raise awareness about the dark future of privacy.

Why do individuals, organizations, institutions, nations, or responsible agents work hard to preserve their personal and enterprise data, personnel information, trade secrets, intellectual properties, technical know-how, or national data, yet easily trade on the individual and enterprise data and national data of others?

To understand and answer the question appropriately, one must examine the underlying of the Information Privacy Realities Contradiction Theory (IPRCT), which is integral to (1) our natural unity of opposites, (2) our material dialectic mechanism or struggle of choosing from the opposites, and (3) the role of our self-interest in time and circumstance. Therefore, understanding the intricacies of the IPRCT would be instrumental to the proper and timely introduction of privacy requirements early in our system development lifecycle and in the development and enactment of information privacy policies, directives, guidance, and regulations around the world.

In this ISACA Podcast episode, Safia Kazi host Dr. Patrick Offor, Chief Warrant Officer Five Retired (CW5(R)); Associate Faculty, to discuss his recently released ISACA Journal article.

To read Dr. Offor?s full article, please visit https://www.isaca.org/resources/isaca-journal/issues/2022/volume-6/the-information-privacy-contradiction.

To listen to more ISACA podcasts, please visit www.isaca.org/podcasts.

Numerous laws and regulations have been passed to protect sensitive information, both at the federal and state level, creating a patchwork of requirements for companies to comply with. 

However, with limited resources for cybersecurity investment, this uncoordinated approach has clouded objectives and led to decision paralysis within firms. Could cybersecurity implementation benefit from a Sarbanes-Oxley Act (SOX) type approach?

In this ISACA Podcast, Senior Director Mike Tomaselli joins ISACA?s Robin Lyons in this episode to discuss how this approach would create a risk-based, internal control model focused on cybersecurity that includes enforcement capabilities and requires third-party oversight and executive accountability.

To read Should Cybersecurity Be Subject to a SOX-Type Regulation? Please visit www.isaca.org/should-cybersecurity-be-subject-to-a-sox-type-regulation. 

To listen to more ISACA podcasts, please visit www.isaca.org/podcasts. 

Guy Pearce joins ISACA?s Lisa Villanueva for a conversation about the traps of Data Governance and management. Guy breaks down Lore vs. Data, reasons for not using information for decision-making, and why data is a shared benefit for the organization.

Stay tuned until the close to hear Guy?s advice on using metaphors when communicating technical concepts to executive leadership.

To read Guy's full article, visit: www.isaca.org/beware-the-traps-of-data-governance.

To listen to more ISACA podcasts, please visit: www.isaca.org/podcasts.