@ISACA Volume 26: 22 December 2010 

@ISACA Relevant, Timely News

Volunteer With ISACA and Help Shape the Profession

The ISACA Invitation to Participate lists the boards, committees and subcommittees for 2011-2012—all require strong and talented participants. The online application must be submitted by 25 February 2011.

Volunteers help ensure successful certification programs, comprehensive professional conferences, timely education programs, insightful research, thorough and appropriate online resources, representative professional standards, and financially sound infrastructures.

To apply to be an ISACA volunteer, visit the Volunteering page of the ISACA web site to complete the online application.


6 Tips to Take IT Governance, Risk and Compliance to the Next Level
By Brian Barnier, CGEIT

ISACA’s 2010 IT Governance, Risk and Compliance (IT GRC) conference has come and gone. Held in Boston, Massachusetts, USA, delegates attended from 19 countries in numbers that exceeded expectations. For those who missed it, six points received repeated attention:

  1. Value comes from delivering offerings to customers, not IT offerings to internal users, but offerings to the enterprise’s end customers. While “strategic alignment” has long been part of ISACA® guidance, many IT leaders still struggle to make this happen.
  2. Industry recognized practices and flexible frameworks are too often “hidden gems” still waiting to be found by many chief information officers (CIOs). Instead of taking advantage of these tools, too many IT shops are still reinventing the wheel of IT oversight and management processes, which is costly to both build and maintain. Val IT™:  Based on COBIT® and Implementing and Continually Improving IT Governance can help you save time and money.
  3. The road to delivering value is not only about technology, but also about managing change. Too often, IT leaders stumble over failure to understand how to build the capacity to absorb change.
  4. Too many IT leaders are taking huge risks with activities that are relatively new to the organizations. These risks are easy to reduce. Leaders need to reach out to bring in the expertise that provides a sense of “been there, done that” comfort. Over time, training the team embeds capability in the organization.
  5. Risk management is often seen too narrowly, such as in a security or compliance sense. The big benefit of risk management comes in understanding the IT-related risk to business objectives—across IT silos and in relation to some business activity, process or product—which is what matters to the business.
  6. Performance metrics are too often only documented at a very micro level, such as processor or storage utilization. Nice for IT, but “so what?” for the business. Instead, metrics should be documented at the business level—delivering on revenue growth, business cost reduction or customer satisfaction.

To join in next year, visit the Conferences page of the ISACA web site where information will be posted about the 2011 conference as it becomes available. If you are an IT manager, make sure your CIO is aware of these key insights. If you are an auditor, these considerations can be included in your audits of governance of IT and risk management.

Brian Barnier, CGEIT, is a principal at ValueBridge Advisors. He teaches, speaks and researches widely. For information on Risk IT, visit The ISACA Risk IT Framework presentation by Barnier on the Mash Risk Television web site. Barnier can be reached at brian@valuebridgeadvisors.com.


A Reinvented Conference in a Reinvented City
EuroCACS • Manchester, England, United Kingdom • 20-23 March 2011

Manchester, in England's North Country, is the host for ISACA’s 2011 European Computer Audit, Control and Security (EuroCACSSM) conference. Often referred to as the world’s first industrialized city, Manchester has reinvented itself into a contemporary metropolis with modern landmark buildings, a thriving art and culture scene, and world-class sports. Manchester is the perfect metaphor for EuroCACS. The 2011 event has reinvented itself from a highly structured event into a modern, open concept. Gone are the traditional conference streams, replaced by a variety of major topics with various sessions within each. The sessions will provide a context for the topics and offer solutions to the challenges of each. The presenters will help create a collaborative environment where the attendees can learn as much from one another as they can from the presenters.

As one travels throughout Manchester finding elements of its industrial past, the dramatic mix of old and new gives the city its unique character. Similarly, those who have attended EuroCACS in the past will see familiar faces and approaches to topics to fulfil their education needs, while experiencing a new style and format that together will make for a unique event.

Additionally, attendees can enjoy the culture, heritage, attractions, dining and shopping of Manchester. Even the conference hotel, The Midlands Hotel Manchester, has great appeal. It is the exact spot where Henry Edmunds introduced Frederick Henry Royce to Charles Stewart Rolls who later formed Rolls-Royce Ltd. You can enjoy all the amenities of a world-class facility, including spa treatment and the Octagon Lounge, in an exotic meeting location.

2011 EuroCACS is a three-day event offering 38 sessions, as well as optional preconference and postconference workshops to extend the education experience. Topics include cloud computing and virtualization; outsourcing; regulations and compliance; privacy, information protection and loss prevention; risk management; managing the IT investment; information architecture; social computing, social networks and human factors; computer forensics; client computing; governance, risk and compliance; and sustainability.

For more information, including a complete listing of sessions and workshops, and to register for the conference, visit the EuroCACS page of the ISACA® web site.


Be a Part of ISO Liaison Activity

ISACA® activities related to the International Organization for Standardization (ISO) and its liaison relationship have been transitioned from a task force to a subcommittee, which is part of the Relations Board’s activities. The ISO Liaison Subcommittee is focused on ISO’s involvement with and study of governance and management of IT as well as information security techniques.

In addition to the volunteer subcommittee and its oversight of ISO activities in these areas, ISACA is intent on ensuring that ISACA chapters and their members are aware of and able to comment on ISO documents, as appropriate. Currently, ISACA and ISO/IEC JTC1 SC7 WG 21, the body responsible for International Software Asset Management (SAM) standards, are requesting comments from ISACA members on the SAM standard (ISO/IEC19770-1). Click here to access the document. The feedback period ends on 1 March 2011.

If you are interested in serving as a subject matter expert (SME) for ISO exposure drafts or helping the ISO Liaison Subcommittee develop its position on the exposure drafts, reach out by sending an e-mail to standards@isaca.org, including “ISO SME” in the subject line. In the body of the message, state your desired ISO area (governance and management of IT and/or security techniques) and any experience you have with your country’s standards bodies.


New White Papers Available:  E-commerce and SIEM

ISACA® conducted a survey of businesses whose employees perform online holiday shopping at work. E-Commerce and Consumer Retailing:  Risks and Benefits examines the risks that enterprises face when employees use company time and resources to engage in online shopping. The white paper provides practical guidance on how to manage risks in this situation.

Security Information and Event Management:  Business Benefits and Security, Governance and Assurance Perspective provides information security professionals with an understanding of security information event management (SIEM) systems, their benefits and risks and provides information on how to deploy and make use of these systems.

These white papers are available as a complimentary downloads from the Deliverables page of the ISACA web site.


Job Seekers Can Promote Their Skills Online

Audio Advantage, a new feature of the ISACA® Career Centre, now allows job seekers to add a short recording to their résumés/CVs stored on the ISACA web site. To learn how it works, log in to the Career Centre as a job seeker and click on Audio Advantage.

This new tool, available only to members for US $9.99, offers a great way to start the conversation with potential employers. Create a self-promotional pitch in your own language or exhibit your fluency in other languages to supplement your résumé/CV. This highlight of your skills, abilities and accomplishments is as simple as leaving a voice mail and will set you apart from the competition.


New COBIT Case Study:  Banco Supervielle

Banco Supervielle S.A., which was founded in 1887 and currently is one of the main private banks in the Argentine Republic., launched an IT governance project that was sponsored by the organization’s chief executive officer and led by the chief information officer and several managers. Goals of the initiative included improving alignment between strategy and the business; generating communications that were easily interpreted, managed and understood by professionals of diverse backgrounds; creating awareness of each person’s role within IT processes; and ensuring compliance with regulations set by the different controlling agencies governing the bank’s activity—most important, the Central Bank of the Argentine Republic.

After reviewing the existing guidance, and based on the needs of the enterprise, COBIT® was found to be the best reference framework to use as a guideline. A new Banco Supervielle COBIT case study on ISACA’s web site shows how the financial institution used COBIT to create an IT governance framework that enabled it to provide training and awareness of internal controls and best practices. In addition to helping the bank measure its existing maturity level, COBIT helped the institution understand its desired maturity level and the time needed to achieve it.


LinkedIn Enables Users to Add Certifications to Their Profiles

In an increasingly competitive environment, professional certifications that exemplify your knowledge and experience are central to setting you apart. But, once you have earned your designation, how do you let people know of your accomplishments? Your credentials required hard work, and it is important to gain recognition for them.

LinkedIn is appealing to this growing need and has recently enabled individual users to add professional certifications to their profile. This allows ISACA® certification holders to truly stand out among their peers and gain recognition in the professional world.

How It Works

At the bottom of your LinkedIn profile page in the “Edit Profile” mode, you will find an option to “Add sections.”

When you click on “Add sections,” you will see a prompt including the ability to add sections like certifications to your LinkedIn profile as well as other LinkedIn-enabled applications. It is important that individuals include the full certification name and acronym and association name to ensure consistency and allow you to become connected to others who are affiliated with ISACA.

LinkedIn is establishing itself as the leader in professional networking, becoming a very dynamic career tool. It will continue to add and grow in value as it develops additional features catering to users’ association memberships. By using this new feature, you can let LinkedIn know it is on the right path. Maybe that big opportunity around the corner will come to you because you have listed all of your credentials.


Participating in ISACA Surveys Is Rewarding

ISACA® would like to congratulate David R. Furnas, CISM, for winning a US $100 credit to the ISACA Bookstore and for providing valuable input toward the continued success of ISACA’s periodicals, including the ISACA® Journal and @ISACA. Furnas participated in the ISACA Readership Survey in July and provided his name and contact information to enter the random drawing for ISACA Bookstore credit. In October, Industry Insights, the independent third party that ran the survey, picked the winning entry at random.

We thank Furnas and all ISACA survey participants for taking the time to provide us with their insight. The information gathered through surveys such as this one is important to the continued success of ISACA and its services. We encourage all members to participate in these surveys, if and when they are selected. These few minutes can improve the value of your membership and may result in you winning a valuable prize, as did Furnas.


Read More Articles in Our Archives