Rolling Meadows, IL, USA (1 April 2010)—Professionals with eight or more years of IT and business experience can now apply for ISACA’s new Certified in Risk and Information Systems Control (CRISC) designation—without taking an exam—under a grandfathering program. The program, which opened today, is designed to recognize professionals who are highly experienced in the following domains:
· Risk identification, assessment and evaluation
· Risk response
· Risk monitoring
· IS control design and implementation
· IS control monitoring and maintenance
To earn the CRISC (pronounced “see risk”) credential through the grandfathering program, candidates must prove that at least six of the eight years of experience included specific experience performing the responsibilities across all of the five domains. They must also prove at least three years of experience in risk identification, assessment, evaluation, response and monitoring. Candidates must complete an application at www.isaca.org/crisc and submit an application fee.
The grandfathering program will run from April 2010 through March 2011. The first CRISC exam will be administered in 2011.
“Enterprises around the world are rapidly realizing the importance of monitoring, controlling and benefiting from risk-related activities. The CRISC designation helps provide assurance to employers that professionals who earn it are experienced in identifying and evaluating the risks unique to their specific organization,” said Urs Fischer, chair of ISACA’s CRISC Task Force. “Earning CRISC also helps risk and control professionals demonstrate that they have the proven ability to design, implement, monitor and maintain effective risk-based information systems controls.”
ISACA, a global association of 86,000 IT governance, security, risk and assurance professionals, also administers three other certifications:
· Certified Information Systems Auditor (CISA), earned by 75,000 professionals since it was established in 1978
· Certified Information Security Manager (CISM), earned by 13,000 professionals since its inception in 2002
· Certified in the Governance of Enterprise IT (CGEIT), earned by more than 4,000 professionals since 2007
CRISC complements ISACA’s existing certifications:
· CISA is designed for IT professionals who perform independent reviews of control design and operational effectiveness; CRISC is for IT and business professionals who identify and manage risk, and design, implement and maintain IS controls.
· CISM is for individuals who manage, design, oversee and/or assess an enterprise’s information security, including the identification and management of information security risks; CRISC is for IT professionals whose roles also encompass operational and compliance considerations.
· CGEIT is for IT and business professionals who have a significant management, advisory or assurance role relating to the governance of IT, including risk management; CRISC is for IT and business professionals who identify, evaluate and monitor risk and are engaged at an operational level to mitigate risk.
Additional information about ISACA certifications is available at www.isaca.org/certification.
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.
ISACA offers the Business Model for Information Security (BMIS) and the IT Assurance Framework (ITAF). It also developed and maintains the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.
Contact:
Kristen Kessinger, +1.847.660.5512, news@isaca.org
Joanne Duffer, +1.847.660.5564, news@isaca.org
Monday, April 5, 2010
Wednesday, March 17, 2010
Globally Recognized IS Audit Designation Reaches Major Milestone: ISACA Certifies the 75,000th CISA
Rolling Meadows, IL, USA (11 March 2010)—The Certified Information Systems Auditor (CISA) credential, one of the globally recognized professional designations from ISACA, continues its growth at a record pace. ISACA, a nonprofit association of IT governance, security and assurance professionals, recently reached a milestone by certifying the 75,000th CISA.
Since its introduction in 1978, the CISA credential has become recognized and adopted worldwide as a symbol of excellence in information technology audit, control and security professionals. In fact, a survey of ISACA members revealed that 93 percent of CISAs value their certification, and 72 percent of CISAs believe that the CISA certification has helped advance their career. In addition, a 2010 study by Foote Partners LLC found CISA to be among top three certifications with the highest pay premiums in the security category, and an Information Security Media Group study found CISA to be among the top 10 sought-after certifications for 2010.
“The CISA certification is sought after because enterprises know that when they hire a CISA, they are getting a professional with quality skills, current expertise and dedication to their field,” said Howard Nicholson, CISA, CGEIT, chair of ISACA’s Credentialing Board. “The stringent requirements to achieve and maintain the CISA designation are determined by experienced, global IT leaders to ensure the utmost value of the certification to professionals and their organizations worldwide.”
CISA has earned accreditation from the American National Standards Institute (ANSI) under the International Standard ANSI/ISO/IEC 17024 for the past three years. This accreditation is a benchmark for global organizations that certify individuals worldwide.
The CISA exam is now offered in 12 languages and at more than 200 locations worldwide. The next exams will be held in June and December 2010.
ISACA also administers the Certified Information Security Manager (CISM) certification, established in 2002 and earned by more than 12,500 professionals since its inception; the Certified in the Governance of Enterprise IT (CGEIT) certification, which has been earned by more than 4,000 professionals since it was established in 2007; and the new Certified in Risk and Information Systems Control (CRISC) certification.
Additional information on ISACA’s certifications is available at www.isaca.org/certification.
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.
ISACA offers the Business Model for Information Security (BMIS) and the IT Assurance Framework (ITAF). It also developed and maintains the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.
Contact:
Kristen Kessinger, +1.847.660.5512, news@isaca.org
Deborah Vohasek, +1.847.660.5566, news@isaca.org
Joanne Duffer, +1.847.660.5564, news@isaca.org
Since its introduction in 1978, the CISA credential has become recognized and adopted worldwide as a symbol of excellence in information technology audit, control and security professionals. In fact, a survey of ISACA members revealed that 93 percent of CISAs value their certification, and 72 percent of CISAs believe that the CISA certification has helped advance their career. In addition, a 2010 study by Foote Partners LLC found CISA to be among top three certifications with the highest pay premiums in the security category, and an Information Security Media Group study found CISA to be among the top 10 sought-after certifications for 2010.
“The CISA certification is sought after because enterprises know that when they hire a CISA, they are getting a professional with quality skills, current expertise and dedication to their field,” said Howard Nicholson, CISA, CGEIT, chair of ISACA’s Credentialing Board. “The stringent requirements to achieve and maintain the CISA designation are determined by experienced, global IT leaders to ensure the utmost value of the certification to professionals and their organizations worldwide.”
CISA has earned accreditation from the American National Standards Institute (ANSI) under the International Standard ANSI/ISO/IEC 17024 for the past three years. This accreditation is a benchmark for global organizations that certify individuals worldwide.
The CISA exam is now offered in 12 languages and at more than 200 locations worldwide. The next exams will be held in June and December 2010.
ISACA also administers the Certified Information Security Manager (CISM) certification, established in 2002 and earned by more than 12,500 professionals since its inception; the Certified in the Governance of Enterprise IT (CGEIT) certification, which has been earned by more than 4,000 professionals since it was established in 2007; and the new Certified in Risk and Information Systems Control (CRISC) certification.
Additional information on ISACA’s certifications is available at www.isaca.org/certification.
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.
ISACA offers the Business Model for Information Security (BMIS) and the IT Assurance Framework (ITAF). It also developed and maintains the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.
Contact:
Kristen Kessinger, +1.847.660.5512, news@isaca.org
Deborah Vohasek, +1.847.660.5566, news@isaca.org
Joanne Duffer, +1.847.660.5564, news@isaca.org
Thursday, October 29, 2009
Cloud Computing Benefits and Risks Detailed in New ISACA Guidance
Rolling Meadows, IL, USA (29 October 2009)— Cloud computing is rapidly becoming a business information technology (IT) buzz word, but there is still much debate on what exactly it is and how it benefits enterprises. A new white paper from ISACA, a nonprofit association of 86,000 global information technology professionals, clearly describes how enterprises can achieve greater efficiencies and mitigate new risks associated with cloud computing. The white paper, Cloud Computing: Business Benefits with Security, Governance and Assurance Perspectives, is available as a free download from www.isaca.org/cloud.
Cloud computing offers enterprises the ability to reduce IT infrastructure costs through a model of paying for service on demand. This requires less upfront capital expenditure and allows businesses to benefit from the ability to efficiently ramp up and power down based on current needs, as well as the flexibility to introduce new IT services.
“One way of describing cloud computing is to compare it to a utility,” said Jeff Spivey, trustee for the IT Governance Institute, which is affiliated with ISACA, and director of Security Risk Management, Inc. “In the same way businesses pay for the amount of electricity, gas and water that they use, there is now the ability to pay for IT services based on how much is consumed.”
As with any new advancement, though, there are many facets to consider.
“The benefits of cloud computing are tremendous, but it also creates new risks and security concerns,” added Spivey. “Through cloud computing, IT services can be contracted through an external provider, so new governance and control approaches are needed to ensure flexibility, resilience and security.”
According to the white paper, in addition to the financial savings involved with cloud computing, one of this model’s strengths is for enterprises to streamline processes and increase innovation. This can translate into more reliable backup, more satisfied customers, increased scalability and possibly even higher margins.
While the risks associated with cloud computing may be similar to business IT risks already addressed, enterprises may need to adjust their policies and procedures to focus on the new dynamic environment. The white paper also delivers effective strategies for mitigating risks and addressing assurance issues related to cloud computing.
“The cloud represents a major change in the way computing resources will be utilized,” said Spivey. “By addressing many of these issues in advance, and with the involvement of a broad range of stakeholders, enterprises can gain significant advantage with appropriate control.”
In recognition of new risks around this emergent technology, ISACA has become an affiliate of the Cloud Security Alliance, which collaborated on this paper and will be involved in joint projects with ISACA in the future (www.cloudsecurityalliance.org).
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.
ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business, and publishes the Business Model for Information Security.
Contact:
Kristen Kessinger, ISACA, +1.847.660.5512, news@isaca.org
Cloud computing offers enterprises the ability to reduce IT infrastructure costs through a model of paying for service on demand. This requires less upfront capital expenditure and allows businesses to benefit from the ability to efficiently ramp up and power down based on current needs, as well as the flexibility to introduce new IT services.
“One way of describing cloud computing is to compare it to a utility,” said Jeff Spivey, trustee for the IT Governance Institute, which is affiliated with ISACA, and director of Security Risk Management, Inc. “In the same way businesses pay for the amount of electricity, gas and water that they use, there is now the ability to pay for IT services based on how much is consumed.”
As with any new advancement, though, there are many facets to consider.
“The benefits of cloud computing are tremendous, but it also creates new risks and security concerns,” added Spivey. “Through cloud computing, IT services can be contracted through an external provider, so new governance and control approaches are needed to ensure flexibility, resilience and security.”
According to the white paper, in addition to the financial savings involved with cloud computing, one of this model’s strengths is for enterprises to streamline processes and increase innovation. This can translate into more reliable backup, more satisfied customers, increased scalability and possibly even higher margins.
While the risks associated with cloud computing may be similar to business IT risks already addressed, enterprises may need to adjust their policies and procedures to focus on the new dynamic environment. The white paper also delivers effective strategies for mitigating risks and addressing assurance issues related to cloud computing.
“The cloud represents a major change in the way computing resources will be utilized,” said Spivey. “By addressing many of these issues in advance, and with the involvement of a broad range of stakeholders, enterprises can gain significant advantage with appropriate control.”
In recognition of new risks around this emergent technology, ISACA has become an affiliate of the Cloud Security Alliance, which collaborated on this paper and will be involved in joint projects with ISACA in the future (www.cloudsecurityalliance.org).
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.
ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business, and publishes the Business Model for Information Security.
Contact:
Kristen Kessinger, ISACA, +1.847.660.5512, news@isaca.org
Wednesday, October 21, 2009
Survey: Employees Plan to Spend Nearly Two Full Work Days Shopping for the Holidays Using Work Computers
ISACA research reveals major gap between employee’s online behaviors and business expectations
Rolling Meadows, IL, USA (21 October 2009)—Employees plan to spend nearly two full working days (14.4 hours) on average shopping online from a work computer this holiday season, according to a survey conducted on behalf of ISACA, a nonprofit association of 86,000 information technology (IT) professionals. One in 10 plans to spend at least 30 hours shopping online at work. Convenience (34%) and boredom (23%) are the biggest motivators, according to those polled.
Despite an economy expected to show flat or declining holiday retail sales, the second annual “Shopping on the Job: Online Holiday Shopping and Workplace Internet Safety” survey found that fully half of those surveyed plan to shop online for the holidays using a work computer. Less surprising is a growing uncertainty—the number of employees who are unsure about whether they will spend more or less time shopping online compared to a year ago has doubled.
The potential danger of shopping online is that it can open the door to viruses, spam and phishing attacks that invade the workplace and cost enterprises thousands per employee in lost productivity and potentially millions in destruction or compromise of corporate data.
Employees who shop online using a work computer are also likely to engage in other high-risk behaviors. Survey participants also bank online (51%), click on e-mail links redirecting them to shopping sites (40%) and click on links from social network sites (15%). Yet nearly one in five says they are not concerned that their online shopping habits may affect the safety of their organization’s IT infrastructure.
“With the Internet now available to almost any employee in the workplace, it’s unrealistic to think that companies can completely stop the use of work computers for online shopping,” said Robert Stroud, international vice president of ISACA and vice president of IT service management and governance for the service management business unit at CA Inc. “What companies can and should do is educate employees about the risks of online shopping and remind them of their company’s security policy. This is especially important this year, when the convenience of shopping online may be very appealing to employees whose workloads have doubled or tripled because of downsizing.”
Upwardly Mobile Shopping
This survey also found that more than one in 10 Americans who use a mobile work device such as a BlackBerry or iPhone plan to use it for holiday shopping. The increasing use of mobile work devices for personal business such as shopping can lead to additional security issues and exposure to data loss for a company.
“The lines between work and personal data are becoming more and more blurred as a growing number of people check work e-mail from their own phone or PDA, or use a work-supplied mobile device to shop or update their Facebook page. As our mobility increases, so does the risk to our corporate IT systems,” said John Pironti, a member of ISACA’s Certification Task Force and chief information risk strategist for Archer Technologies.
A significant percentage of those surveyed do not actively manage their work computer’s security. Thirty percent report that they leave security up to their company’s IT department. Of those who connect via a wireless connection, 30% don’t or don’t know how to check the security of wireless settings and just 21% personally check their work computer for the most recent security patches.
Reality Gap Between Employees and the IT Department
A separate ISACA survey of more than 1,500 IT professionals, who are ISACA members in nine countries, conducted during the same time period shows a major gap between what the IT department believes and what the employees are planning when it comes to online holiday shopping. Close to half (48%) of those in IT believe employees will spend just over one work day, or nine hours, shopping online from a work computer—yet ISACA’s consumer survey shows that employees will average closer to two work days, or 14.4 hours.
IT professionals are realistic about the potentially staggering costs of shopping online for the holidays from workplace computers. One in four estimates that their company will lose US $15,000 or more per employee in productivity during this year’s holiday season.
“The reality gap between the IT department’s perceptions and the online shopping behaviors of the rest of the company actually represents an important opportunity for IT,” said Paul Williams, a member of ISACA’s Governance Advisory Council and a past president of the association. “By educating employees and communicating common-sense online policies, IT can better protect one of the most critical assets a company has—its IT systems.”
5 Tips for Safe Shopping From the Office Computer
ISACA recommends that employees and IT departments take the following steps to reduce the risk of spam, viruses and accidental downloading of backdoor “agents” that can highjack corporate data.
For online shoppers:
1) Use your desktop PC, not your mobile device, to shop, because your desktop browser is likely to be more secure.
2) Protect sensitive information, like credit card numbers, by password-protecting both your mobile device and its memory card.
3) Make sure you update your anti-virus and anti-malware programs continually.
4) Treat social networking sites with the same caution as other web sites—social sites are a growing target for fraudsters and virus writers.
5) Be cautious of special offers. If it looks too good to be true, it probably is. Fake online offers and coupons may lead to harmful sites, so be suspicious.
For the IT department:
1) Educate employees. Blocking sites can do more harm than good, causing employees to seek out less secure ways to get around your blockade. Education works better.
2) Get employees on board with learning by teaching them how to protect both their work computers and their home computers.
3) Reinforce what you teach by having employees sign an acceptable-use policy every year.
4) Offer a “safe zone” for holiday shopping—create an online sandbox that can be taken down after the holidays.
5) Don’t wait until Cyber Monday to step up security. Think of “Cyber Season” as the time from September to January and be extra-diligent throughout that time.
About the ISACA Shopping on the Job Survey
The second annual “Shopping on the Job: Online Holiday Shopping and Workplace Internet Safety” survey is based on online polling in September 2009 of 1,210 US consumers and 1,513 IT professionals. The IT portion of the study provides the business/IT department’s perspective, polling members of ISACA in nine countries: the US, Canada, Mexico, the UK, France, Germany, Hong Kong, India and Australia. The study, which was designed to capture insights about online holiday shopping at work and employee compliance with workplace policies governing online shopping, was conducted by M/A/R/C Research and ISACA, respectively. The M/A/R/C study results contain a margin of error of 3.9% at the 95% confidence level.
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.
ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business, and publishes the Business Model for Information Security.
Contact:
Kristen Kessinger, ISACA, +1.847.660.5512, news@isaca.org
Marv Gellman, Ketchum, +1.646.935.3907, marv.gellman@ketchum.com
Rolling Meadows, IL, USA (21 October 2009)—Employees plan to spend nearly two full working days (14.4 hours) on average shopping online from a work computer this holiday season, according to a survey conducted on behalf of ISACA, a nonprofit association of 86,000 information technology (IT) professionals. One in 10 plans to spend at least 30 hours shopping online at work. Convenience (34%) and boredom (23%) are the biggest motivators, according to those polled.
Despite an economy expected to show flat or declining holiday retail sales, the second annual “Shopping on the Job: Online Holiday Shopping and Workplace Internet Safety” survey found that fully half of those surveyed plan to shop online for the holidays using a work computer. Less surprising is a growing uncertainty—the number of employees who are unsure about whether they will spend more or less time shopping online compared to a year ago has doubled.
The potential danger of shopping online is that it can open the door to viruses, spam and phishing attacks that invade the workplace and cost enterprises thousands per employee in lost productivity and potentially millions in destruction or compromise of corporate data.
Employees who shop online using a work computer are also likely to engage in other high-risk behaviors. Survey participants also bank online (51%), click on e-mail links redirecting them to shopping sites (40%) and click on links from social network sites (15%). Yet nearly one in five says they are not concerned that their online shopping habits may affect the safety of their organization’s IT infrastructure.
“With the Internet now available to almost any employee in the workplace, it’s unrealistic to think that companies can completely stop the use of work computers for online shopping,” said Robert Stroud, international vice president of ISACA and vice president of IT service management and governance for the service management business unit at CA Inc. “What companies can and should do is educate employees about the risks of online shopping and remind them of their company’s security policy. This is especially important this year, when the convenience of shopping online may be very appealing to employees whose workloads have doubled or tripled because of downsizing.”
Upwardly Mobile Shopping
This survey also found that more than one in 10 Americans who use a mobile work device such as a BlackBerry or iPhone plan to use it for holiday shopping. The increasing use of mobile work devices for personal business such as shopping can lead to additional security issues and exposure to data loss for a company.
“The lines between work and personal data are becoming more and more blurred as a growing number of people check work e-mail from their own phone or PDA, or use a work-supplied mobile device to shop or update their Facebook page. As our mobility increases, so does the risk to our corporate IT systems,” said John Pironti, a member of ISACA’s Certification Task Force and chief information risk strategist for Archer Technologies.
A significant percentage of those surveyed do not actively manage their work computer’s security. Thirty percent report that they leave security up to their company’s IT department. Of those who connect via a wireless connection, 30% don’t or don’t know how to check the security of wireless settings and just 21% personally check their work computer for the most recent security patches.
Reality Gap Between Employees and the IT Department
A separate ISACA survey of more than 1,500 IT professionals, who are ISACA members in nine countries, conducted during the same time period shows a major gap between what the IT department believes and what the employees are planning when it comes to online holiday shopping. Close to half (48%) of those in IT believe employees will spend just over one work day, or nine hours, shopping online from a work computer—yet ISACA’s consumer survey shows that employees will average closer to two work days, or 14.4 hours.
IT professionals are realistic about the potentially staggering costs of shopping online for the holidays from workplace computers. One in four estimates that their company will lose US $15,000 or more per employee in productivity during this year’s holiday season.
“The reality gap between the IT department’s perceptions and the online shopping behaviors of the rest of the company actually represents an important opportunity for IT,” said Paul Williams, a member of ISACA’s Governance Advisory Council and a past president of the association. “By educating employees and communicating common-sense online policies, IT can better protect one of the most critical assets a company has—its IT systems.”
5 Tips for Safe Shopping From the Office Computer
ISACA recommends that employees and IT departments take the following steps to reduce the risk of spam, viruses and accidental downloading of backdoor “agents” that can highjack corporate data.
For online shoppers:
1) Use your desktop PC, not your mobile device, to shop, because your desktop browser is likely to be more secure.
2) Protect sensitive information, like credit card numbers, by password-protecting both your mobile device and its memory card.
3) Make sure you update your anti-virus and anti-malware programs continually.
4) Treat social networking sites with the same caution as other web sites—social sites are a growing target for fraudsters and virus writers.
5) Be cautious of special offers. If it looks too good to be true, it probably is. Fake online offers and coupons may lead to harmful sites, so be suspicious.
For the IT department:
1) Educate employees. Blocking sites can do more harm than good, causing employees to seek out less secure ways to get around your blockade. Education works better.
2) Get employees on board with learning by teaching them how to protect both their work computers and their home computers.
3) Reinforce what you teach by having employees sign an acceptable-use policy every year.
4) Offer a “safe zone” for holiday shopping—create an online sandbox that can be taken down after the holidays.
5) Don’t wait until Cyber Monday to step up security. Think of “Cyber Season” as the time from September to January and be extra-diligent throughout that time.
About the ISACA Shopping on the Job Survey
The second annual “Shopping on the Job: Online Holiday Shopping and Workplace Internet Safety” survey is based on online polling in September 2009 of 1,210 US consumers and 1,513 IT professionals. The IT portion of the study provides the business/IT department’s perspective, polling members of ISACA in nine countries: the US, Canada, Mexico, the UK, France, Germany, Hong Kong, India and Australia. The study, which was designed to capture insights about online holiday shopping at work and employee compliance with workplace policies governing online shopping, was conducted by M/A/R/C Research and ISACA, respectively. The M/A/R/C study results contain a margin of error of 3.9% at the 95% confidence level.
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.
ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business, and publishes the Business Model for Information Security.
Contact:
Kristen Kessinger, ISACA, +1.847.660.5512, news@isaca.org
Marv Gellman, Ketchum, +1.646.935.3907, marv.gellman@ketchum.com
Tuesday, August 4, 2009
Nine-country ISACA Survey: Two-thirds of Companies Not Fully Measuring IT Value, Neglecting Competitive Advantage
Rolling Meadows, IL, USA (4 August 2009)—
A nine-country survey of 1,217 IT professionals reveals that enterprises worldwide believe they are realizing value from their IT investments—yet they cannot be sure, as fewer than half have a shared understanding of value across the enterprise, and two-thirds fail to fully measure it.
Conducted by ISACA, an association of 86,000 IT governance, security and assurance professionals, the Value of IT Investments survey found that half of the respondents believe they are realizing between 50-74 percent of expected value from their IT investments, and nearly a fifth believe they are realizing 75-100 percent. Yet, half measure the actual value only “to some extent,” while one in 10 does not measure it at all.
At the same time, half of the respondents reported that accountability for such value measurements is delegated to the IT function itself, instead of remaining with the business, where it belongs. Full results of the survey can be obtained by contacting news@isaca.org.
John Thorp, chair of the Val IT Development Team for ISACA and president of the Thorp Network, commented, “The results of this survey reinforce findings from earlier studies that, while most enterprises feel they are realizing value from IT, few have a clear understanding of what value means, and even fewer measure it. This raises the question, ‘On what basis are spending decisions made?’ Additionally, enterprises that do not fully measure value are unable to determine which investments are successful and which need to be cut—and thereby are likely to miss out on revenue-generating opportunities, pursue unsuccessful investments and neglect competitive advantage.”
Adds Thorp, “These findings support the results of a number of other studies, anecdotal evidence and my own experience that most decisions related to value from IT are subjective, and all too often are based on perception and emotion rather than on facts. Organizations will not come close to realizing the full value of their IT investments until they adopt effective value management practices and assign accountability for the realization of value from those investments to the board and CEO, rather than abdicating it to the CIO.”
Thorp’s view regarding the lack of business accountability for value from increasingly significant and complex IT-related investments is reflected in the 49 percent of respondents stating that the CIO or IT managers are responsible for ensuring that stakeholder returns on such investments are optimized. Only 15 percent said responsibility lies with the board, 11 percent the CEO and 9 percent the CFO. Remarkably, 8 percent said no one was responsible.
On a positive note, 76 percent of respondents are aware of the Val IT framework, and 44 percent of organizations questioned have such a framework or guidelines in place to select the investment that will result in the highest value.
Additionally, despite the challenging economy, 30 percent of companies are increasing their investments in IT this year, while only 13 percent plan to reduce spending and 14 percent plan to freeze it at the current level. In the UK this average isn’t replicated, as just 19 percent of organizations intend to increase their investment while 20 percent plan to cut spending across the board.
Interestingly, among the benefits organizations receive from their IT-related investments, respondents cited “improved customer service” (35 percent) and “cost reduction” (24 percent) as the two most important. Somewhat surprisingly, only 16 percent named “new or improved products and services” as the top benefit. India stands out, with improved customer service as the top-ranked benefit, at 45 percent.
“Organizations should be careful not to ignore the value-generating opportunities of IT in favor of cost cutting. IT has the power to add competitive advantage and significant business value, so it is critical to focus on those opportunities—particularly in troubled economic times,” said Robert Stroud, CGEIT, international vice president of ISACA. “The implementation of Val IT can help enterprises identify more effective metrics, leading to successful investments in IT projects that better align with the strategic goals of their business.”
The survey identified some regional differences—specifically between established economies and fast-growing ones. Of the nine countries surveyed—Australia, Canada, France, Germany, Hong Kong, India, Mexico, the UK and the US—the India-based participants were the most advanced in adopting effective value management practices and assigning accountability for those investments to the business. Seventy percent of respondents’ organizations in India have a framework for selecting the IT-related investments that will result in the greatest value and 57 percent fully measure value. In addition, almost half of Indian organizations are increasing IT-related investment based on potential or expected contribution to business value, and 63 percent said there is a cross-departmental understanding of what constitutes value in IT investment—a figure significantly lower in the UK, at just 22 percent, and the US, at 34 percent. Top-down management responsibility for optimizing IT investment was also evident, with one-third of respondents indicating board or board chair level.
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.
ISACA publishes the COBIT® and Val IT™ frameworks, available as free downloads at www.isaca.org/cobit and www.isaca.org/valit, as well as the upcoming Risk IT framework. The Val IT framework provides organizations with the structure to measure, monitor and optimize the business value realized from IT-related investments.
Contact:
Kristen Kessinger, +1.847.660.5512, news@isaca.org
A nine-country survey of 1,217 IT professionals reveals that enterprises worldwide believe they are realizing value from their IT investments—yet they cannot be sure, as fewer than half have a shared understanding of value across the enterprise, and two-thirds fail to fully measure it.
Conducted by ISACA, an association of 86,000 IT governance, security and assurance professionals, the Value of IT Investments survey found that half of the respondents believe they are realizing between 50-74 percent of expected value from their IT investments, and nearly a fifth believe they are realizing 75-100 percent. Yet, half measure the actual value only “to some extent,” while one in 10 does not measure it at all.
At the same time, half of the respondents reported that accountability for such value measurements is delegated to the IT function itself, instead of remaining with the business, where it belongs. Full results of the survey can be obtained by contacting news@isaca.org.
John Thorp, chair of the Val IT Development Team for ISACA and president of the Thorp Network, commented, “The results of this survey reinforce findings from earlier studies that, while most enterprises feel they are realizing value from IT, few have a clear understanding of what value means, and even fewer measure it. This raises the question, ‘On what basis are spending decisions made?’ Additionally, enterprises that do not fully measure value are unable to determine which investments are successful and which need to be cut—and thereby are likely to miss out on revenue-generating opportunities, pursue unsuccessful investments and neglect competitive advantage.”
Adds Thorp, “These findings support the results of a number of other studies, anecdotal evidence and my own experience that most decisions related to value from IT are subjective, and all too often are based on perception and emotion rather than on facts. Organizations will not come close to realizing the full value of their IT investments until they adopt effective value management practices and assign accountability for the realization of value from those investments to the board and CEO, rather than abdicating it to the CIO.”
Thorp’s view regarding the lack of business accountability for value from increasingly significant and complex IT-related investments is reflected in the 49 percent of respondents stating that the CIO or IT managers are responsible for ensuring that stakeholder returns on such investments are optimized. Only 15 percent said responsibility lies with the board, 11 percent the CEO and 9 percent the CFO. Remarkably, 8 percent said no one was responsible.
On a positive note, 76 percent of respondents are aware of the Val IT framework, and 44 percent of organizations questioned have such a framework or guidelines in place to select the investment that will result in the highest value.
Additionally, despite the challenging economy, 30 percent of companies are increasing their investments in IT this year, while only 13 percent plan to reduce spending and 14 percent plan to freeze it at the current level. In the UK this average isn’t replicated, as just 19 percent of organizations intend to increase their investment while 20 percent plan to cut spending across the board.
Interestingly, among the benefits organizations receive from their IT-related investments, respondents cited “improved customer service” (35 percent) and “cost reduction” (24 percent) as the two most important. Somewhat surprisingly, only 16 percent named “new or improved products and services” as the top benefit. India stands out, with improved customer service as the top-ranked benefit, at 45 percent.
“Organizations should be careful not to ignore the value-generating opportunities of IT in favor of cost cutting. IT has the power to add competitive advantage and significant business value, so it is critical to focus on those opportunities—particularly in troubled economic times,” said Robert Stroud, CGEIT, international vice president of ISACA. “The implementation of Val IT can help enterprises identify more effective metrics, leading to successful investments in IT projects that better align with the strategic goals of their business.”
The survey identified some regional differences—specifically between established economies and fast-growing ones. Of the nine countries surveyed—Australia, Canada, France, Germany, Hong Kong, India, Mexico, the UK and the US—the India-based participants were the most advanced in adopting effective value management practices and assigning accountability for those investments to the business. Seventy percent of respondents’ organizations in India have a framework for selecting the IT-related investments that will result in the greatest value and 57 percent fully measure value. In addition, almost half of Indian organizations are increasing IT-related investment based on potential or expected contribution to business value, and 63 percent said there is a cross-departmental understanding of what constitutes value in IT investment—a figure significantly lower in the UK, at just 22 percent, and the US, at 34 percent. Top-down management responsibility for optimizing IT investment was also evident, with one-third of respondents indicating board or board chair level.
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.
ISACA publishes the COBIT® and Val IT™ frameworks, available as free downloads at www.isaca.org/cobit and www.isaca.org/valit, as well as the upcoming Risk IT framework. The Val IT framework provides organizations with the structure to measure, monitor and optimize the business value realized from IT-related investments.
Contact:
Kristen Kessinger, +1.847.660.5512, news@isaca.org
Subscribe to:
Posts (Atom)
ISACA®.org
Posts
