Top IT Security Bloggers

  • PowerShell: A Powerful Tool for Auditors

    Some auditors may not know it, but a useful audit tool has been sitting right at your fingertips all along. The tool is PowerShell, a command-line utility you can use to answer many useful audit questions during your engagements. The benefits to the auditor are at least twofold: it allows you to save time by directly gathering authoritative information from the environment, and it helps you develop a useful industry skill with universal appeal.First, you must be provided access to the tool on...
  • In the Age of Cybersecurity, Are Data Centers Ignoring Physical Security?

    Maintaining a data center is a huge responsibility. While you certainly have systems in place for dealing with cyberthreats, are you giving enough attention to physical security? This is still a very important aspect of the security equation. Five Tips for Keeping Data Centers SecureThe objective of physical data center security is pretty straightforward: keep out unauthorized people while closely monitoring those who do have access. That being said, the actual process of securing a data cent...
  • Experts Share Their Insights on GDPR

    The implications of GDPR have become a popular topic of conversation in the information security and privacy communities. Now that we have arrived in 2018, expect those discussions to become all the more prevalent in advance of the May enforcement deadline.In a panel discussion at ISACA’s CSX Europe conference, experts from ISACA, IAPP and ENISA joined together to provide their insights on GDPR and how to prepare. Watch the video, and in less than five minutes, come away better prepared to en...
  • Simple, Structured Approach Needed to Leverage Threat Patterns

    IT risks come from various sources that are not always easy to identify in advance, making prevention and mitigation really challenging. With the explosive growth in cloud, social, mobile and bring your own device (BYOD) computing, the attack surface is greater than ever, and new attack scenarios become possible due to the complexity of the network topology and the variety of enterprise applications and technologies that have to coexist.Deploying threat patterns, defined as a set of character...
  • Meltdown/Spectre: Moving Forward

    Yesterday, we provided some background information on Meltdown and Spectre, the two issues that are taking the security world (and in fact users of technology in general) by storm. By now, most practitioners are probably up to speed (or getting there) on what the issues are, what caused them, and how to address them in the short term. Looking down the road though, it already is clear that even after the initial cleanup is taken care of, these issues will be with us for a long, long time to com...
  • Understanding Meltdown and Spectre

    There’s a tempest in progress – and, no, I’m not talking about the “bomb cyclone” currently hitting the US eastern seaboard. Instead, I’m referring what’s going on in the technology and security communities in the wake of the newly published Meltdown and Spectre issues.Understanding what these issues are is important for practitioners, regardless of whether you are a security, governance, risk or assurance professional: not only do these issues require action to address, but there’s also a si...
  • New Year, New Technology Energizing ISACA’s Professional Community

    Technology advances at a remarkable pace, connecting enterprises with customers in new ways and positioning organizations to achieve greater success through digital transformation. As ISACA’s professional community is acutely aware, those advancements are accompanied by new security threats, new legal and regulatory challenges, and questions about what all of this will mean for the business technology workforce.Here is one certainty: the roles played by ISACA’s professional community are more...
  • Does the HIPAA Privacy Rule Apply to Elementary and Secondary Schools?

    The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule requires covered entities to protect individuals’ health records and other identifiable health information. This protection is achieved through implementing appropriate privacy safeguards and by setting limits and conditions around the uses and disclosures of that information that may be made without patient authorization. An organization’s obligation to meet these requirements under HIPAA may be created from engagin...
  • 5 Security Tips to Keep in Mind When Developing a New Website

    Few things put a business at more risk than developing a website and not putting an emphasis on security at a very foundational level. Small and large businesses alike are being targeted like never before; hackers are becoming more sophisticated in their methods. If you have a loophole, they will expose it and compromise your business.Thankfully, website security isn’t some impossible challenge that requires tons of resources to execute. Here are some practical tips:1. Carefully analyze diff...
  • Conducting Cloud ROI Analysis May No Longer Be Necessary

    ISACA’s newly released report, How Enterprises Are Calculating Cloud ROI, is a landmark piece of research that, in my opinion, validates the notion that we have reached (or are at least rapidly approaching) that tipping-point where organizations realize that moving their IT infrastructures to the cloud is an inevitable, foregone conclusion. The white paper documents the growing trend for organizations to forgo financial ROI analyses as a way to justify investment in cloud computing, instead re...

Editor's Recommendations

Solution Centres


View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release