@ISACA Volume 12: 9 June 2010 

@ISACA Relevant, Timely News

Virtual Seminar and Trade Show: Building a Better GRC Program

Join us Tuesday, 22 June 2010, to learn how to get the most out of your GRC strategy by aligning business and corporate IT governance. This online, all-day event will allow you to participate in live, educational sessions presented by knowledgeable experts; ask questions and interact with speakers and sponsors; and connect one-on-one with other industry professionals, ISACA® members and staff.

The presenters include Christopher McClean from Forrester, who will discuss how to understand and select GRC technology; Eric Holmquist from Holmquist Advisory, who will explain how to perform information security risk assessments; Richard E. Mackey from SystemExperts, who will talk about the evolution of compliance programs; and Brian Barnier from ValueBridge Advisors, who will discuss the integration of GRC frameworks and standards. You will also be able to submit for the live Q&A session following each presentation.

In between education sessions, you will be free to visit exhibitor booths and interact with sponsors and ISACA staff in the exhibit hall. The networking lounge will be open throughout the event, where you can go to talk with other ISACA members about the event. A resource center, complete with additional information and materials such as white papers and ISACA® Journal articles, will also be available to you.

Click here to learn more and register for the event.


ISACA Journal Goes Digital

Waiting for the ISACA® Journal to find its way to your doorstep? In the meantime, view the digital edition, a fully interactive, exact replica of the Journal. With the launch of the ISACA web site, we have added this additional way for members to read the Journal. Now, online access to the Journal includes the fully downloadable digital edition as well as the individual articles in HTML and PDF, which you have come to know, and provides members with:

  1. An opportunity to read the Journal in the way that best suits your current environment
  2. Instant access to the latest issue, whether at home or traveling abroad
  3. Easy archiving and advanced search capabilities
  4. Direct and immediate access to related content through embedded links
  5. An opportunity to share a portion of the Journal with nonmember friends and colleagues
  6. Access to the Journal from your smartphone or tablet. Simply click on the digital edition link from your smartphone or tablet.

The digital edition does not require any software installation and opens in seconds, and provides readers a truer, magazine-like experience. Readers will enjoy the same, familiar experience as thumbing through the print Journal, poring over stories, following the flow of the magazine’s layout and scanning quality advertisements.

Be one of the first to read the Journal—watch for the bimonthly Journal alert in your e-mail inbox and click on the link to view the latest edition in digital form. The current issue—volume 3—is available now.


Six Career Benefits From Certification Mentoring
By Lisa Young, CISA

Are you a Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) or Certified in the Governance of Enterprise IT® (CGEIT®)? Have you considered teaching what you know about IT auditing, information security management or IT governance to others who are preparing for a certification exam? Around this time of year, many of the local ISACA® chapters hold review classes or study groups to prepare people for the various ISACA certification exams. You may have even taken advantage of these resources when you were studying for an exam. The benefits to your career and professional development from teaching and mentoring are numerous. Here are six reasons you should consider teaching an exam review class or mentoring someone who is preparing for a certification exam.

  1. To contribute to your profession—People who wish to share their knowledge and experience with others in the field can volunteer to be the coordinator of a job practice study group. Many local chapters offer review classes that are taught by certified professionals just like you.
  2. To increase knowledge in your profession—We all know how valuable refresher training can be, especially when you have been in your field a long time. Maintaining your skills by preparing to teach the exam materials helps you to keep your skills current and involves you in knowledge transfer with other instructors and students.
  3. To build credibility—Become the point of contact for ISACA certifications in your organization. Let your manager, human resources department or training division know of your certification and willingness to mentor current employees in exam preparation.
  4. To increase skills for your current position—Preparing to teach increases your expertise in the job practice areas and allows you to apply the material to your current role.
  5. To increase skills for your next position—Job practice analyses are conducted at least every five years to make sure the certifications reflect the changing roles and complexities of IT auditing, information security management and IT governance. For example, this year is the last year for the current CISA job practice areas, as the 2011 exam will reflect new job practice areas.
  6. To earn continuing professional education (CPE) credits—ISACA credential mentoring is a qualifying activity for earning up to 10 hours annually of CPE to maintain your own ISACA certification credentials. Click here to find out more.

Lisa R. Young is the past president of the West Florida ISACA chapter in Tampa, Florida, USA, and a frequent speaker at information security conferences worldwide. Young was also a member of the ISACA task force for the new Risk IT: Based on COBIT® publications.


Addressing the Security, Assurance and Governance Issues of Social Media

Social media is changing the face of today’s businesses. Increased representation on social media channels, such as Facebook, Twitter and LinkedIn, has not only made companies more accessible to their customers but is also increasingly being leveraged as a powerful, low-cost tool for organizations to drive business objectives, such as enhanced customer interaction, greater brand recognition and more effective recruiting.

ISACA’s newest complimentary white paper, Social Media: Security, Assurance and Governance Issues, has been developed by a team of subject matter experts who are using social media technology. It provides a thorough description of the benefits and risks of the popular technology, as well as practical ways to mitigate many of the associated risks.

Enterprises are responding to the benefits of social media. According to the “Global Social Media Check-up Insights” from the Burson-Marsteller Evidence-Based Communications Group, of the Fortune Global 100 companies, 65 percent have active Twitter accounts, 54 percent have Facebook fan pages, 50 percent have YouTube video channels and 33 percent have corporate blogs.

While the use of social media channels has helped many enterprises improve customer service, enhance search engine optimization (SEO) and increase sales, it is not without risks. Data leakage, e-discovery regulations and privacy infringements are just a few of the issues that enterprises considering using social media technology need to consider.

Click here to download a complimentary PDF of this new white paper.


ISACA Welcomes the 2010-2011 International Board of Directors

In 2010-2011, ISACA® will be helmed once again by International President Emil D’Angelo, CISA, CISM, senior vice president at the Bank of Tokyo Mitsubishi UFJ, New Jersey, USA. A member of ISACA for more than 30 years, D’Angelo has been actively involved with the association, serving on its Strategic Advisory Council and Governance Advisory Board, chairing the Security Management Committee, and serving as an ISACA director.

Returning to the board this year are international vice presidents Ria Lucas, CISA, CGEIT, Jose Angel Pena Ibarra, CGEIT, Robert E. Stroud, CGEIT, Kenneth L. Vander Wal, CISA, CPA, and Rolf von Roessing, CISA, CISM, CGEIT, and directors Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, Gregory T. Grocholski, CISA, and Howard Nicholson, CISA, CGEIT. Having consistency on the board from year to year, through returning members, is important and critical to ensuring ISACA reaches its short- and long-term goals.

Lucas provides a unique perspective through her role as an investment manager at Telstra Corp. Ltd., Australia, and her experience in internal and external IT audit. A a partner at Alintec, Pena brings to the board his experiences working at this international firm that provides consulting and training services on IT audit, control and security. Stroud is the vice president of IT service management and governance for the service management business unit at CA Technologies, where he helps to ensure that the company’s solutions adhere to best practices in service management and governance. Vander Wal is a retired national partner in the Technology and Security Risk Services practice of Ernst & Young, where he was responsible for the firm’s global TSRS quality and risk management program. Von Roessing, a retired partner and now an executive advisor at KPMG Germany, holds non-executive directorships at several security consulting companies in Germany.

Equally as important is adding new energy. ISACA does so this year with the additions of international vice presidents Christos K. Dimitriadis, CISA, CISM, and Hitoshi Ota, CISA, CISM, CGEIT, CIA, GSEC(GIAC), Dimitriadis is the head of information security at INTRALOT S.A, a multinational supplier of integrated gaming and transaction processing systems based in Greece. He has served ISACA as chairman of the External Relations Committee and as a member of the Relations Board, Academic Relations Committee, Journal Editorial Committee and Business Model for Information Security work group. Ota is senior manager at the Mizuho Corporate Bank Ltd., Tokyo, Japan, where he is responsible for information security management, project risk management, systems risk management and US/J-SOX IT coordination mainly related to overseas business operation. In addition to his numerous ISACA Tokyo Chapter responsibilities, Ota has served on the CISM Certification Board, and is now serving on the Communities Committee.

Joining the president, vice presidents and directors is Immediate Past International President Lynn Lawton, CISA, FBCS CITP, FCA, FIIA, and Past International President Everett C. Johnson Jr., CPA.

Click here to learn more about all of the 2010-2011 board members.


Training Onsite Eliminates Travel Costs

Responding to the needs of global constituents, particularly, the need for training at a time when budgets may restrain travel, ISACA® has developed an onsite training program. ISACA On-Site Training features ISACA core training content designed for IT audit, control, security and governance professionals. Benefits of ISACA On-Site Training include:

  • Maximum results at minimal expense to your organization—pay one fee for the course and instructor and have several of your staff attend (limit 40 attendees per course)
  • Optional customized training to suit the specific needs of your organization, through personalized discussions with the course trainer
  • Experienced ISACA instructors providing high-quality training and expertise
  • Saving time and money by having the training come to you

Click here for more information about ISACA On-Site Training, including course descriptions. E-mail questions to OnSiteTraining@isaca.org.


COBIT, CISA, CISM and Related Subject Matters Addressed in Industry Regulations Worldwide

ISACA’s Government and Regulatory Agencies (GRA) subcommittees have provided the following updates on relevant regulations worldwide:

  • The Australian National Government is reevaluating the Commonwealth Government Security Manual to include security profession accreditation and qualifications, such as Certified Information Security Manager® (CISM®). Accreditation for security roles and relevant certifications relating to security professionals who work for the government and in the private sector are being revisited.

    To support the recommendations for this update to the security manual, the Australian government is doing a study on staffing requirements for ICT security positions of trust (e.g., training, certifications, licensing, security clearances, amount of experience). The government was seeking information on what other governments have done. Twelve responses were received from regional subcommittees on similar government initiatives and forwarded to Australia.
  • In Japan, a report was recently published titled “Information Security Related Legal/Regulatory Issues Research Project Report.” This project was supported by the Ministry of Economy, Trade & Industry (METI). The report recommended:
    - Promoting cloud computing based on standards, not regulations
    - Encouraging the use of information security reports
    - Establishing certifications and audits for vendors as self-guidelines
  • In Malaysia, the Privacy and Data Protection Bill of 2009 has passed the second reading in Parliament. The ISACA Malaysia Chapter organized a small forum on this bill along with the Bar Council that was held in May.
  • In Brazil, the Certified Information Systems Auditor™ (CISA®) certification is now required for IT auditors to perform audits in financial institutions. The Sao Paulo Chapter is working with the regulatory agencies to make this a requirement for government auditors.
  • In Colombia, the government is using COBIT® as a framework for government agencies. The Bogota Chapter is supporting the government’s knowledge of COBIT and ISACA® certifications.
  • The Melbourne Chapter provided commentary to the local Victoria government on Audit Committee Guidelines for Local


CISA Certification Provides a Solid Career Foundation
Courtney Oxman Shares Her Experience As a CISA

For Courtney Oxman, the Certified Information Systems Auditor™ (CISA®) certification is a solid foundation for her career and much more. She believes the certification enhances her education—an undergraduate degree in accounting and masters in information systems.

“The CISA provided a credible statement of competency in a profession showing great potential/promise for growth coinciding with the development of the information technology industry,” Oxman explained. “The ISACA® organization presented itself as a well-designed, professional structure to maintain and further cultivate such a certification. I considered the combination of competency and professionalism to be an excellent foundation for a lifelong career.”

In Alaska, as quality manager in oil spill response, Oxman relied on this combination of skills and tools. “The proof was a quality program implementation that was fully supported by the management of Alyeska Pipeline,” Oxman said. “My resulting promotion to operations manager was testimony to the ‘right stuff’ provided by my background. But, the adoption of the quality program by the line technicians and responders was the real proof.”

Oxman finds that maintaining her CISA certification has not only fully supported her IT/IS audit career, but also her financial stability. “My IT/IS audit career allowed me to make necessary changes to my life after the birth of my son and tragic loss of his father,” she said. “Enduring two back-to-back life events and finding the ability to rebound and take care of my child and myself is humbling. I am grateful that my early career path took me toward IT/IS auditing. I have found that I can depend on my profession to weather tough economic times and adapt to rapidly changing technological innovation. I know this field will continue to support my family and provide a satisfying professional life.”

Oxman has the following advice to those thinking about pursuing the CISA credential:
  • ISACA certification has credibility. “By design, the CISA represents professionalism and competency. I refer to the CISA as a technical information systems auditor’s ‘Good Housekeeping Seal of Approval’—it is sought after and respected by employers. You can build a great career on this one certification,” she said.
  • Study/review courses can guide you and help focus your studies. “Buy study manuals,” she urged. “ISACA provides great study materials and review courses (see their web site for details). Set aside and regularly schedule study time. Better yet, use your workout on the treadmill or elliptical trainer as focused study time. Record study notes and listen to them while you are walking.”

Oxman feels the best aspect of this profession/field is that it is more than just a career; she feels it is a way of doing things that becomes second nature. “This profession has a cadence to it. The themes and the thought patterns become second nature and thread throughout your life,” she said.

“I incorporate many of the lessons and processes I learn in my audit profession into other areas of my life,” she explained. “Project management, change management and communications skills are critical to my daily life and pursuits outside of the workplace. For example, negotiating differences has become an active part of my being a parent.”

Courtney Oxman, CISA, is an IT auditor at West Virginia University.


Read More Articles in Our Archives