@ISACA Volume 1: 2 January 2013 

@ISACA Relevant, Timely News

Nominating Committee Selects 2013-2014 President

Tony HayesThe ISACA Nominating Committee has selected Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, as international president for the 2013-2014 Board of Directors slate. Hayes, currently serving as an ISACA vice president, is appointed Deputy Director-General of the Department of Communities, Child Safety and Disability Services in the Queensland Government, Australia. He has extensive experience across the Queensland public sector at the senior level in various departments such as the Public Service Commission and Queensland Health.

Hayes has been a member of ISACA since 2003 and has served on several ISACA committees, including the IT Governance Committee. Prior to being elected international vice president, he was a director of ISACA and served as chair of the Relations Board. Currently, he is chair of ISACA’s Finance Committee, a member of ISACA’s Strategic Advisory Council and a member of the IT Governance Institute Board of Trustees. Hayes is also an Adjunct Professor and a member of the Business Information Systems Advisory Committee for the School of Business at the University of Queensland.

In selecting the president, the Nominating Committee considered input and guidance from a variety of sources: the committee’s own discussion, phone interviews with the candidates, an evaluation of each candidate as compared to the board-approved attributes for office, the association’s own strategy and direction, and the guiding principles and expectations for the position, also approved by the board.

The remainder of the slate—the international vice presidents—will be selected by the Nominating Committee in first quarter 2013 and will be announced to the membership by mid-April 2013. If no additional candidates arise from the membership (by petition), the slate is declared elected by acclamation and those individuals will be installed at the Annual Meeting of the Membership, to be held in June 2013 in Berlin, Germany (in conjunction with the World Congress).

Hayes will also serve as president of the IT Governance Institute.


Additional CISA and CISM Exam Date in 2013

ISACA will offer an additional Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) exam administration on Saturday, 7 September 2013, at select locations around the globe.

Seating for the September CISA and CISM exams will be limited and guaranteed only through the final registration deadline date. The exams will be available in all languages in which CISA and CISM exams are currently offered. Registration for the September 2013 exam will open on Wednesday, 24 April 2013.

Starting with the 2013 exams, CISA and CISM exam results will be released within approximately 5 weeks (rather than the current 8 weeks) of each exam administration date. Additionally, September and December exam registration deadlines have been reworked to permit later registrations, thereby allowing those who test in June 2013 to also test in September 2013, if desired.

Included below are key dates related to the September 2013 CISA and CISM exams:

  • Exam date: 7 September 2013
  • Early registration deadline: 12 June 2013
  • Final registration deadline: 22 July 2013

Exam administrations for all four ISACA certifications (CISA, CISM, CGEIT and CRISC) will continue to be administered on the June and December schedule—8 June and 14 December 2013.

Learn more about ISACA’s exams on the CISA, CISM, CGEIT and CRISC Bulletin of Information (BOI) pages.


Tips for Business Continuity Management
By Lisa R. Young, CISA, CISM

The business environment is changing rapidly as organizations of all sizes move to 24/7 global operations. Global strategies rely on dependable Internet connectivity and real-time access to information. Expectations by clients, employees and business partners for instant access to information have become a part of normal operations.

Most risk management programs include completing periodic business impact analysis (BIA) as part of the risk management strategy. Emerging technologies in the areas of virtualization, cloud computing, mobile devices and social networking impact organizations by introducing new challenges, risk, issues and opportunities that must be addressed to keep pace with the rapid changes in the risk landscape. These same technologies can be used as part of an effective business continuity management (BCM) program. The term business continuity, as used in this article, encompasses all of the programs and plans used to ensure enterprisewide continuance of the organization’s mission. Common components of business continuity include disaster recovery, contingency planning, incident response and crisis management.

Considerations for advancing business continuity programs include:

  • Advances in data storage and replication such as data vaulting and direct backup to disk improve the resilience of critical business functions and reduce the time it takes to gain access to information after a disaster. Greater access to high-speed bandwidth at lower costs enables data storage and replication capabilities.
  • Mobile device connectivity allows for faster workforce recovery. The ability to access enterprise resources from smartphones and tablets, in addition to laptops, provides a significant advantage in keeping employees productive during disruptive events without the need for the organization to provide temporary work space or additional computing resources.
  • Social media can be used as a communication channel during a disaster. Organizations can use these media to provide updates to customers, employees and business partners. Social media come with risk of their own, so it is critical to train qualified staff to use this medium wisely as part of a larger crisis communications planning effort.
  • Server virtualization and cloud computing help reduce planned outages by providing the ability to move applications to temporary environments during system maintenance, firmware upgrades, critical patching and disaster recovery (DR) testing. Unplanned outages can also be minimized due to the ability to take configuration snapshots of mission-critical virtual machines and restore them using similar hardware devices in shorter periods of time within the same data center or across geographic areas.

BCM must continue to evolve as business practices and emerging technologies continue to shape the business landscape. Virtualization, cloud computing, mobile devices and social networks are examples of emerging technologies that can be leveraged to improve BCM. However, without proper business alignment, risk management and governance, BCM may not be able to exploit the potential benefits of using emerging technologies.

Read Business Continuity Management: Emerging Trends and visit the Business Continuity—Disaster Recovery Planning community in ISACA’s Knowledge Center for more information on this topic.

Lisa R. Young, CISA, CISM, is the past president of the ISACA West Florida (Tampa, Florida, USA) Chapter and a frequent speaker at information security conferences worldwide. Young was also a member of the ISACA task force that developed the Risk IT publications.


Nominate an ISACA Colleague to Volunteer

Do you know a member or members who would be assets to an ISACA volunteer body? If so, nominate them for the 2013-2014 volunteer term.

You may nominate a member for volunteer service by completing the nomination form or emailing his/her name, email address, recommended volunteer body and any additional information in support of the nomination to participate@isaca.org. ISACA will inform him/her of the nomination and provide information on volunteering.

Please ensure nominations are submitted well in advance of the 14 February 2013 deadline to allow nominees time to submit additional application information prior to the deadline.

If you are interested in volunteering with ISACA, visit the Volunteering page of the ISACA web site. From this page, you can access the 2013-2014 online application and the Invitation to Participate brochure (also sent to all members in volume 6 of the ISACA Journal). In addition to the application, applicants are also asked to provide a résumé/curriculum vitae.

If you have any questions regarding nominating an individual or the volunteer application process, contact participate@isaca.org.


New CGEIT Job Practice Effective With June Exam

ISACA conducts an international job practice analysis for each of its certification programs every 5 years—or sooner if changes in the industry demand it. In 2012, ISACA completed a 9-month project resulting in a revised job practice for ISACA’s Certified in the Governance of Enterprise IT (CGEIT) certification. “We accelerated this process by a year, starting it in 2011, to ensure the accurate reflection of the tasks and responsibilities of today’s IT governance professionals. Diligent attention to the job practice adds value for all CGEIT certification holders,” said Allan Boardman, CISA, CISM, CGEIT, CRISC, CISSP, ACA, CA(SA), and chair of ISACA’s Credentialing and Career Management Board.

The recently revised CGEIT job practice, which will take effect with the June 2013 exam, incorporates the collective opinions of the members of the CGEIT Practice Analysis Task Force, 25 independent subject matter expert reviewers and more than 1,400 IT governance practitioners from around the world. The new job practice conceptually aligns with COBIT 5, ISACA’s framework for governance and management of enterprise IT, and focuses on the following 5 domains (the percentages represent the percentage of items that will appear on each exam):

  1. Framework for the Governance of Enterprise IT (25 percent)
  2. Strategic Management (20 percent)
  3. Benefits Realization (16 percent)
  4. Risk Optimization (24 percent)
  5. Resource Optimization (15 percent)

The major change to the CGEIT job practice is the integration of the performance measurement tasks (domain 6 in the previous job practice) into the Benefits Realization domain of the revised job practice. Due to the ever-increasing emphasis on risk, the percentage of questions that tests risk management/optimization went from 20 percent on the previous job practice to 24 percent on the revised job practice.

Learn more about the CGEIT exam on the CGEIT Bulletin of information page.


Take Advantage of Online and In-person Training Opportunities

The best place to get direction is from people who have been in your place. ISACA’s educational events offer real-world training, flexibility and the resources that can take your career to a higher level. You can prepare for certification exams, earn certified professional education (CPE) credits and, with our web-based events, network with your peers from around the world.

The following Training Courses will be offered in the first quarter of 2013 in partnership with Deloitte & Touche LLP:

Upcoming free online events include:

  • Webinars scheduled for 14 February, 28 February, 14 March and 28 March 2013
  • Virtual Conference on enterprise risk management, 19 March 2013

For details on all training events, visit the Training page of the ISACA web site.


Read More Articles in Our Archives