Creativity is the use of imagination or original ideas, but it's not that important for internal auditing. Given that reporting rules and regulations are non-negotiable, there is little room for creativity and original ideas, right? Wrong! Here's what you can do to be creative while conducting audits.
Latest Content From MISTI
A CISO’s list of responsibilities are vast. They need to protect, defend, and identify any risks and potential attacks that may hit their company’s environment. However, knowing what needs protection is its own challenge.
The presentation skills that you were likely taught in high school and college in no way prepared you for the reality of delivering reports in front of boards and audit committees. This article is your crash-course in small group presentations and gives you two key areas to consider.
Cybereason’s Israel Barak discusses the approach that far too many businesses take when it comes to their security strategy and highlights the steps that security professionals should be seeking to rethink the programs and challenges they face tied to measurably reducing risk within the business.
Rotational auditing has been a fishing hole for years. The pros and cons have been fished around too. And then fished around some more. Auditors have a way of fishing. But paddling deeper into audit's consulting water, rotational auditing could provide a venue for teaching risk awareness.
Developing a threat hunting program may be challenging, but it doesn’t have to be. In this feature article, one subject matter expert provides us with a glimpse into her experience on the topic and what you can expect.
TalaTek’s Baan Alsinawi provides an update on the state of third-party risk management as it relates to IT auditors and sheds light on the hidden traps they should look out for as it relates to trusted business partners.
CA Veracode’s Chris Wysopal discusses how the 2016 presidential election hack broadened the horizon on how security warriors think about defending their data and offers up advice on what they should consider when it comes to protecting sensitive information.
After 25 years in internal audit, I have come to the conclusion that excellent audit planning is essential to ensuring an effective audit. What is a successful audit? A good measure is whether both audit management and the auditee feel good about the end results.
Escoute Consulting President Mark Thomas dives into the topic of communication challenges within the enterprise, why they exist among IT audit and cybersecurity, and the steps you can take to ensure those silos are broken down.
Cylance’s Colt Blackmore discusses why leveraging AI isn’t limited to purchasing an out-of-the-box solution and details the critical steps that security practitioners should take to successfully utilizing the technology to their organization’s advantage.
In this age of vendors offering simple solutions to complex problems, defenders need the ability to see past the glamour of marketing. That's where attack simulation technology can help, enabling use cases in the market that help answer pressing questions in enterprise security.
Information drives modern organizations, so it is imperative that metrics be used that give management objective information. In this instructive article by MISTI's Dr. Hernan Murdock, he advises on how internal auditors can do just that.
Trustwave’s Karl Sigler discusses the state of cyber threats in 2018 and suggests what areas of your security strategy you should focus on to take proactive steps in measurably reducing risk within the business.