Rolling Meadows, IL, USA (29 October 2009)— Cloud computing is rapidly becoming a business information technology (IT) buzz word, but there is still much debate on what exactly it is and how it benefits enterprises. A new white paper from ISACA, a nonprofit association of 86,000 global information technology professionals, clearly describes how enterprises can achieve greater efficiencies and mitigate new risks associated with cloud computing. The white paper, Cloud Computing: Business Benefits with Security, Governance and Assurance Perspectives, is available as a free download from www.isaca.org/cloud.
Cloud computing offers enterprises the ability to reduce IT infrastructure costs through a model of paying for service on demand. This requires less upfront capital expenditure and allows businesses to benefit from the ability to efficiently ramp up and power down based on current needs, as well as the flexibility to introduce new IT services.
“One way of describing cloud computing is to compare it to a utility,” said Jeff Spivey, trustee for the IT Governance Institute, which is affiliated with ISACA, and director of Security Risk Management, Inc. “In the same way businesses pay for the amount of electricity, gas and water that they use, there is now the ability to pay for IT services based on how much is consumed.”
As with any new advancement, though, there are many facets to consider.
“The benefits of cloud computing are tremendous, but it also creates new risks and security concerns,” added Spivey. “Through cloud computing, IT services can be contracted through an external provider, so new governance and control approaches are needed to ensure flexibility, resilience and security.”
According to the white paper, in addition to the financial savings involved with cloud computing, one of this model’s strengths is for enterprises to streamline processes and increase innovation. This can translate into more reliable backup, more satisfied customers, increased scalability and possibly even higher margins.
While the risks associated with cloud computing may be similar to business IT risks already addressed, enterprises may need to adjust their policies and procedures to focus on the new dynamic environment. The white paper also delivers effective strategies for mitigating risks and addressing assurance issues related to cloud computing.
“The cloud represents a major change in the way computing resources will be utilized,” said Spivey. “By addressing many of these issues in advance, and with the involvement of a broad range of stakeholders, enterprises can gain significant advantage with appropriate control.”
In recognition of new risks around this emergent technology, ISACA has become an affiliate of the Cloud Security Alliance, which collaborated on this paper and will be involved in joint projects with ISACA in the future (www.cloudsecurityalliance.org).
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.
ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business, and publishes the Business Model for Information Security.
Contact:
Kristen Kessinger, ISACA, +1.847.660.5512, news@isaca.org
Thursday, October 29, 2009
Wednesday, October 21, 2009
Survey: Employees Plan to Spend Nearly Two Full Work Days Shopping for the Holidays Using Work Computers
ISACA research reveals major gap between employee’s online behaviors and business expectations
Rolling Meadows, IL, USA (21 October 2009)—Employees plan to spend nearly two full working days (14.4 hours) on average shopping online from a work computer this holiday season, according to a survey conducted on behalf of ISACA, a nonprofit association of 86,000 information technology (IT) professionals. One in 10 plans to spend at least 30 hours shopping online at work. Convenience (34%) and boredom (23%) are the biggest motivators, according to those polled.
Despite an economy expected to show flat or declining holiday retail sales, the second annual “Shopping on the Job: Online Holiday Shopping and Workplace Internet Safety” survey found that fully half of those surveyed plan to shop online for the holidays using a work computer. Less surprising is a growing uncertainty—the number of employees who are unsure about whether they will spend more or less time shopping online compared to a year ago has doubled.
The potential danger of shopping online is that it can open the door to viruses, spam and phishing attacks that invade the workplace and cost enterprises thousands per employee in lost productivity and potentially millions in destruction or compromise of corporate data.
Employees who shop online using a work computer are also likely to engage in other high-risk behaviors. Survey participants also bank online (51%), click on e-mail links redirecting them to shopping sites (40%) and click on links from social network sites (15%). Yet nearly one in five says they are not concerned that their online shopping habits may affect the safety of their organization’s IT infrastructure.
“With the Internet now available to almost any employee in the workplace, it’s unrealistic to think that companies can completely stop the use of work computers for online shopping,” said Robert Stroud, international vice president of ISACA and vice president of IT service management and governance for the service management business unit at CA Inc. “What companies can and should do is educate employees about the risks of online shopping and remind them of their company’s security policy. This is especially important this year, when the convenience of shopping online may be very appealing to employees whose workloads have doubled or tripled because of downsizing.”
Upwardly Mobile Shopping
This survey also found that more than one in 10 Americans who use a mobile work device such as a BlackBerry or iPhone plan to use it for holiday shopping. The increasing use of mobile work devices for personal business such as shopping can lead to additional security issues and exposure to data loss for a company.
“The lines between work and personal data are becoming more and more blurred as a growing number of people check work e-mail from their own phone or PDA, or use a work-supplied mobile device to shop or update their Facebook page. As our mobility increases, so does the risk to our corporate IT systems,” said John Pironti, a member of ISACA’s Certification Task Force and chief information risk strategist for Archer Technologies.
A significant percentage of those surveyed do not actively manage their work computer’s security. Thirty percent report that they leave security up to their company’s IT department. Of those who connect via a wireless connection, 30% don’t or don’t know how to check the security of wireless settings and just 21% personally check their work computer for the most recent security patches.
Reality Gap Between Employees and the IT Department
A separate ISACA survey of more than 1,500 IT professionals, who are ISACA members in nine countries, conducted during the same time period shows a major gap between what the IT department believes and what the employees are planning when it comes to online holiday shopping. Close to half (48%) of those in IT believe employees will spend just over one work day, or nine hours, shopping online from a work computer—yet ISACA’s consumer survey shows that employees will average closer to two work days, or 14.4 hours.
IT professionals are realistic about the potentially staggering costs of shopping online for the holidays from workplace computers. One in four estimates that their company will lose US $15,000 or more per employee in productivity during this year’s holiday season.
“The reality gap between the IT department’s perceptions and the online shopping behaviors of the rest of the company actually represents an important opportunity for IT,” said Paul Williams, a member of ISACA’s Governance Advisory Council and a past president of the association. “By educating employees and communicating common-sense online policies, IT can better protect one of the most critical assets a company has—its IT systems.”
5 Tips for Safe Shopping From the Office Computer
ISACA recommends that employees and IT departments take the following steps to reduce the risk of spam, viruses and accidental downloading of backdoor “agents” that can highjack corporate data.
For online shoppers:
1) Use your desktop PC, not your mobile device, to shop, because your desktop browser is likely to be more secure.
2) Protect sensitive information, like credit card numbers, by password-protecting both your mobile device and its memory card.
3) Make sure you update your anti-virus and anti-malware programs continually.
4) Treat social networking sites with the same caution as other web sites—social sites are a growing target for fraudsters and virus writers.
5) Be cautious of special offers. If it looks too good to be true, it probably is. Fake online offers and coupons may lead to harmful sites, so be suspicious.
For the IT department:
1) Educate employees. Blocking sites can do more harm than good, causing employees to seek out less secure ways to get around your blockade. Education works better.
2) Get employees on board with learning by teaching them how to protect both their work computers and their home computers.
3) Reinforce what you teach by having employees sign an acceptable-use policy every year.
4) Offer a “safe zone” for holiday shopping—create an online sandbox that can be taken down after the holidays.
5) Don’t wait until Cyber Monday to step up security. Think of “Cyber Season” as the time from September to January and be extra-diligent throughout that time.
About the ISACA Shopping on the Job Survey
The second annual “Shopping on the Job: Online Holiday Shopping and Workplace Internet Safety” survey is based on online polling in September 2009 of 1,210 US consumers and 1,513 IT professionals. The IT portion of the study provides the business/IT department’s perspective, polling members of ISACA in nine countries: the US, Canada, Mexico, the UK, France, Germany, Hong Kong, India and Australia. The study, which was designed to capture insights about online holiday shopping at work and employee compliance with workplace policies governing online shopping, was conducted by M/A/R/C Research and ISACA, respectively. The M/A/R/C study results contain a margin of error of 3.9% at the 95% confidence level.
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.
ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business, and publishes the Business Model for Information Security.
Contact:
Kristen Kessinger, ISACA, +1.847.660.5512, news@isaca.org
Marv Gellman, Ketchum, +1.646.935.3907, marv.gellman@ketchum.com
Rolling Meadows, IL, USA (21 October 2009)—Employees plan to spend nearly two full working days (14.4 hours) on average shopping online from a work computer this holiday season, according to a survey conducted on behalf of ISACA, a nonprofit association of 86,000 information technology (IT) professionals. One in 10 plans to spend at least 30 hours shopping online at work. Convenience (34%) and boredom (23%) are the biggest motivators, according to those polled.
Despite an economy expected to show flat or declining holiday retail sales, the second annual “Shopping on the Job: Online Holiday Shopping and Workplace Internet Safety” survey found that fully half of those surveyed plan to shop online for the holidays using a work computer. Less surprising is a growing uncertainty—the number of employees who are unsure about whether they will spend more or less time shopping online compared to a year ago has doubled.
The potential danger of shopping online is that it can open the door to viruses, spam and phishing attacks that invade the workplace and cost enterprises thousands per employee in lost productivity and potentially millions in destruction or compromise of corporate data.
Employees who shop online using a work computer are also likely to engage in other high-risk behaviors. Survey participants also bank online (51%), click on e-mail links redirecting them to shopping sites (40%) and click on links from social network sites (15%). Yet nearly one in five says they are not concerned that their online shopping habits may affect the safety of their organization’s IT infrastructure.
“With the Internet now available to almost any employee in the workplace, it’s unrealistic to think that companies can completely stop the use of work computers for online shopping,” said Robert Stroud, international vice president of ISACA and vice president of IT service management and governance for the service management business unit at CA Inc. “What companies can and should do is educate employees about the risks of online shopping and remind them of their company’s security policy. This is especially important this year, when the convenience of shopping online may be very appealing to employees whose workloads have doubled or tripled because of downsizing.”
Upwardly Mobile Shopping
This survey also found that more than one in 10 Americans who use a mobile work device such as a BlackBerry or iPhone plan to use it for holiday shopping. The increasing use of mobile work devices for personal business such as shopping can lead to additional security issues and exposure to data loss for a company.
“The lines between work and personal data are becoming more and more blurred as a growing number of people check work e-mail from their own phone or PDA, or use a work-supplied mobile device to shop or update their Facebook page. As our mobility increases, so does the risk to our corporate IT systems,” said John Pironti, a member of ISACA’s Certification Task Force and chief information risk strategist for Archer Technologies.
A significant percentage of those surveyed do not actively manage their work computer’s security. Thirty percent report that they leave security up to their company’s IT department. Of those who connect via a wireless connection, 30% don’t or don’t know how to check the security of wireless settings and just 21% personally check their work computer for the most recent security patches.
Reality Gap Between Employees and the IT Department
A separate ISACA survey of more than 1,500 IT professionals, who are ISACA members in nine countries, conducted during the same time period shows a major gap between what the IT department believes and what the employees are planning when it comes to online holiday shopping. Close to half (48%) of those in IT believe employees will spend just over one work day, or nine hours, shopping online from a work computer—yet ISACA’s consumer survey shows that employees will average closer to two work days, or 14.4 hours.
IT professionals are realistic about the potentially staggering costs of shopping online for the holidays from workplace computers. One in four estimates that their company will lose US $15,000 or more per employee in productivity during this year’s holiday season.
“The reality gap between the IT department’s perceptions and the online shopping behaviors of the rest of the company actually represents an important opportunity for IT,” said Paul Williams, a member of ISACA’s Governance Advisory Council and a past president of the association. “By educating employees and communicating common-sense online policies, IT can better protect one of the most critical assets a company has—its IT systems.”
5 Tips for Safe Shopping From the Office Computer
ISACA recommends that employees and IT departments take the following steps to reduce the risk of spam, viruses and accidental downloading of backdoor “agents” that can highjack corporate data.
For online shoppers:
1) Use your desktop PC, not your mobile device, to shop, because your desktop browser is likely to be more secure.
2) Protect sensitive information, like credit card numbers, by password-protecting both your mobile device and its memory card.
3) Make sure you update your anti-virus and anti-malware programs continually.
4) Treat social networking sites with the same caution as other web sites—social sites are a growing target for fraudsters and virus writers.
5) Be cautious of special offers. If it looks too good to be true, it probably is. Fake online offers and coupons may lead to harmful sites, so be suspicious.
For the IT department:
1) Educate employees. Blocking sites can do more harm than good, causing employees to seek out less secure ways to get around your blockade. Education works better.
2) Get employees on board with learning by teaching them how to protect both their work computers and their home computers.
3) Reinforce what you teach by having employees sign an acceptable-use policy every year.
4) Offer a “safe zone” for holiday shopping—create an online sandbox that can be taken down after the holidays.
5) Don’t wait until Cyber Monday to step up security. Think of “Cyber Season” as the time from September to January and be extra-diligent throughout that time.
About the ISACA Shopping on the Job Survey
The second annual “Shopping on the Job: Online Holiday Shopping and Workplace Internet Safety” survey is based on online polling in September 2009 of 1,210 US consumers and 1,513 IT professionals. The IT portion of the study provides the business/IT department’s perspective, polling members of ISACA in nine countries: the US, Canada, Mexico, the UK, France, Germany, Hong Kong, India and Australia. The study, which was designed to capture insights about online holiday shopping at work and employee compliance with workplace policies governing online shopping, was conducted by M/A/R/C Research and ISACA, respectively. The M/A/R/C study results contain a margin of error of 3.9% at the 95% confidence level.
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.
ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business, and publishes the Business Model for Information Security.
Contact:
Kristen Kessinger, ISACA, +1.847.660.5512, news@isaca.org
Marv Gellman, Ketchum, +1.646.935.3907, marv.gellman@ketchum.com
Tuesday, August 4, 2009
Nine-country ISACA Survey: Two-thirds of Companies Not Fully Measuring IT Value, Neglecting Competitive Advantage
Rolling Meadows, IL, USA (4 August 2009)—
A nine-country survey of 1,217 IT professionals reveals that enterprises worldwide believe they are realizing value from their IT investments—yet they cannot be sure, as fewer than half have a shared understanding of value across the enterprise, and two-thirds fail to fully measure it.
Conducted by ISACA, an association of 86,000 IT governance, security and assurance professionals, the Value of IT Investments survey found that half of the respondents believe they are realizing between 50-74 percent of expected value from their IT investments, and nearly a fifth believe they are realizing 75-100 percent. Yet, half measure the actual value only “to some extent,” while one in 10 does not measure it at all.
At the same time, half of the respondents reported that accountability for such value measurements is delegated to the IT function itself, instead of remaining with the business, where it belongs. Full results of the survey can be obtained by contacting news@isaca.org.
John Thorp, chair of the Val IT Development Team for ISACA and president of the Thorp Network, commented, “The results of this survey reinforce findings from earlier studies that, while most enterprises feel they are realizing value from IT, few have a clear understanding of what value means, and even fewer measure it. This raises the question, ‘On what basis are spending decisions made?’ Additionally, enterprises that do not fully measure value are unable to determine which investments are successful and which need to be cut—and thereby are likely to miss out on revenue-generating opportunities, pursue unsuccessful investments and neglect competitive advantage.”
Adds Thorp, “These findings support the results of a number of other studies, anecdotal evidence and my own experience that most decisions related to value from IT are subjective, and all too often are based on perception and emotion rather than on facts. Organizations will not come close to realizing the full value of their IT investments until they adopt effective value management practices and assign accountability for the realization of value from those investments to the board and CEO, rather than abdicating it to the CIO.”
Thorp’s view regarding the lack of business accountability for value from increasingly significant and complex IT-related investments is reflected in the 49 percent of respondents stating that the CIO or IT managers are responsible for ensuring that stakeholder returns on such investments are optimized. Only 15 percent said responsibility lies with the board, 11 percent the CEO and 9 percent the CFO. Remarkably, 8 percent said no one was responsible.
On a positive note, 76 percent of respondents are aware of the Val IT framework, and 44 percent of organizations questioned have such a framework or guidelines in place to select the investment that will result in the highest value.
Additionally, despite the challenging economy, 30 percent of companies are increasing their investments in IT this year, while only 13 percent plan to reduce spending and 14 percent plan to freeze it at the current level. In the UK this average isn’t replicated, as just 19 percent of organizations intend to increase their investment while 20 percent plan to cut spending across the board.
Interestingly, among the benefits organizations receive from their IT-related investments, respondents cited “improved customer service” (35 percent) and “cost reduction” (24 percent) as the two most important. Somewhat surprisingly, only 16 percent named “new or improved products and services” as the top benefit. India stands out, with improved customer service as the top-ranked benefit, at 45 percent.
“Organizations should be careful not to ignore the value-generating opportunities of IT in favor of cost cutting. IT has the power to add competitive advantage and significant business value, so it is critical to focus on those opportunities—particularly in troubled economic times,” said Robert Stroud, CGEIT, international vice president of ISACA. “The implementation of Val IT can help enterprises identify more effective metrics, leading to successful investments in IT projects that better align with the strategic goals of their business.”
The survey identified some regional differences—specifically between established economies and fast-growing ones. Of the nine countries surveyed—Australia, Canada, France, Germany, Hong Kong, India, Mexico, the UK and the US—the India-based participants were the most advanced in adopting effective value management practices and assigning accountability for those investments to the business. Seventy percent of respondents’ organizations in India have a framework for selecting the IT-related investments that will result in the greatest value and 57 percent fully measure value. In addition, almost half of Indian organizations are increasing IT-related investment based on potential or expected contribution to business value, and 63 percent said there is a cross-departmental understanding of what constitutes value in IT investment—a figure significantly lower in the UK, at just 22 percent, and the US, at 34 percent. Top-down management responsibility for optimizing IT investment was also evident, with one-third of respondents indicating board or board chair level.
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.
ISACA publishes the COBIT® and Val IT™ frameworks, available as free downloads at www.isaca.org/cobit and www.isaca.org/valit, as well as the upcoming Risk IT framework. The Val IT framework provides organizations with the structure to measure, monitor and optimize the business value realized from IT-related investments.
Contact:
Kristen Kessinger, +1.847.660.5512, news@isaca.org
A nine-country survey of 1,217 IT professionals reveals that enterprises worldwide believe they are realizing value from their IT investments—yet they cannot be sure, as fewer than half have a shared understanding of value across the enterprise, and two-thirds fail to fully measure it.
Conducted by ISACA, an association of 86,000 IT governance, security and assurance professionals, the Value of IT Investments survey found that half of the respondents believe they are realizing between 50-74 percent of expected value from their IT investments, and nearly a fifth believe they are realizing 75-100 percent. Yet, half measure the actual value only “to some extent,” while one in 10 does not measure it at all.
At the same time, half of the respondents reported that accountability for such value measurements is delegated to the IT function itself, instead of remaining with the business, where it belongs. Full results of the survey can be obtained by contacting news@isaca.org.
John Thorp, chair of the Val IT Development Team for ISACA and president of the Thorp Network, commented, “The results of this survey reinforce findings from earlier studies that, while most enterprises feel they are realizing value from IT, few have a clear understanding of what value means, and even fewer measure it. This raises the question, ‘On what basis are spending decisions made?’ Additionally, enterprises that do not fully measure value are unable to determine which investments are successful and which need to be cut—and thereby are likely to miss out on revenue-generating opportunities, pursue unsuccessful investments and neglect competitive advantage.”
Adds Thorp, “These findings support the results of a number of other studies, anecdotal evidence and my own experience that most decisions related to value from IT are subjective, and all too often are based on perception and emotion rather than on facts. Organizations will not come close to realizing the full value of their IT investments until they adopt effective value management practices and assign accountability for the realization of value from those investments to the board and CEO, rather than abdicating it to the CIO.”
Thorp’s view regarding the lack of business accountability for value from increasingly significant and complex IT-related investments is reflected in the 49 percent of respondents stating that the CIO or IT managers are responsible for ensuring that stakeholder returns on such investments are optimized. Only 15 percent said responsibility lies with the board, 11 percent the CEO and 9 percent the CFO. Remarkably, 8 percent said no one was responsible.
On a positive note, 76 percent of respondents are aware of the Val IT framework, and 44 percent of organizations questioned have such a framework or guidelines in place to select the investment that will result in the highest value.
Additionally, despite the challenging economy, 30 percent of companies are increasing their investments in IT this year, while only 13 percent plan to reduce spending and 14 percent plan to freeze it at the current level. In the UK this average isn’t replicated, as just 19 percent of organizations intend to increase their investment while 20 percent plan to cut spending across the board.
Interestingly, among the benefits organizations receive from their IT-related investments, respondents cited “improved customer service” (35 percent) and “cost reduction” (24 percent) as the two most important. Somewhat surprisingly, only 16 percent named “new or improved products and services” as the top benefit. India stands out, with improved customer service as the top-ranked benefit, at 45 percent.
“Organizations should be careful not to ignore the value-generating opportunities of IT in favor of cost cutting. IT has the power to add competitive advantage and significant business value, so it is critical to focus on those opportunities—particularly in troubled economic times,” said Robert Stroud, CGEIT, international vice president of ISACA. “The implementation of Val IT can help enterprises identify more effective metrics, leading to successful investments in IT projects that better align with the strategic goals of their business.”
The survey identified some regional differences—specifically between established economies and fast-growing ones. Of the nine countries surveyed—Australia, Canada, France, Germany, Hong Kong, India, Mexico, the UK and the US—the India-based participants were the most advanced in adopting effective value management practices and assigning accountability for those investments to the business. Seventy percent of respondents’ organizations in India have a framework for selecting the IT-related investments that will result in the greatest value and 57 percent fully measure value. In addition, almost half of Indian organizations are increasing IT-related investment based on potential or expected contribution to business value, and 63 percent said there is a cross-departmental understanding of what constitutes value in IT investment—a figure significantly lower in the UK, at just 22 percent, and the US, at 34 percent. Top-down management responsibility for optimizing IT investment was also evident, with one-third of respondents indicating board or board chair level.
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.
ISACA publishes the COBIT® and Val IT™ frameworks, available as free downloads at www.isaca.org/cobit and www.isaca.org/valit, as well as the upcoming Risk IT framework. The Val IT framework provides organizations with the structure to measure, monitor and optimize the business value realized from IT-related investments.
Contact:
Kristen Kessinger, +1.847.660.5512, news@isaca.org
Friday, July 24, 2009
Security by Compliance Is No Longer Working: ISACA Leader Calls for Fundamental Changes to Information Security
Los Angeles, CA, USA (22 July 2009)— At ISACA’s International Conference in Los Angeles yesterday, security professional John Pironti called for a sweeping change in how enterprises deal with information security.
“Security by compliance is no longer working,” said Pironti, who is president of IP Architects and an ISACA volunteer. “The number and impact of security breaches have dramatically increased in the last couple of years, even though companies were in compliance with standards like PCI, GLBA, FFIEC, FISMA and others.”
If organizations continue to focus on security by compliance, he argues, the adversaries will continue to win as their attacks become more effective and more damaging. “Compliance can be a good starting point for securing information infrastructure and data if an organization has not put anything in place previously, but it cannot be the end point of the conversation.”
“We need to change the fundamental approach to the way enterprises deal with information protection,” Pironti said in his “Information Security 2.0” presentation at ISACA’s conference. “We need to stop thinking about information security and start thinking about information risk management.”
Information risk management requires more input from and decisions made by the business, instead of solely by security professionals and regulators.
Explaining the difference between the two, Pironti said, “Information security sets the tone for organizations that forces them to put measures in place that may actually end up preventing the business from being successful. Risk management gives the organization the power to make the security decisions that align with its business requirements and then implement appropriate controls.”
Another critical change, according to Pironti, is to focus on protecting data and information instead of just technology.
“The technology is just a vessel for the data and has little value by itself. By focusing on the data, enterprises will be better prepared for the challenges that they may face from any adversary” Pironti said.
In addition to Pironti’s presentation, ISACA’s International Conference also featured the unveiling of Risk IT, a new IT enterprise risk management framework developed by ISACA. The framework will be publicly available as a free download in September.
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.
ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.
Contact:
Kristen Kessinger, +1.847.660.5512, kkessinger@isaca.org
Deborah Vohasek, +1.847.660.5566, dvohasek@isaca.org
Joanne Duffer, +1.847.660.5564, jduffer@isaca.org
“Security by compliance is no longer working,” said Pironti, who is president of IP Architects and an ISACA volunteer. “The number and impact of security breaches have dramatically increased in the last couple of years, even though companies were in compliance with standards like PCI, GLBA, FFIEC, FISMA and others.”
If organizations continue to focus on security by compliance, he argues, the adversaries will continue to win as their attacks become more effective and more damaging. “Compliance can be a good starting point for securing information infrastructure and data if an organization has not put anything in place previously, but it cannot be the end point of the conversation.”
“We need to change the fundamental approach to the way enterprises deal with information protection,” Pironti said in his “Information Security 2.0” presentation at ISACA’s conference. “We need to stop thinking about information security and start thinking about information risk management.”
Information risk management requires more input from and decisions made by the business, instead of solely by security professionals and regulators.
Explaining the difference between the two, Pironti said, “Information security sets the tone for organizations that forces them to put measures in place that may actually end up preventing the business from being successful. Risk management gives the organization the power to make the security decisions that align with its business requirements and then implement appropriate controls.”
Another critical change, according to Pironti, is to focus on protecting data and information instead of just technology.
“The technology is just a vessel for the data and has little value by itself. By focusing on the data, enterprises will be better prepared for the challenges that they may face from any adversary” Pironti said.
In addition to Pironti’s presentation, ISACA’s International Conference also featured the unveiling of Risk IT, a new IT enterprise risk management framework developed by ISACA. The framework will be publicly available as a free download in September.
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.
ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.
Contact:
Kristen Kessinger, +1.847.660.5512, kkessinger@isaca.org
Deborah Vohasek, +1.847.660.5566, dvohasek@isaca.org
Joanne Duffer, +1.847.660.5564, jduffer@isaca.org
Monday, June 29, 2009
New ISACA Survey Shows Strong Business Case for Implementing IT Governance Frameworks
Rolling Meadows, IL, USA (25 June 2009)—
Enterprises that effectively govern their information technology achieve their IT and business goals more frequently, according to a new study of 538 organizations worldwide. Commissioned by ISACA and conducted by the IT Alignment and Governance Research Institute, the study examined the business outcomes of implementing the COBIT and Val IT frameworks.
Results of the study are published in Building the Business Case for COBIT and Val IT: Executive Briefing, available as a free download at www.isaca.org/downloads.
“The study revealed a strong relationship between the implementation of COBIT and Val IT processes and the achievement of IT goals—and a strong relationship between the achievement of IT goals and the achievement of business goals,” said Wim Van Grembergen, co-author of the report and professor at the University of Antwerp and the University of Antwerp Management School. “As a result, a strong business case exists that shows the benefits enterprises achieve when using COBIT and Val IT.”
The survey also identified which COBIT and Val IT processes are most frequently—and fully—implemented.
“The results show that enterprises are still focusing more on operational issues—implementation, delivery and support—than on the equally important planning and monitoring issues, indicating that there is room for improvement,” said Steven De Haes, also a co-author of the report and professor at the University of Antwerp and University of Antwerp Management School.
According to respondents, most of the top five most fully implemented COBIT processes at organizations around the world are in the Deliver and Support (DS) domain, with one each in the Acquire and Implement (AI) and the Monitor and Evaluate (ME) domains:
1. Manage the physical environment. (DS12)
2. Manage service desk and incidents. (DS8)
3. Acquire and maintain technology infrastructure. (AI3)
4. Ensure systems security. (DS5)
5. Ensure compliance with external requirements. (ME3)
While many similar findings existed among regions, some key differences were identified. European organizations, for instance, reported a fuller implementation status than most North American and Asian enterprises, particularly for P09 Assess and manage IT risks. This finding is likely due to the impact of regulatory requirements such as Basel II. North America reported the highest implementation score for ME2 Monitor and evaluate internal control—likely due to the Sarbanes-Oxley Act. Asia outperformed other regions for AI1 Identify automated solutions, which is most likely explained by the presence of many outsourced service providers that develop systems.
A complimentary download of COBIT, a globally accepted set of tools that ensures IT is working as effectively as possible to minimize IT-related risks and maximize controls, is available at www.isaca.org/cobit. Val IT, a comprehensive collection of proven management practices and techniques for investment in business change and innovation, is available as a free download at www.isaca.org/valit.
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.
ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.
Contact:
Kristen Kessinger, +1.847.660.5512, kkessinger@isaca.org
Deborah Vohasek, +1.847.660.5566, dvohasek@isaca.org
Joanne Duffer, +1.847.660.5564, jduffer@isaca.org
Friday, June 19, 2009
New ISACA Guide Helps Organizations Manage Application Controls
Rolling Meadows, IL, USA (18 June 2009)—
Virtually every aspect of day-to-day business activity is dependent on timely, accurate and reliable information—information that is generated, processed, accumulated, stored and reported by automated information systems. Because this information is so critical, it is essential for risks in the underlying application systems that process the information to be managed and controlled.
COBIT and Application Controls, a new guide from the nonprofit IT assurance, security and governance association ISACA, helps business and IT managers, IT developers, and internal and external auditors implement and manage application controls.
The publication is structured based on the life cycle of application systems—from defining requirements through providing assurance on application controls. The concepts presented apply to both new and existing legacy application systems. The book also offers guidance on:
· The definition and nature of application controls (addressing the six application controls discussed in COBIT)
· The design and operation of application controls
· Relationships and dependencies that application controls have with other controls, such as IT general controls
·
The responsibilities of business and IT management
“While IT application controls have always been important, the rise in related legislation around the world has given them even more prominence in all enterprises,” said Gary Hardy, a developer of the ISACA publication. “COBIT, which was developed and is continually updated by ISACA, is based on industry standards and best practices and enables enterprises to reduce IT-related risks, increase confidence in the information provided by IT and help manage compliance. This publication builds on the globally respected COBIT framework by providing practical direction for effective application controls.”
COBIT and Application Controls is available as a free download for ISACA members at www.isaca.org/downloads. Nonmembers can purchase a PDF for US $55 from the ISACA Bookstore (www.isaca.org/bookstore). Print copies are US $35 for members and US $75 for nonmembers.
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.
ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.
Contact:
Kristen Kessinger, +1.847.660.5512, kkessinger@isaca.org
Deborah Vohasek, +1.847.660.5566, dvohasek@isaca.org
Joanne Duffer, +1.847.660.5564, jduffer@isaca.org
Virtually every aspect of day-to-day business activity is dependent on timely, accurate and reliable information—information that is generated, processed, accumulated, stored and reported by automated information systems. Because this information is so critical, it is essential for risks in the underlying application systems that process the information to be managed and controlled.
COBIT and Application Controls, a new guide from the nonprofit IT assurance, security and governance association ISACA, helps business and IT managers, IT developers, and internal and external auditors implement and manage application controls.
The publication is structured based on the life cycle of application systems—from defining requirements through providing assurance on application controls. The concepts presented apply to both new and existing legacy application systems. The book also offers guidance on:
· The definition and nature of application controls (addressing the six application controls discussed in COBIT)
· The design and operation of application controls
· Relationships and dependencies that application controls have with other controls, such as IT general controls
·
The responsibilities of business and IT management
“While IT application controls have always been important, the rise in related legislation around the world has given them even more prominence in all enterprises,” said Gary Hardy, a developer of the ISACA publication. “COBIT, which was developed and is continually updated by ISACA, is based on industry standards and best practices and enables enterprises to reduce IT-related risks, increase confidence in the information provided by IT and help manage compliance. This publication builds on the globally respected COBIT framework by providing practical direction for effective application controls.”
COBIT and Application Controls is available as a free download for ISACA members at www.isaca.org/downloads. Nonmembers can purchase a PDF for US $55 from the ISACA Bookstore (www.isaca.org/bookstore). Print copies are US $35 for members and US $75 for nonmembers.
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.
ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.
Contact:
Kristen Kessinger, +1.847.660.5512, kkessinger@isaca.org
Deborah Vohasek, +1.847.660.5566, dvohasek@isaca.org
Joanne Duffer, +1.847.660.5564, jduffer@isaca.org
Monday, June 8, 2009
ISACA’s CISA Certification Earns 2009 SC Magazine Award for Best Professional Certification Program
Rolling Meadows, IL, USA (23 April 2009)—
ISACA, a nonprofit association serving more than 86,000 IT governance professionals in 160 countries, has been recognized with an SC Magazine 2009 Professional Award. ISACA’s Certified Information Systems Auditor (CISA) designation was selected as the winner of the Best Professional Certification Program, and its Certified Information Security Manager (CISM) certification was named a finalist.
The award, which recognizes ISACA’s outstanding achievement in IT security, was presented Tuesday at the exclusive SC Awards Gala, held in conjunction with the annual RSA Conference in San Francisco, California, USA.
The CISA certification has been earned by more than 60,000 professionals since its inception in 1978. It is recognized internationally as the global standard for IS audit, control and security professionals. CISM, introduced in 2002, has been earned by more than 10,000 professionals.
“We are honored that ISACA’s commitment to the information security field has been recognized by SC Magazine’s distinguished award program,” said Lynn Lawton, CISA, FBCS CITP, FCA, FIIA. “The CISA and CISM designations are based on real-world professional experience and are highly regarded by employers and information security professionals seeking to advance their careers.”
ISACA’s CISA and other 2009 Professional Awards winners were chosen by a panel of 22 judges from major corporations and public-sector organizations that were hand-picked by SC Magazine’s editorial team for their breadth of knowledge and experience in the information security industry. The awards highlight and showcase the best solutions, services and professionals, while recognizing achievement and technical excellence in the information security industry. With almost 700 entries submitted in 30 categories, the 2009 SC Awards were the most competitive yet in the program’s 12-year history.
“ISACA represents one of the industry’s beacons of leadership, and the 2009 SC Awards judges have given it this high distinction for its innovative contributions to IT security over the past year,” said Illena Armstrong, editor in chief, SC Magazine.
For more information and a detailed list of categories and winners, please visit www.scmagazineus.com/awards. Additional information on ISACA’s CISA and CISM certifications, as well as the new Certified in the Governance of Enterprise IT (CGEIT) designation, is available at www.isaca.org/certification.
ISACA
With more than 86,000 constituents in more than 160 countries, ISACA (http://www.isaca.org/) is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor (CISA) designation, earned by more than 60,000 professionals since 1978; the Certified Information Security Manager (CISM) designation, earned by more than 10,000 professionals since 2002; and the new Certified in the Governance of Enterprise IT (CGEIT) designation.
About SC Magazine
SC Magazine provides IT security professionals with in-depth and unbiased information through timely news, comprehensive analysis, cutting-edge features, contributions from thought-leaders and the best, most extensive collection of product reviews in the business. By offering a consolidated view of IT security through independent product tests and well-researched editorial content that provides the contextual backdrop for how these IT security tools will address larger demands put on businesses today, SC Magazine enables IT security pros to make the right security decisions for their companies. The brand’s portfolio includes the SC Awards, SC Directory, SC Magazine Newswire and SC World Congress.
Contact:
Kristen Kessinger, +1.847.660.5512, kkessinger@isaca.org
Deborah Vohasek, +1.847.660.5566, dvohasek@isaca.org
Joanne Duffer, +1.847.660.5564, jduffer@isaca.org
ISACA3701 Algonquin Road, Suite 1010Rolling Meadows, IL 60008USA
ISACA, a nonprofit association serving more than 86,000 IT governance professionals in 160 countries, has been recognized with an SC Magazine 2009 Professional Award. ISACA’s Certified Information Systems Auditor (CISA) designation was selected as the winner of the Best Professional Certification Program, and its Certified Information Security Manager (CISM) certification was named a finalist.
The award, which recognizes ISACA’s outstanding achievement in IT security, was presented Tuesday at the exclusive SC Awards Gala, held in conjunction with the annual RSA Conference in San Francisco, California, USA.
The CISA certification has been earned by more than 60,000 professionals since its inception in 1978. It is recognized internationally as the global standard for IS audit, control and security professionals. CISM, introduced in 2002, has been earned by more than 10,000 professionals.
“We are honored that ISACA’s commitment to the information security field has been recognized by SC Magazine’s distinguished award program,” said Lynn Lawton, CISA, FBCS CITP, FCA, FIIA. “The CISA and CISM designations are based on real-world professional experience and are highly regarded by employers and information security professionals seeking to advance their careers.”
ISACA’s CISA and other 2009 Professional Awards winners were chosen by a panel of 22 judges from major corporations and public-sector organizations that were hand-picked by SC Magazine’s editorial team for their breadth of knowledge and experience in the information security industry. The awards highlight and showcase the best solutions, services and professionals, while recognizing achievement and technical excellence in the information security industry. With almost 700 entries submitted in 30 categories, the 2009 SC Awards were the most competitive yet in the program’s 12-year history.
“ISACA represents one of the industry’s beacons of leadership, and the 2009 SC Awards judges have given it this high distinction for its innovative contributions to IT security over the past year,” said Illena Armstrong, editor in chief, SC Magazine.
For more information and a detailed list of categories and winners, please visit www.scmagazineus.com/awards. Additional information on ISACA’s CISA and CISM certifications, as well as the new Certified in the Governance of Enterprise IT (CGEIT) designation, is available at www.isaca.org/certification.
ISACA
With more than 86,000 constituents in more than 160 countries, ISACA (http://www.isaca.org/) is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor (CISA) designation, earned by more than 60,000 professionals since 1978; the Certified Information Security Manager (CISM) designation, earned by more than 10,000 professionals since 2002; and the new Certified in the Governance of Enterprise IT (CGEIT) designation.
About SC Magazine
SC Magazine provides IT security professionals with in-depth and unbiased information through timely news, comprehensive analysis, cutting-edge features, contributions from thought-leaders and the best, most extensive collection of product reviews in the business. By offering a consolidated view of IT security through independent product tests and well-researched editorial content that provides the contextual backdrop for how these IT security tools will address larger demands put on businesses today, SC Magazine enables IT security pros to make the right security decisions for their companies. The brand’s portfolio includes the SC Awards, SC Directory, SC Magazine Newswire and SC World Congress.
Contact:
Kristen Kessinger, +1.847.660.5512, kkessinger@isaca.org
Deborah Vohasek, +1.847.660.5566, dvohasek@isaca.org
Joanne Duffer, +1.847.660.5564, jduffer@isaca.org
ISACA3701 Algonquin Road, Suite 1010Rolling Meadows, IL 60008USA
3,000 Professionals Earn ISACA’s New CGEIT Certification
Rolling Meadows, Illinois, USA (23 April 2009)—
Established in late 2007, ISACA’s Certified in the Governance of Enterprise IT (CGEIT) credential has already been earned by 3,000 professionals.
The CGEIT certification is awarded to those who meet stringent requirements, which include passing the exam and providing proof of experience, or being accepted through the grandfathering provision, which ended in December. The first CGEIT exam was administered in December 2008, and the 2009 CGEIT exams will be held on 13 June and 12 December.
“ISACA has experienced overwhelming demand for the new CGEIT certification,” said Howard Nicholson, chair of the CGEIT Certification Board. “It is clear that governance of enterprise IT is a top-of-mind issue and that a credential indicating experience in that area is in great demand by professionals who want to further set themselves apart and provide valuable contributions to their businesses.”
ISACA, a nonprofit professional association serving more than 86,000 IT governance professionals worldwide, established the CGEIT certification to recognize those who have the professional knowledge, skills and business experience to maximize information technology’s (IT’s) contribution to an enterprise’s success, and manage and mitigate risks posed by IT.
The CGEIT certification helps:
· Support the growing business demands related to IT governance
· Increase the awareness and importance of IT governance good practices and issues
· Define the roles and responsibilities of the professionals performing IT governance work
The CGEIT designation is the third certification offered by ISACA. In 1978, ISACA established the Certified Information Systems Auditor (CISA) designation, which has been earned by more than 60,000 professionals since inception. In 2002, the CISM certification was introduced. It has since been earned by more than 10,000 professionals. Both designations are accredited by the American National Standards Institute (ANSI) under ISO/IEC 17024:2003 and are consistently rated among the highest-value certifications by independent consultancy Foote Partners LLC. Additional information on all three of the certifications is available at www.isaca.org/certification.
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA (http://www.isaca.org/) is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA Journal, and develops international information systems auditing and control standards. It also administers the globally respected CISA, CISM and CGEIT certifications.
Contact:
Kristen Kessinger, +1.847.660.5512, kkessinger@isaca.org
Deborah Vohasek, +1.847.660.5566, dvohasek@isaca.org
Joanne Duffer, +1.847.660.5564, jduffer@isaca.org
Established in late 2007, ISACA’s Certified in the Governance of Enterprise IT (CGEIT) credential has already been earned by 3,000 professionals.
The CGEIT certification is awarded to those who meet stringent requirements, which include passing the exam and providing proof of experience, or being accepted through the grandfathering provision, which ended in December. The first CGEIT exam was administered in December 2008, and the 2009 CGEIT exams will be held on 13 June and 12 December.
“ISACA has experienced overwhelming demand for the new CGEIT certification,” said Howard Nicholson, chair of the CGEIT Certification Board. “It is clear that governance of enterprise IT is a top-of-mind issue and that a credential indicating experience in that area is in great demand by professionals who want to further set themselves apart and provide valuable contributions to their businesses.”
ISACA, a nonprofit professional association serving more than 86,000 IT governance professionals worldwide, established the CGEIT certification to recognize those who have the professional knowledge, skills and business experience to maximize information technology’s (IT’s) contribution to an enterprise’s success, and manage and mitigate risks posed by IT.
The CGEIT certification helps:
· Support the growing business demands related to IT governance
· Increase the awareness and importance of IT governance good practices and issues
· Define the roles and responsibilities of the professionals performing IT governance work
The CGEIT designation is the third certification offered by ISACA. In 1978, ISACA established the Certified Information Systems Auditor (CISA) designation, which has been earned by more than 60,000 professionals since inception. In 2002, the CISM certification was introduced. It has since been earned by more than 10,000 professionals. Both designations are accredited by the American National Standards Institute (ANSI) under ISO/IEC 17024:2003 and are consistently rated among the highest-value certifications by independent consultancy Foote Partners LLC. Additional information on all three of the certifications is available at www.isaca.org/certification.
About ISACA
With more than 86,000 constituents in more than 160 countries, ISACA (http://www.isaca.org/) is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA Journal, and develops international information systems auditing and control standards. It also administers the globally respected CISA, CISM and CGEIT certifications.
Contact:
Kristen Kessinger, +1.847.660.5512, kkessinger@isaca.org
Deborah Vohasek, +1.847.660.5566, dvohasek@isaca.org
Joanne Duffer, +1.847.660.5564, jduffer@isaca.org
Monday, March 9, 2009
2009 Spring Seminar - Computer Forensics for Security & Audit Professionals
ISACA® San Antonio will be hosting this two-day course given by Canaudit Inc.
This course will give participants the necessary skills to identify an intruder’s footprints and to properly gather the necessary evidence to prosecute. Many of today’s top tools of the forensic trade will be demonstrated during this course, including software, hardware and specialized techniques.
Cost of Seminar:
This course will give participants the necessary skills to identify an intruder’s footprints and to properly gather the necessary evidence to prosecute. Many of today’s top tools of the forensic trade will be demonstrated during this course, including software, hardware and specialized techniques.
Cost of Seminar:
- $395 for ISACA® Members If registered by March 22, 2009
- $445 for ISACA® Members If registered after March 23, 2009
- $520 for Non ISACA® Members
RSVP to seminars@saisaca.org and please visit http://saisaca.org/springseminar for more information!
Tuesday, February 17, 2009
SA ISACA Review Course Presenters Needed
The ongoing excellence of the CISA program requires a great deal of volunteer support. Please consider presenting one of the chapters of the San Antonio CISA Review Course. It not only prepares students for passing the CISA examination, but also offers valuable training experience for newer Information Technology Auditors.
Event: CISA Review Course Speakers
Event Dates: April 18th, 25th, May 2nd, 9th, 16th, and 23rd
Event Time: 7:30a.m. – 12: 00 p.m.
Event Location: Norris Conference Center – Crossroads Mall
Primary Responsibilities:
Present CISA exam materials that are designed to assist certification candidates in passing the exam. The review course follows materials outlined in ISACA developed review manuals.
Instructors are encouraged to add real-life experiences to the materials and are expected to help candidates with review questions. The instructor should be well versed on the material and should hold the applicable certification.
Food and beverage will be provided.
Number of Volunteers Needed:
The chapter is looking for one to six members that are willing to cover one or more domains.
Estimated Time Commitment:
9 hours per domain (includes 4.5 hours for prep time and 4.5 hours for presentation)
Contact: Certification Chair Gabriel Trevino at certification@saisaca.org
CISA Review Training Guide:
PowerPoint slides will be provided to each course trainer to prepare for the specific part of the course they will instruct.
CISA Review Course Contents:
CISA Certification Introduction
Chapter 1 – The IS Audit Process
Chapter 2 – IT Governance
Chapter 3 – Systems and Infrastructure Life Cycle Management
Chapter 4 – IT Service Delivery and Support
Chapter 5 – Protection of Information Assets
Chapter 6 – Business Continuity and Disaster Recovery
Trainer Requirements:
Trainer warrants and can provide evidence to demonstrate:
a. Technical experience, credentials (e.g., CISA) and knowledge commensurate with the
specific content within the Course being taught.
b. Knowledge of the learning objectives, timed outline, use of materials and presentation
format. Ability to teach the Course in a qualitative manner.
CPE Benefits: 9 hours per domain
Please contact our Certification Chair - Gabriel Trevino at certification@saisaca.org
Event: CISA Review Course Speakers
Event Dates: April 18th, 25th, May 2nd, 9th, 16th, and 23rd
Event Time: 7:30a.m. – 12: 00 p.m.
Event Location: Norris Conference Center – Crossroads Mall
Primary Responsibilities:
Present CISA exam materials that are designed to assist certification candidates in passing the exam. The review course follows materials outlined in ISACA developed review manuals.
Instructors are encouraged to add real-life experiences to the materials and are expected to help candidates with review questions. The instructor should be well versed on the material and should hold the applicable certification.
Food and beverage will be provided.
Number of Volunteers Needed:
The chapter is looking for one to six members that are willing to cover one or more domains.
Estimated Time Commitment:
9 hours per domain (includes 4.5 hours for prep time and 4.5 hours for presentation)
Contact: Certification Chair Gabriel Trevino at certification@saisaca.org
CISA Review Training Guide:
PowerPoint slides will be provided to each course trainer to prepare for the specific part of the course they will instruct.
CISA Review Course Contents:
CISA Certification Introduction
Chapter 1 – The IS Audit Process
Chapter 2 – IT Governance
Chapter 3 – Systems and Infrastructure Life Cycle Management
Chapter 4 – IT Service Delivery and Support
Chapter 5 – Protection of Information Assets
Chapter 6 – Business Continuity and Disaster Recovery
Trainer Requirements:
Trainer warrants and can provide evidence to demonstrate:
a. Technical experience, credentials (e.g., CISA) and knowledge commensurate with the
specific content within the Course being taught.
b. Knowledge of the learning objectives, timed outline, use of materials and presentation
format. Ability to teach the Course in a qualitative manner.
CPE Benefits: 9 hours per domain
Please contact our Certification Chair - Gabriel Trevino at certification@saisaca.org
ISACA Updates 10 IT Audit Programs
Rolling Meadows, IL, USA (5 February 2009) — ISACA has updated 10 key information technology (IT) audit/assurance programs that serve as road maps to help organizations improve controls and protect the privacy and security of their IT.
ISACA’s IT audit/assurance programs are used by enterprises around the world. The updated programs are based on ISACA’s IT Assurance Framework (ITAF), available as a free download at www.isaca.org/itaf. ITAF provides a single source from which IT audit and assurance professionals can seek guidance, research policies and procedures, obtain audit and assurance programs, and develop effective reports.
“IT audit and assurance professionals face a variety of audit assignments and constantly evolving regulations and good practices,” said Greg Grocholski, chair of ISACA’s Assurance Committee. “ISACA’s Audit/Assurance Programs help them succeed in any type of IT audit.”
The updated audit/assurance programs are:
· Change Management
· Generic Application
· Identity Management
· IT Continuity Planning
· Network Perimeter Security
· Outsourced IT Environments
· Security Incident Management
· Systems Development and Project Management
· UNIX/LINUX Operating System Security
· z/OS Security
Each program is designed for use by Certified Information Systems Auditors (CISAs) and IT assurance professionals with experience in the topic covered by the program.
All 10 programs are available as free downloads for ISACA members at www.isaca.org/assurance. Nonmembers can purchase electronic copies from the ISACA Bookstore (www.isaca.org/bookstore) for US $45 each. Additional audit programs are currently being updated and will be released later this year.
With more than 86,000 constituents in more than 160 countries, ISACA (http://www.isaca.org/) is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA Journal, and develops international information systems auditing and control standards. It also administers the CISA designation, earned by more than 60,000 professionals since 1978; the Certified Information Security Manager (CISM) designation, earned by more than 10,000 professionals since 2002; and the new Certified in the Governance of Enterprise IT (CGEIT) designation.
Contact:
Kristen Kessinger, +1.847.660.5512, kkessinger@isaca.org
Joanne Duffer, +1.847.660.5564, jduffer@isaca.org
Deborah Vohasek, +1.847.660.5566, dvohasek@isaca.org
Friday, January 30, 2009
Request for Research Participants
Dr. Nicole Beebe of UTSA is seeking research participants.
Volunteers are sought from all types of organizations (any industry, any size, public or private). Volunteers will participate in a one-on-one, confidential interview with the researcher.
Please go to the following site for more information: http://faculty.business.utsa.edu/nbeebe/research.htm
Volunteers are sought from all types of organizations (any industry, any size, public or private). Volunteers will participate in a one-on-one, confidential interview with the researcher.
Please go to the following site for more information: http://faculty.business.utsa.edu/nbeebe/research.htm
Thursday, January 8, 2009
Updated Website
Happy New Year!
We have been hard at work updating our website - www.saisaca.org
We have added many valuable resources to our local chapter site, such as an enhanced calendar, link to ISACA Career Centre, and this blog site.
Most importantly, we have revised the organization of content so that it is easier for you to find what you need as well as the ability to post informatin in a timely fashion.
If you have any comments or suggestions, please do not hesitate to email our webmaster at:
webmaster [at] saisaca [dot] org.
We have been hard at work updating our website - www.saisaca.org
We have added many valuable resources to our local chapter site, such as an enhanced calendar, link to ISACA Career Centre, and this blog site.
Most importantly, we have revised the organization of content so that it is easier for you to find what you need as well as the ability to post informatin in a timely fashion.
If you have any comments or suggestions, please do not hesitate to email our webmaster at:
webmaster [at] saisaca [dot] org.
Subscribe to:
Posts (Atom)
ISACA®.org
Posts
