Best ISACA Podcasts (2025)

1
Elevate Your Career with Lauren Hasson 18:06

Play Pause

22d ago18:06

18:06

Lauren Hasson is the Founder of DevelopHer, an award-winning career development platform. In this podcast, she'll share a bit about her background and give a sneak peek at her upcoming CPE-eligible event.By ISACA Podcast

1
278 - 9/8 - Jason Hayes, President of Colorado CSA 1:28:38

17d ago1:28:38

1:28:38

Our feature guest this week is Jason Hayes, President of Colorado CSA, interviewed by Frank Victory. News from Elitch Gardens, Xcel, EchoStar, Palantir, DaVita, Swimlane and a lot more!Come join us on the Colorado = Security Slack channel to meet old and new friends.Sign up for our mailing list on the main site to receive weekly updates - https://w…

1
277 - 8/4 - Josh Peltz, VP West @ Zero Networks 57:24

2M ago57:24

57:24

Our feature guest this week is Josh Peltz, VP of the West for Zero Networks. News from Eldora, COOP Rideshare, Red Canary, Optiv, zvelo and a lot more!Come join us on the Colorado = Security Slack channel to meet old and new friends.Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you …

1
Episode 105: Evaluating Risks of Emerging Technologies and Practices 11:15

3M ago11:15

11:15

Staying ahead of risk means understanding new technologies and trends. This episode focuses on how to evaluate emerging threats related to artificial intelligence, blockchain, edge computing, and evolving regulatory landscapes. You will learn how to audit control readiness, policy alignment, and adoption strategies—essential knowledge for CISA ques…

1
Episode 104: Providing Guidance on Information Systems Quality Improvement 10:07

3M ago10:07

10:07

Auditors are expected to identify improvement opportunities and support quality initiatives. In this episode, you will learn how to evaluate continuous improvement programs, recommend control enhancements, and review post-audit actions. You will also explore how these contributions strengthen governance and demonstrate audit value on the CISA exam.…

1
Episode 103: Evaluating Threat and Vulnerability Management 10:44

3M ago10:44

10:44

Organizations must proactively manage threats and vulnerabilities to remain secure. This episode covers how to audit threat intelligence collection, vulnerability assessments, scanning schedules, remediation timelines, and patch prioritization. You will also learn how to tie findings to control effectiveness and audit risk—core tasks for CISA candi…

1
Episode 102: Evaluating Shadow IT Risks and Controls 11:01

3M ago11:01

11:01

Shadow IT introduces risk outside of sanctioned governance. This episode teaches you how to audit unsanctioned applications, unauthorized system use, and spreadsheet-based end-user tools. You will also learn how to identify detection methods, review compensating controls, and evaluate policies to reduce shadow IT exposure—skills that frequently app…

1
Episode 101: Evaluating Policies Related to IT Asset Lifecycle Management 11:03

3M ago11:03

11:03

IT assets require controls from acquisition through disposal. In this episode, you will learn how to evaluate lifecycle policies, including procurement, tagging, usage, reassignment, retirement, and data sanitization. These areas are tested in Domain 4 and require auditors to verify asset traceability, accountability, and risk mitigation. Ready to …

1
Episode 100: Evaluating Privacy and Data Classification Programs 11:17

3M ago11:17

11:17

Privacy and data classification are integral to protecting information assets. This episode explains how to audit privacy frameworks, policy enforcement, classification schemes, and data-handling procedures. You will also learn how to assess program maturity and legal compliance, which are critical for high-scoring performance on the CISA exam. Rea…

1
Episode 99: Evaluating Data Governance Program 10:50

3M ago10:50

10:50

Data governance defines how information is managed, secured, and used. This episode covers how to evaluate data ownership, stewardship, classification, and lifecycle controls. You will learn how auditors assess alignment with policies and regulatory requirements, making this a key episode for Domain 2 and Domain 5 exam success. Ready to start your …

1
Episode 98: Evaluating IT Operations and Maintenance Practices 10:38

3M ago10:38

10:38

Operations and maintenance are critical to IT service delivery and risk control. In this episode, you will learn how to audit operational support, preventive maintenance routines, service management processes, and monitoring controls. The CISA exam frequently tests your ability to identify deficiencies in daily IT operations. Ready to start your jo…

1
276 - 7/7 - Rob Lee, Chief of Research and Chief AI Officer at SANS Institute 1:21:29

3M ago1:21:29

1:21:29

Our feature guest this week is Rob Lee, Chief of Research and Chief AI Officer at SANS Institute, interviewed by Frank Victory. News from United Airlines, Brad Feld, Swimlane, Lares, Red Canary, Ping Identity and a lot more!Come join us on the Colorado = Security Slack channel to meet old and new friends.Sign up for our mailing list on the main sit…

1
Episode 97: Evaluating Enterprise Architecture Alignment 11:07

3M ago11:07

11:07

Enterprise architecture must align with organizational strategy to ensure long-term IT value. This episode teaches you how to assess architectural documentation, governance processes, technology standards, and decision-making roles. You will also explore how to audit EA for strategic alignment and integration with enterprise risk management. Ready …

1
Episode 96: Evaluating End-User Support Processes 10:40

3M ago10:40

10:40

Supporting end users requires processes that are responsive, secure, and well-documented. This episode focuses on how to audit help desk operations, ticket resolution, escalation paths, and training services. You will also learn how to evaluate whether support metrics align with service level expectations and risk management goals. Ready to start y…

1
Episode 95: Evaluating Supply Chain Risk and Integrity Issues 10:49

3M ago10:49

10:49

Modern IT environments rely on complex supply chains that must be evaluated for risk. This episode explores how to assess supplier integrity, dependency risk, cybersecurity posture, and fraud potential. You will also learn how to verify controls over third-party access and subcontractors, all of which are relevant for audit scenarios on the CISA ex…

1
Episode 94: Evaluating IT Vendor Selection and Contract Management 10:34

3M ago10:34

10:34

Auditors play an essential role in verifying that vendor selection and contract oversight meet organizational, legal, and regulatory expectations. In this episode, you will learn how to evaluate procurement criteria, due diligence processes, contract terms, and ongoing monitoring practices. These concepts are frequently tested on the CISA exam in q…

1
Episode 93: Evaluating IT Key Performance and Risk Indicators 11:12

3M ago11:12

11:12

Key performance and risk indicators provide insight into IT effectiveness and exposure. This episode teaches you how to evaluate how KPIs and KRIs are selected, monitored, and used to guide decision-making. You will learn how auditors validate metric accuracy, relevance, and consistency with business goals, all of which are crucial for mastering Do…

1
Episode 92: Evaluating Ownership of IT Risks, Controls, and Standards 10:49

3M ago10:49

10:49

Effective risk management requires clearly assigned ownership. In this episode, you will learn how to evaluate whether an organization has defined responsibility for IT risks, control implementation, and compliance with internal standards. Understanding ownership structure is a critical aspect of governance and frequently appears in CISA scenarios …

1
Episode 91: Evaluating IT Resource and Project Management Alignment 10:46

3M ago10:46

10:46

To succeed on the CISA exam, you must be able to assess whether IT resources and project management practices support enterprise objectives. This episode walks through how to evaluate resource allocation, project portfolio oversight, scheduling practices, and strategic alignment. You will also learn how to identify gaps in resource governance that …

1
Episode 90: Evaluating IT Governance Effectiveness 10:51

3M ago10:51

10:51

Strong governance ensures that IT delivers value and manages risk. This episode explains how to evaluate governance frameworks, board oversight, decision-making processes, and policy enforcement. You will also explore the relationship between governance maturity and audit planning as emphasized in the CISA exam. Ready to start your journey with con…

1
Episode 89: Evaluating IT Strategy Alignment 10:42

3M ago10:42

10:42

IT strategy must support business goals and risk tolerance. In this episode, you will learn how to assess whether IT initiatives are aligned with enterprise objectives, supported by governance, and tracked with appropriate metrics. Strategic alignment is a frequent theme in Domain 2 and appears in exam scenarios involving IT oversight. Ready to sta…

1
Episode 88: Quality Assurance and Improvement of Audit Processes 11:40

3M ago11:40

11:40

Audit functions must be continuously evaluated and improved. This episode covers quality assurance techniques including internal assessments, external reviews, performance metrics, and lessons learned. You will learn how to audit the audit function itself and ensure compliance with professional standards. Ready to start your journey with confidence…

1
Episode 87: Evaluating Automation and Decision-Making Systems 11:19

3M ago11:19

11:19

Automated systems introduce unique risks and controls. This episode teaches you how to audit robotic process automation, decision engines, AI tools, and algorithmic logic. You will learn how to assess governance, bias, and control design in technology-driven environments, which are increasingly tested on the CISA exam. Ready to start your journey w…

1
Episode 86: Utilizing Data Analytics in Auditing 11:24

3M ago11:24

11:24

Data analytics is transforming how audits are conducted. In this episode, you will explore how to apply analytic tools for risk assessment, control testing, and anomaly detection. You will also learn how to evaluate data quality and integrate analytics into audit workflows, aligning with CISA’s emphasis on technology-enabled audits. Ready to start …

1
Episode 85: Conducting Post-Audit Follow-Up 11:20

3M ago11:20

11:20

The audit is not complete until findings have been addressed. This episode focuses on follow-up activities, including how to verify remediation, reassess risk, and update stakeholders. You will learn how to document follow-up results and integrate them into future audit planning, a key topic for CISA candidates. Ready to start your journey with con…

1
Episode 84: Communicating Audit Results and Recommendations 11:52

3M ago11:52

11:52

Effective communication is a key skill for audit professionals. This episode covers how to present findings clearly, structure audit reports, and develop actionable recommendations. You will also learn how to handle disagreements with stakeholders and follow up on implementation, all of which are part of ISACA’s expectations. Ready to start your jo…

1
Episode 83: Applying Project Management in IS Audits 11:14

3M ago11:14

11:14

Auditors often lead projects that require formal planning and control. This episode explains how to apply project management principles within the audit context. Topics include scheduling, resourcing, risk management, and change tracking, all of which help auditors deliver results efficiently and are emphasized in the CISA exam. Ready to start your…

1
Episode 82: Conducting Audits According to IS Audit Standards 11:52

3M ago11:52

11:52

This episode focuses on ISACA's audit standards and how to apply them during each phase of the audit process. You will learn how to ensure consistency, quality, and ethical conduct in your audits. Key topics include evidence collection, documentation, communication, and stakeholder engagement, all of which are tested on the CISA exam. Ready to star…

1
Episode 81: Planning Effective Information Systems Audits 11:54

3M ago11:54

11:54

Audit planning is the foundation of a successful engagement. In this episode, you will learn how to define audit scope, assess risk, allocate resources, and align objectives with organizational priorities. The CISA exam emphasizes your ability to create structured, risk-based audit plans that support clear execution. Ready to start your journey wit…

1
Episode 80: Evidence Collection and Digital Forensics 11:13

3M ago11:13

11:13

Auditors may need to evaluate how evidence is preserved and used in investigations. This episode introduces forensic readiness, chain of custody, data integrity controls, and tool validation. You will also explore how forensic practices align with legal requirements and audit objectives in Domain 5. Ready to start your journey with confidence? Lear…

1
Episode 79: Security Incident Response Management 11:20

3M ago11:20

11:20

Incident response is a structured process that minimizes damage and recovers operations. This episode covers detection, escalation, containment, recovery, and reporting. You will learn how to evaluate incident handling procedures, assess team readiness, and align response plans with audit requirements. Ready to start your journey with confidence? L…

1
Episode 78: Security Monitoring Tools and Techniques 12:03

3M ago12:03

12:03

Ongoing monitoring is vital for detecting and responding to threats. In this episode, you will explore how to evaluate log management, SIEM systems, network monitoring tools, and intrusion detection. Auditors must assess coverage, alerting capabilities, and response documentation to support Domain 5 objectives. Ready to start your journey with conf…

1
Episode 77: Security Testing Tools and Techniques 11:46

3M ago11:46

11:46

Security testing reveals weaknesses before attackers can exploit them. This episode explains how to audit vulnerability scanning, penetration testing, static code analysis, and system hardening. You will also learn how to interpret test results and validate remediation, which are common elements in Domain 5 questions. Ready to start your journey wi…

1
Episode 76: Information System Attack Methods and Techniques 11:53

3M ago11:53

11:53

To audit effectively, you must understand how systems are attacked. This episode introduces common techniques such as phishing, malware, denial of service, and SQL injection. You will learn how to assess organizational preparedness and how this knowledge applies to audit procedures and CISA scenario questions. Ready to start your journey with confi…

1
Episode 75: Security Awareness Training and Programs 11:52

3M ago11:52

11:52

Human error is a top cause of security breaches. This episode covers how to evaluate security awareness training programs, including content quality, delivery methods, tracking, and feedback mechanisms. You will also learn how to link training effectiveness with audit findings and policy compliance. Ready to start your journey with confidence? Lear…

1
Episode 74: Mobile, Wireless, and IoT Device Security 11:32

3M ago11:32

11:32

Endpoint diversity brings complexity to audits. In this episode, you will learn how to evaluate controls for mobile devices, wireless networks, and Internet of Things technologies. Topics include encryption, mobile device management, authentication, and endpoint hardening, all of which are relevant to CISA Domain 5. Ready to start your journey with…

1
Episode 73: Cloud and Virtualized Environments 12:11

3M ago12:11

12:11

Cloud and virtual systems require unique controls and audit approaches. This episode focuses on how to evaluate cloud security, shared responsibility models, virtual machine management, and containerization. You will also explore how to assess compliance and data protection within cloud-based infrastructures. Ready to start your journey with confid…

1
Episode 72: Public Key Infrastructure (PKI) 11:29

3M ago11:29

11:29

Public Key Infrastructure supports digital trust by enabling secure authentication and communication. In this episode, you will learn how to audit PKI components, such as certificate authorities, digital signatures, and key lifecycles. Understanding how PKI works and how to evaluate its controls is vital for passing Domain 5. Ready to start your jo…

1
Episode 71: Data Encryption Methods and Controls 11:44

3M ago11:44

11:44

Encryption is one of the most powerful tools for protecting sensitive data. This episode explains how to audit encryption in transit and at rest, evaluate key management practices, and assess alignment with organizational policies and legal requirements. These concepts are essential for Domain 5 and appear frequently in security-related CISA exam q…

1
Episode 70: Data Loss Prevention 11:10

3M ago11:10

11:10

Data loss prevention (DLP) tools and policies help prevent unauthorized exposure of sensitive information. In this episode, you will learn how to evaluate DLP strategy, endpoint protections, outbound filtering, and audit logging. This is a highly tested topic that connects information protection with compliance and incident response. Ready to start…

1
Episode 69: Network and Endpoint Security 11:22

3M ago11:22

11:22

Network and endpoint security controls are essential for protecting IT infrastructure. This episode explains how to audit firewalls, intrusion detection systems, antivirus software, and patching procedures. You will also learn how to assess monitoring practices and system hardening strategies for Domain 5. Ready to start your journey with confidenc…

1
Episode 68: Identity and Access Management (IAM) 11:31

3M ago11:31

11:31

Access control is a critical concept tested throughout the CISA exam. In this episode, you will learn how to audit identity provisioning, authentication mechanisms, access reviews, and privilege management. Understanding IAM controls will help you confidently address scenarios involving security, compliance, and fraud prevention. Ready to start you…

1
Episode 67: Physical and Environmental Controls 11:19

3M ago11:19

11:19

Physical security is a foundational element of protecting information systems. This episode covers perimeter defenses, badge access, fire suppression, climate control, and secure equipment disposal. You will learn how to evaluate the effectiveness of these controls and how questions about physical risks show up on the CISA exam. Ready to start your…

1
Episode 66: Information Asset Security Frameworks, Standards, and Guidelines 11:01

3M ago11:01

11:01

Security frameworks provide the structure for implementing effective controls. In this episode, you will learn how to evaluate ISO 27001, NIST, COBIT, and organizational guidelines. You will also explore how auditors assess alignment with policies and determine whether information protection is governed effectively. Ready to start your journey with…

1
Episode 65: Overview of Domain 5 – Protection of Information Assets 12:06

3M ago12:06

12:06

Domain 5 is all about securing information against unauthorized access, alteration, or loss. This episode provides a strategic overview of confidentiality, integrity, and availability principles and introduces the areas covered by this domain. You will see how security audits connect with governance, operations, and compliance. Ready to start your …

1
Episode 64: Disaster Recovery Planning Fundamentals 11:44

3M ago11:44

11:44

Disaster recovery focuses on restoring IT systems after an outage or catastrophic event. In this episode, you will learn how to audit DR plans, assess backup infrastructure, evaluate recovery site readiness, and verify testing procedures. DR planning is a key area of the CISA exam, especially for questions on system availability and continuity. Rea…

1
Episode 63: Developing and Maintaining a Business Continuity Plan 11:41

3M ago11:41

11:41

Business continuity planning ensures the organization can operate during and after disruptions. This episode explains how auditors evaluate continuity plan development, critical process identification, training, and documentation. You will also learn how plans are tested and updated to remain effective under real-world conditions. Ready to start yo…

1
Episode 62: Data Backup, Storage, and Restoration Practices 10:51

3M ago10:51

10:51

Backup and restoration processes are critical for protecting data integrity and ensuring continuity. In this episode, you will learn how to evaluate backup frequency, storage media security, offsite storage protocols, and restoration testing. Understanding these controls is essential for CISA exam topics related to recovery readiness and operationa…

1
Episode 61: System and Operational Resilience 10:15

3M ago10:15

10:15

Operational resilience is about sustaining essential services under stress. This episode explains how auditors evaluate systems for fault tolerance, high availability, and continuous operation. You will learn how to assess risk mitigation strategies, redundancy planning, and the effectiveness of proactive monitoring. These areas are core to Domain …

1
Episode 60: Conducting a Business Impact Analysis (BIA) 13:56

3M ago13:56

13:56

The business impact analysis is a foundational activity in resilience planning. In this episode, you will learn how to audit BIA processes, assess documentation of critical functions, and evaluate recovery time and recovery point objectives. CISA candidates must understand how to validate BIA results and tie them to continuity plans. Ready to start…