ISACA Continues to Grow and Achieve in Challenging Times2009 was a year of challenges, achievements and change:
Emil D’Angelo, CISA, CISM, 2009-2010 ISACA International President
- ISACA published a significant amount of valuable guidance, including Risk IT: Based on COBIT®; Val IT™ Mapping: Mapping of Val IT™ 2.0 to MSP, PRINCE2 and ITIL V3; and Implementing and Continually Improving IT Governance.
- ISACA also conducted several studies, such as An Executive View of IT Governance and Building the Business Case for COBIT® and Val IT™: Executive Briefing.
- To fill the need for a comprehensive model to guide information security professionals, the association released an introduction to the Business Model for Information Security (BMIS), which is independent of any particular technology and is applicable across all industries, countries, and regulatory and legal systems. The full model will be released this year.
- 2009 marked the certification of the 70,000th Certified Information Systems Auditor™ (CISA®), as well as the 10,000th Certified Information Security Manager® (CISM®) and the 4,000th Certified in the Governance of Enterprise IT® (CGEIT®).
- The ISACA® Model Curriculum for Information Security Management was developed, as were 10 key IT audit/assurance programs.
- Always a leader in international education, ISACA held successful Computer Audit, Control and Security (CACSSM) conferences, ISACA® Training Week events, e-symposia and other events around the world, including the first ISACA virtual conference.
- ISACA joined the Cloud Security Alliance and issued a white paper, Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives.
- The association welcomed new chapters from Istanbul, Turkey; Kyiv, Ukraine; and Accra, Ghana. In addition, the Hong Kong Chapter expanded to include 1,700 members from mainland China, bringing its total membership to 3,500.
It is clear from these achievements that ISACA has grown tremendously over the years. The members of the board of directors and other ISACA leaders have long recognized the need to be prepared for the evolving requirements of the association’s constituent base. After much research, member input and professional counsel, ISACA introduced a new strategy in 2009 that is focused on delivering best-in-class services that will help reinforce its position as a leading organization.
This strategy review led ISACA leaders into a review of the association’s key messages, resulting in the following statement that clearly describes ISACA’s strengths and core focus. Please feel free to refer to this paragraph when discussing or describing ISACA to others:
As an independent, nonprofit, global membership association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. ISACA helps its members achieve individual and organizational success, resulting in greater trust in, and value from, information systems. Its members and certification holders are qualified and skilled professionals who make a difference.
To help further communicate ISACA’s ability to grow, adapt and deliver, it debuted a new tagline on 1 January 2010. The tagline, “Trust in, and value from, information systems,” reflects ISACA’s strong commitment to its core membership, while also welcoming change, new technologies and a broader scope of professional needs. In keeping with the new strategy, the tagline is also outcome-oriented. Trusted, valuable information systems are the result of what ISACA members do to ensure that their enterprise IT is appropriately governed, secured and assessed.
Volunteer Now to Help ISACA Grow
If you have been considering working on an ISACA task force, subcommittee, committee or board, or if you are interested in helping ISACA achieve the strategic initiatives that have been initiated over the past six months, now is the time to volunteer for the 2010-2011 term.
Whether you are an industry veteran or a novice in the field of IT audit, security and governance, volunteering with ISACA will provide you with a unique opportunity to expand your network of organization leaders and lend your input to developing educational programs, research papers and professional standards.
Five Tips to Take IT Governance to the Next Level
As enterprises work to mature the five focus areas of IT governance, they sometimes run into challenges. For the new year, try these tips to “get real” and take each area to the next level:
- Strategic alignment–Align to the real business environment faced by your sales team and customers, not just to internal service requests.
- Value management–Focus on how IT creates tangible value to real people in the real world, not just projects or operations.
- Risk management–Balance risk and return to improve real decisions. Risk is not just security or even just “bad things.” Taking risk is the path to earning return.
- Resource management–Optimize resources in the context of real business process, not just technology silos.
- Performance management–Create metrics based on strategy alignment in the real portfolio of business-IT activities.
Remember that IT governance requires continual capability improvement. Usually, it is what you do not know or are not watching that causes problems. Honestly evaluate your gaps and get the skills you need to close them. Have a great year!
For more information, see ISACA’s Board Briefing on IT Governance, 2nd Edition and Implementing and Continually Improving IT Governance.
Brian Barnier, CGEIT, is a principal at ValueBridge Advisors. He helps leaders improve business-IT cost structure management, shorten improvement cycle time and shape more insightful business performance metrics.
CISAs, CISMs and CGEITs Recognized
Disaster Recovery Institute International (DRII) recently recognized ISACA’s certification programs. Certified Information Systems Auditors (CISAs) qualify for the Certified Business Continuity Lead Auditor (CBLA) certification and get a bypass for the references portion of the application (experience). Holders of the Certified Information Security Manager (CISM) and Certified in the Governance of Enterprise IT (CGEIT) designations get a bypass for references (experience) and qualify for the Certified Business Continuity Auditor (CBCA).
In addition, if the DRII certification applicant holds a CISA certification in good standing, DRII offers a 10-percent discount on courses to that applicant.
If you are not yet ISACA-certified, improve your visibility with ISACA certifications. Certification will set you apart from your peers and give you a leg up in a competitive job market. You deserve a designation that exemplifies your experience as well as your knowledge. Click here to learn more about CISA, CISM or CGEIT certification.
Early-bird registration, which includes exam price discounts, for the June 2010 CISA, CISM and CGEIT exams is now available. Click on the respective link to learn more about the CISA, CISM or CGEIT exams.
St. Louis Chapter Making a Difference in Community
Members of the St. Louis Chapter are taking steps to help those less fortunate. Last fall, the chapter began implementing ways for its members, who are already coming together for meetings and seminars to earn continuing professional education (CPE) credits, to participate in an act of charity, just by attending an ISACA meeting.Each month, the ISACA St. Louis chapter features a charitable group or organization to help. For example, members brought to meetings:
- Cans of food for donation to a local food pantry in September
- Pairs of old eyeglasses for donation to the local Lions club in October
- New or gently used coats for NFL quarterback Kurt Warners’ Winter Warm-up coat drive in November
- New toys for the Marine Corps Toys for Tots campaign in December
The chapter plans to continue its efforts to help the local community and bring some positive awareness to the chapter. As an added incentive, for every donated item a member brings to a meeting, that member receives a coupon to be placed in the drawing for that meeting’s attendance prize.
2010 IT Job Predictions: Slow Recovery, Focus on Skills
IT research and advisory firm Foote Partners LLC has released its IT Labor Market Predictions for 2010, based on findings in US government job reports. Foote Partners’ predictions include the following:
- While IT unemployment has stabilized, IT jobs recovery will likely not happen in 2010. Foote Partners believes IT hiring overall will not pick up noticeably until late next year, and more likely 2011.
- Investments will be focused more on skills than on jobs in 2010.
- The IT services employment sector will be the first to recover, but recovery will differ depending on the company’s size. Large vendors will experience slow, steady growth. Small business consulting firms will continue to experience talent shortages.
- The Certified Information Systems Auditor (CISA) designation will be one of the hot IT certifications in 2010.
- IT security positions will be among the hot jobs for 2010. Unlike other technology job segments, pay and demand for security skills have risen steadily since 2007.
- Momentum will also build for managed IT services in 2010.
View the full summary of Foote Partners’ IT Labor Market Predictions for 2010.
E-symposia Reached Thousands of Members in 2009
2009 proved to be a great year for ISACA’s e-symposia. ISACA had record-breaking attendance for the April 2009 e-Symposium, “IT Audit: Challenges & Opportunities,” with more than 1,700 participants. Overall, an average of 1,271 ISACA members participated in each monthly event. One of the most popular and current topics was cloud computing in September, where there was a 43 percent increase in live participation from the previous month.
Have you participated in an ISACA e-symposia yet? If not, you are missing out on a great member benefit. Join us at the next event to discuss the hottest topics in IT today, get the opportunity to interact with the industry’s leading experts and earn three free continuing professional education (CPE) credits. This month’s event on 26 January, titled “Your Guide to Log Fundamentals: Measurement, Management and Methodology,” will address log management and compliance. The event will be sponsored by Tripwire and will feature Brian Bates speaking about security performance measurement and monitoring. Click here to register for upcoming events.
Directors/Trustees Discuss the New Strategy Implementation, Among Other Items
The ISACA Board of Directors and ITGI Board of Trustees met at the end of October 2009 and discussed the following:
- The status of the implementation of the new strategy–ISACA is ahead of schedule and expects a shorter-than-anticipated transition period. As with any significant initiative, it is important to monitor resources to ensure a balance between new strategy-focused activities and mission-critical “business as usual” functions. Of special focus is the need to delineate boundaries of decision-making authority for differing categories of the volunteer body.
- Involvement of younger people in ISACA–All volunteer groups are encouraged to involve young professionals in their activities. ISACA is keenly aware of the need to engage the next generation of members, volunteers and leaders. Formal efforts will be initiated at the chapter level to kick off discussion.
- Governance–The charters for each volunteer body, which have been under intensive revision to correspond with the new strategy, were approved.
- Web site implementation–The new web site is scheduled to go live in the second quarter of 2010 and will include many new collaboration and networking features. Each month, @ISACA will highlight new web site features.
- Annual audit–Grant Thornton will be retained for the 2010 audit, based on the level of service it has provided ISACA and its experience with the association. This decision is revisited annually.
- Credentialing Board activity–Work progresses on a new certification program aimed at IT professionals who develop and implement IT controls while managing business and technology risks. A process-focused assessment program based on COBIT® that will lead to enterprise certification is under investigation.
- Knowledge Board activity–ISACA participated in its first-ever virtual conference in early November 2009, featuring multiple sessions and speakers and a virtual exhibit area. Feedback will be closely monitored to determine future offerings.
- Relations Board activity–Renewed effort will be undertaken to ensure that the plans for membership growth identified by the Latin America Task Force in the 2008-2009 administrative term are implemented.
The next meeting of the two governing boards will occur in March 2010.