@ISACA Volume 24: 19 November 2014 

@ISACA Relevant, Timely News

Learn Networking Strategies and Earn CPE at Leadership Development Webinar

The rapidly changing nature of networking has led to the convergence of business and the social world. Because of the importance of networking, ISACA is presenting the “Collaborating, Communicating and Making Friends…” webinar as part of its Leadership Development Series. This webinar will take place on 11 December at 11AM CST (UTC -6 hours). Members can earn 1 continuing professional education (CPE) hour by attending and passing a quiz about the webinar.

Led by ISACA International President Robert E Stroud, CGEIT, CRISC, the webinar will address how to create and develop professional communities, how to network, and how to manage relationships once a connection has been made.

To register for this webinar or learn more about it, visit the Collaborating, Communicating and Making Friends… page of the ISACA web site.


Five Tips for Increasing Your Influence as an Auditor
By Ann Butera

By definition, influence is the ability to get others to act on your suggestions without pulling rank. Influential people are able to garner support for their ideas. They understand that being persuasive requires more than technical expertise and simply having facts to support a perspective. They are able to communicate their message in as many ways as necessary to appeal to the diversity of their audience. Persuasive people leverage their relationships with others and the information they possess to get others to act on corrective action plans and implement suggestions for increased efficiency.

Are you an influencer? Would you like to be recognized as one? The following 5 techniques will increase your ability to influence others’ behavior:

  1. Identify and expand areas of commonality when interacting with others—Take the time to break the ice with colleagues. During this time, pay attention to their answers to common conversational questions like, “How was your weekend?” These answers can provide insight into their hobbies and priorities. To the extent that you genuinely share interest in these areas, your ties to these people will expand and deepen over time.
  2. Understand communication styles—Take the time to understand the other person’s preferred communication style and match it. For example, if the other person is a slow, methodical and precise communicator, using overblown or imprecise words, e.g., always, never and very, will trigger suspicion. Likewise, speaking very quickly to this same individual will engender distrust. Instead, choose your words with care and slow down your rate of speech. Establish this rapport before diving into an explanation of your ideas.
  3. Watch your language—Use common, everyday terms to explain technical concepts. Avoid audit jargon (e.g., inherent risk, residual risk, key control). Be prepared to express the same message in several ways until the other person understands what you are saying.
  4. Adapt your communication style—If you are dealing with an analytical person, present your position in a coherent, sequenced manner. If you are dealing with a goal-oriented person, explain how your ideas will enable this person to achieve his/her goals effectively or efficiently. If you are dealing with a people pleaser, provide examples of precedents that illustrate how other departments or teams have successfully implemented your suggestion. If you are dealing with a high-energy strategist, keep your messages focused, concise and simple by limiting the amount of detail you provide.
  5. Pull more and push less—Instead of making statements and telling people what to do, use questioning to engage the others. Most people believe “their own baloney,” i.e., if they say it, they own it. This means that if they identify a gap in their process or a breakdown in their process’s controls, they believe these conditions exist. But when you deliver the same message and tell them they have a process gap, their typical reaction will be defensiveness and resistance. Consequently, take the time to devise a series of open-ended questions that will lead the people you want to persuade to arrive at the point you want to make. While this indirect approach may appear to be time consuming, it achieves results that are long lasting. As a result of thinking through the answers to your questions, other people have time to think about the condition you want addressed.

While these techniques may seem simple, they require a great deal of self-control and practice before they become second nature. However, if you make it a habit to apply these 5 techniques, you can become an influential team member, gaining the trust of your peers and management.

Read more on the KnowledgeLeader web site.

Editor’s Note: © 2014 Protiviti Inc. All rights reserved. This article was excerpted with permission from Protiviti’s KnowledgeLeader, a subscription-based web site that provides audit programs, checklists, tools, resources and best practices to help internal auditors and risk management professionals save time, manage risk and add value. ISACA members receive a discount on an annual subscription to the service.


Vice President Nominations Remain Open

Nominations for the position of vice president on the ISACA Board of Directors for the 2015-16 term remain open (the nomination period for international president closed 14 October). Information about serving on the board, the attributes for office and the nomination form itself are available on the Board Nominations page of the ISACA web site.

Members may submit nominations for themselves or for others (or both). All nominations will be acknowledged and all candidates will be required to complete a candidate profile form that confirms the candidate’s willingness to serve if selected and provides the Nominating Committee information about the candidate. Self-nominating candidates will also be asked to submit a letter of recommendation from an ISACA member, outlining how the candidate demonstrates the attributes of office. Information on candidates will be gathered in other ways as well, including review of public web sites (e.g., Google, Facebook, LinkedIn) and interviews with the candidates.

Nominations for vice president close at 5:00PM CST (UTC -6 hours) on 6 January 2015. This is the date by which all materials must be received at ISACA International Headquarters (i.e., completed candidate profile form and letter of recommendation, if required). Questions? Contact nominate@isaca.org.


Webinar Offers Tips on Using NIST Cybersecurity Framework

The US National Institute of Standards and Technology (NIST) created the Framework for Improving Critical Infrastructure Cybersecurity, which contains guidelines and best practices for cybersecurity. To help organizations better understand the NIST framework, ISACA has partnered with CA Technologies to create the “Want to Avoid Security Breaches? Leveraging the NIST Framework for Improved Cybersecurity” webinar. This webinar will take place on 4 December at 11 a.m. CST (UTC -6 hours). ISACA members will have the opportunity to earn 1 continuing professional education (CPE) hour by attending the webinar and passing the related quiz.

The webinar will be led by Sumner Blount, director of security solutions for CA Technologies, and Jamie Brown, director of global government relations for CA Technologies. They will teach webinar attendees how to tailor the NIST framework to their organizations’ needs. In addition, the webinar will cover which technologies can be used to help enterprises adhere to the framework.

To register for the webinar or learn more about it, visit the Want to Avoid Security Breaches? Leveraging the NIST Framework for Improved Cybersecurity page of the ISACA web site.


Government Use of COBIT Promoted by ISACA Volunteers

ISACA volunteers’ advocacy efforts have led to the adoption and use of COBIT by a number of governments around the world. For example, in South Africa, rapid social, economic and political growth revealed a need for improved governance of information and communications technology. Recognizing this need, the local chapter of ISACA worked to increase awareness of COBIT within the government.

The South Africa Chapter created a board of directors position responsible for promoting ISACA and COBIT in the public sector. The chapter also began giving presentations on the benefits of COBIT at government conferences and meetings of public sector chief information officers. When the South African government decided to create its Corporate Governance of Information and Communications Technology Policy Framework, the concept of using COBIT for governance had gained enough traction that it was referenced as an integral part of the framework.

ISACA’s Government and Regulatory Advocacy Committee (GRAC) supports such advocacy efforts around the world. Thanks in large part to the dedicated volunteers of the GRAC and its subcommittees, South Africa is not alone in its advocacy efforts. The GRAC and its 5 regional subcommittees work to raise awareness of ISACA within governments, advocating for the use of ISACA knowledge and credentials and promoting the capability and credibility of ISACA members. The GRAC primarily focuses on 5 areas of government: reserve banks and financial regulators, state and national auditor generals and inspector generals, agencies responsible for cybersecurity, agencies responsible for privacy and data protection, and agencies responsible for national workforce IT skill development.

If you know of a government that is using COBIT but is not included in the COBIT Global Regulatory and Legislative Recognition document, please contact lwogelius@isaca.org.


Personal Privacy Major Concern Per
2014 IT Risk/Reward Barometer

The Internet of Things (IoT) is here, and its implications are examined in ISACA’s 5th annual IT Risk/Reward Barometer. The barometer also covers IT-related business issues such as wearable technology, bring your own device (BYOD), privacy and data breaches. The survey findings include responses from 1,646 ISACA members in a global survey and 4,224 consumers from 4 countries.

Among the findings, nearly 7 in 10 ISACA members (69 %) report that they are very concerned about the decreasing level of personal privacy. Nearly half of respondents state that the biggest challenge regarding the IoT is increased security threats (49 %). And, while 81 % of members say bring your own wearables (BYOW) is as risky, or riskier than BYOD, only 11 % of their enterprises have a policy that addresses the issue.

For related infographics, a video and full results of the member and consumer surveys, visit the IT Risk/Reward Barometer page of the ISACA web site.


Book Review: Anti-Hacker Tool Kit
Reviewed by Joyce Chua, CISA, CISM, CITPM, ITIL, PMP

Anti-Hacker Tool Kit is an intermediate-level book for hands-on IT security professionals who want to defend their systems against today’s most complex attacks. The 4th edition of this book includes today’s cutting-edge tools for a complete security arsenal.

This how-to book helps readers protect their network from a wide range of exploits, with detailed explanation of the tools hackers use. Anti-Hacker Tool Kit also details the best practices for configuration and implementation of security resources, illustrated by code samples and up-to-date, real-world case studies. There are a large number of tools described in great detail, including virtual machines and emulators, vulnerability scanners, forensic utilities, and privacy tools.

Other key features include a description of how to use these tools for everything from command-line skills to testing security of IT assets, and most of the tools described in this book are free and open source.

The strengths of this book include a thorough discussion of and current information about anti-hacker tools. This book is easy to read and contains numerous references to videos that further discuss the topics, tips and configuration advice discussed in the book. This latest edition stands apart from the past editions with references to short videos that demonstrate several of the tools in action.

This practical guide makes it easy for security professionals to quickly find solutions to help safeguard their systems from the latest and most devastating hacks.

Anti-Hacker Tool Kit is available from the ISACA Bookstore. For information, see the ISACA Bookstore Supplement in the latest issue of the ISACA Journal, visit the ISACA Bookstore online or email bookstore@isaca.org.

Joyce Chua, CISA, CISM, CITPM, ITIL, PMP, is a global IT compliance manager for GLOBALFOUNDRIES, one of the world’s top dedicated semiconductor foundries.


Read More Articles in Our Archives