@ISACA Volume 10: 8 May 2013 

@ISACA Relevant, Timely News

Improvements to Knowledge Center Enhance Usability

Have you noticed something different about the Knowledge Center? In a continual effort to enhance the Knowledge Center, changes have been launched to improve navigation. In addition to the new alert system that allows you to participate in discussions via email, an expanded overview of the most recent discussions and the titles of each discussion are now provided so that members have greater insight into the subject matter of each post.

The streamlined usability changes allow users to start a discussion while freeing up space on the web page for additional enhancements, which are scheduled to come later this year. Sign in to the Knowledge Center web page and look for the “Start a Discussion” button to participate. Once in a discussion, it is now easier to navigate back to the overall topic or to return to the discussion list.

Visit the Knowledge Center today and check out the changes. While you are there, make sure to set your email-enabled discussion alerts for your favorite topics.


ISACA 2013-2014 Board Elected by Acclamation

The following slate, selected by the ISACA Nominating Committee to serve as the Board of Directors for 2013-2014, was published in @ISACA, volume 8, issued on 10 April 2013:

  • Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, international president
  • Allan Boardman, CISA, CISM, CGEIT, CRISC, ACA, CA (SA), CISSP, international vice president
  • Juan Luis Carselle, CISA, CGEIT, CRISC, international vice president
  • Ramses Gallego, CISM, CGEIT, CCSK, CISSP, SCPM, Six Sigma Black Belt, international vice president
  • Theresa Grafenstine, CISA, CGEIT, CRISC, CGAP, CGMA, CIA, CPA, international vice president
  • Vittal Raj, CISA, CISM, CGEIT, CFE, CIA, CISSP, FCA, international vice president
  • Jeff Spivey, CRISC, CPP, PSP, international vice president
  • Marc Vael, CISA, CISM, CGEIT, CISSP, ITIL, international vice president
  • Greg Grocholski, CISA, past international president
  • Ken Vander Wal, CISA, CPA, past international president

Per Article IX, Section 9.01.g of the ISACA bylaws, if no additional nominations are received by petition from the membership, the slate selected by the Nominating Committee is considered elected by acclamation. No additional nominations have been received; therefore, this slate is elected. The 2013-2014 Board of Directors will be installed at the Annual Meeting of the Membership on 9 June 2013 in Berlin, Germany, just prior to ISACA’s World Congress: INSIGHTS 2013.


Renew Your ISACA Certification Now

The 2013 certification renewal period is ending soon. You have worked very hard for your ISACA certification—do not risk its revocation.

ISACA’s certified professional education (CPE) policies require that you earn a minimum of 120 CPE credits during your 3-year cycle and 20 CPE credits in each cycle year. Renewing your certification for 2013 requires two steps:

  1. Paying the annual maintenance fee
  2. Reporting your 2012 CPE credit hours

Based on your requests and those of your fellow certification holders, the CPE reporting system has been enhanced so you can choose how to enter your CPE credits. CPE credits may be entered as one single total representing all of your 2012 CPE hours, or individual records may be entered for each CPE activity.

A detailed overview and tutorial of the CPE reporting system may be found on the How to Report CPE page of the ISACA web site.

You can view the CPE policies on the Maintain Your CISA, CISM, CGEIT and CRISC web pages. For assistance with entering your CPE or if you have questions on the new CPE system or your certification in general, email certification@isaca.org and include “CPE Assistance” or the appropriate topic in the subject line.


Develop Key Strategies at INSIGHTS 2013

World Congress: INSIGHTS 2013 on 10-12 June in Berlin, Germany, is ISACA’s premier conference designed specifically for chief information officers (CIOs), IT and business executives responsible for providing strategic direction and return on investment (ROI) for their business through the smart use of IT and IS technologies, tools and processes.

Providing strategic insights using interactive discussion panels (instead of 1-way PowerPoint presentations), the 2-way dialog with experts in each session creates an exclusive, intimate, collegial and business-focused environment. Key business leaders can receive and give information on how to better align business strategies and optimization through leveraging a cost-efficient IT organization; insights into future trends; validation of strategies; and best practices in risk, cybersecurity and talent management.

Share experiences; engage in high-value networking; and take away new, actionable perspectives to increase your value as a strategic business partner at INSIGHTS 2013.


3 IT Governance Considerations When Transitioning From Internal Operations to a Service Provider

IT operations are quickly shifting from an internal function performed hands-on by an organization’s technical staff to an external function governed and overseen by an organization’s technology managers and operators. This is evident in the rapid adoption of cloud computing solutions in which many organizations are quickly transitioning their traditional internal IT capabilities to those provided by service providers. It is often the expectation of the organizations and business leaders who are making this transition that these solutions will have the same, and in many cases better, availability, capacity and security characteristics as when these services are maintained by the organizations’ own personnel. This level of assurance can be achieved only if certain governance considerations and arrangements are in place with the service provider. While there are many governance considerations that should be evaluated based on the type of capability that is being sourced, there are 3 that should be consistently reviewed:

  1. Is there an agreed-upon process for consistent and detailed information sharing about the health, performance and safety of both the organization’s services and the service provider’s overall environment? The change of control and lack of visibility that often result as part of transitioning operational responsibilities for IT environments from an organization’s internal capabilities to an external service provider can be very challenging. To implement effective governance capabilities, you will need to understand what operational information will be provided by the service provider, including the scope of the information and the delivery method. The scope should include information from the provider about capabilities associated with your organization’s specific environment and the supporting information infrastructure of the provider. Often, service providers are willing to provide detailed reporting about the capabilities specific to the solutions they provide in the form of reporting portals, but are hesitant to provide insight into their supporting information infrastructure. The information must be comprehensive and timely enough to enable you to enact effective IT governance. This will allow you to work collaboratively with the service provider to ensure that your expectations are being met and provide an opportunity for you to enable a trust-but-verify approach to governing the provider.
  2. Are key performance indicators (KPIs) established and agreed upon? KPIs can provide a mutual understanding between your organization and the service provider of key metrics and measures associated with the solutions and services that you will monitor as part of your IT governance activities. KPIs should be objective in nature whenever possible to ensure that there is little opportunity for disagreement about the information they provide. The most effective KPIs are those that can be directly bound to the productivity of services and have a direct connection to material and key business capabilities.
  3. Does the service provider have adequate information risk management and security capabilities? In many cases, a service provider’s competency, or lack thereof, about information risk management and security is not well understood by its customers until an incident occurs. Security is often identified as one of the key concerns when transferring operational control to service providers, especially when it comes to cloud providers. It is important to conduct comprehensive and regular reviews of the service provider’s capabilities to ensure that they are in line with your organization’s expectations and requirements. Providers often attempt to prove their capabilities through independent industry certifications and vendor compliance reviews that can be helpful for point-in-time insights, but are often not sufficient for ongoing operational IT governance activities. You must understand the maturity and comprehensiveness of the provider’s approach to information risk management and security for its customer environments and its internal operations. Key areas to review and monitor include its level of visibility into its information infrastructure, proactive threat and vulnerability management processes and capabilities, and comprehensive incident management and response processes and capabilities.

John P. Pironti, CISA, CISM, CGEIT, CRISC, CISSP, ISSAP, ISSMP, is the president of IP Architects LLC.


Nominate Your Web Site for Best Technology Web Site of 2013

The Web Marketing Association is conducting the 17th WebAward Competition. Founded in 1997, the Web Marketing Association supports setting a high standard for Internet marketing and development of the best web sites on the World Wide Web. The international WebAward Competition is the longest-running annual award program dedicated to naming the best web sites in 96 industries while setting a standard of excellence for all web site development.

Recent winners of the Best Technology Web Site include Cisco Systems Inc. for Cisco Support Community (2012), Intel Corporation for Intel Reinvents Its Online Newsroom (2011), Cisco for Cisco.com (2010), Venables Bell & Partners for Sponsors of Tomorrow (2009) and eBusiness Marketing & Strategies for Gene.com (2008).

Nominate your organization’s web site for Best Technology Web Site of 2013 on the Web Marketing Association web site. Send us an email (publication@isaca.org) if you win so we can share the news with your ISACA colleagues.


Read More Articles in Our Archives