@ISACA Volume 8: 10 April 2013 

@ISACA Relevant, Timely News

Report of the Nominating Committee
By Lynn Lawton, CISA, CRISC, FBCS CITP, FCA, FIIA, Chair

The charge of the ISACA Nominating Committee, as described in sections 7.02 and 9.01 of the ISACA bylaws, is to prepare a slate of candidates for the ISACA Board of Directors, consisting of an international president and up to 7 vice presidents, for review by the association membership. The Nominating Committee is chaired by a past international president of ISACA, and its members include 2 additional past international presidents and 4 other members with significant ISACA experience and diverse geographic representation.

The committee takes very seriously its obligation to prepare the best possible slate of individuals who will work together as a team to lead the association. Its evaluation of candidates takes into account the intent to reflect the organization’s diversity in terms of geography, skills, experience and other relevant factors, while also balancing continuity and new viewpoints.

The process is managed with attention to detail. Deadlines are strictly adhered to, nominations are treated with unbiased consideration, candidates are interviewed and strict confidentiality is maintained throughout the process. The Governance Advisory Council provides oversight to the committee’s processes and the committee reports to the ISACA Board of Directors and the membership of ISACA.

The 2012-2013 Nominating Committee is pleased to present the slate for the 2013-2014 ISACA Board of Directors. As chair of the committee, I affirm that the committee’s deliberations were carried out in accordance with the bylaws and good governance principles.

The 2012-2013 Nominating Committee members are:

  • Lynn Lawton, CISA, CRISC, FBCS CITP, FCA, FIIA, Russia, Chair
  • Emil D’Angelo, CISA, CISM, USA (past international president)
  • Ken Vander Wal, CISA, CPA, USA (past international president)
  • Vincent Chan, CISA, CGEIT, CPA, Hong Kong
  • Alex Zapata, CISA, CGEIT, CRISC, Mexico
  • Urs Fischer, CISA, CRISC, CIA, CPA, Switzerland
  • Garry Barnes, CISA, CISM, CGEIT, CRISC, Australia


Slate of 2013-2014 Board of Directors

ISACA will hold its Annual Meeting on 9 June 2013, at the Estrel Berlin Hotel in Berlin, Germany, during ISACA’s World Congress: INSIGHTS 2013, where it will install the 2013-14 Board of Directors. In accordance with the association’s bylaws, the Nominating Committee submits the following slate as the proposed 2013-2014 Board of Directors:

  • Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA, international president
  • Allan Boardman, CISA, CISM, CGEIT, CRISC, ACA, CA (SA), CISSP, international vice president
  • Juan Luis Carselle, CISA, CGEIT, CRISC, international vice president
  • Ramses Gallego, CISM, CGEIT, CCSK, CISSP, SCPM, Six Sigma Black Belt, international vice president
  • Theresa Grafenstine, CISA, CGEIT, CRISC, CGAP, CGMA, CIA, CPA, international vice president
  • Vittal Raj, CISA, CISM, CGEIT, CFE, CIA, CISSP, FCA, international vice president
  • Jeff Spivey, CRISC, CPP, PSP, international vice president
  • Marc Vael, CISA, CISM, CGEIT, CISSP, ITIL, international vice president
  • Greg Grocholski, CISA, past international president
  • Ken Vander Wal, CISA, CPA, past international president

The bylaws grant the international president the authority to augment the board by a limited number of appointments, if desired. Tony Hayes has appointed the following individuals to serve as directors on the 2013-2014 board: Christos Dimitriadis, CISA, CISM, CRISC, Krysten McCabe, CISA, and Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC.

Included on the agenda of the Annual Meeting will be the annual report, the treasurer’s report, ratification of significant board actions from the 2012-2013 administrative year and comments from the international president.

All ISACA members are invited to attend the Annual Meeting. Visit the World Congress: INSIGHTS 2013 page of the ISACA web site for more information about the conference.


CRISC Certification Wins Best Professional Certification Award

ISACA is proud to announce that the Certified in Risk and Information Systems Control (CRISC) credential has won the 2013 Best Professional Certification Program Award from SC Magazine. The 2013 SC Awards were presented at the RSA Conference. SC Awards winners are chosen by a panel of security professionals from the private and public sector and are selected by SC Magazine’s editorial team based on their information security leadership and knowledge. The panel conducts an in-depth analysis and considers many factors, such as applicable research, analyst reports and reviews to narrow down the hundreds of submissions to the top finalists, and finally to the winner.

Established in 2010, CRISC has been earned by more than 17,000 professionals. To earn this certification, candidates must possess at least three years of relevant experience and pass the CRISC exam. To learn more about ISACA certifications, and how they can add value to your employer and your career, please visit the Certification page. To learn more about the requirements for CRISC certification, visit the CRISC page.


Assess Cloud Functionality and Usefulness When Outsourcing
By Bruce R. Wilkins, CISA, CISM, CGEIT, CRISC

By now, most of us have seen and used the cloud in various ways, yet there are indications that we are not completely knowledgeable about the cloud environment. Generally, IT staffs—as they do with most new technology—are addressing cloud environments as wholly new introductory platforms to computer science, which is often not the case. The term cloud describes several outsourcing approaches. Hosting a server in the cloud, for example, is very similar to third-party hosting. With cloud technology, enterprises have the ability to take a new approach to traditional product licensing—rather than selling copies of a product, a vendor can host applications and the customer’s associated data in a cloud and then sell seat licenses to access the aforementioned capability. These seat-based licenses are then sold to both end users and developers depending on the product.

What happens when a business mixes functionality provided by cloud vendors with their enterprise systems? Amid this concern, outsourcing via the cloud does have the potential to provide real opportunities and benefits. Consider these tips as a quick reference when outsourcing to the cloud:

  • Manage expectations. Ensure that management understands that outsourcing success can be tied to the business’s level of risk tolerance. Having applications and data hosted in the brick and mortar of the business is comforting and, in some cases, prudent.
  • Define financial metrics. Identify quantitative financial performance metrics that the business needs to achieve using a cloud-based approach. These should be based on how many servers and what type of servers are needed to be hosted in the cloud to reduce internal resources to meet expectations.
  • Ensure activity transition. Ensure that definitive business activities are moved into the cloud so that they are completed from end to end and are self-contained. This often shows the inconsistencies between business processes and how those processes are hosted within the business’s IT structure.
  • Define rules. Based on your business’s data architecture in terms of public, private and privilege, determine data hosting guidelines within a cloud.
  • Understand the type of cloud. Consider its functional strengths and its security certifications and pedigree. Do not try to host an application within a cloud that is tailored to support a new licensing strategy. In addition, avoid increasing security costs by attempting to secure the vendor’s cloud. Simply secure your small part of the sky.

Read more about this and related topics on the Cloud Computing page of the ISACA web site.

Bruce R. Wilkins, CISA, CISM, CGEIT, CRISC, is chief executive officer of TWM Associates. Wilkins has previously served as chair of ISACA’s CGEIT Certification Committee and CISM Test Enhancement Subcommittee.


Explore the Future of the Industry at INSIGHTS 2013

ISACA’s World Congress: INSIGHTS 2013 welcomes opening keynote presenter Herman Konings, Ph.D., futurist and founder of nXt, a think tank and “guess imitating” house for trends and forecasting. Konings will examine and illustrate the global trends that are influencing a variety of generations and coming innovations affecting consumer psychology, business-to-business marketing and more in his signature presentation, “The Future Wasn’t Born Yesterday.”

On 10-12 June in Berlin, Germany, leaders from CA Technologies, Cloud Security Alliance (CSA), Deutsche Post DHL, European Network and Information Security Agency (ENISA), IBM, International Telecommunications Users Group (INTUG), KPMG, Visa, Microsoft, TurkCell, WalMart, SWIFT and others will discuss the following valuable topics:

  • Emerging business privacy and data protection concerns
  • Big data (big pain or big opportunity?)
  • Information security—keeping up with the business
  • The future of cloud computing
  • Cybersecurity strategy
  • Forensic fraud detection
  • New retail technologies
  • Health care new technology

Register by 17 April and save more than US $400.


Registration Opens Soon for New September CISA and CISM Exam Administration

In 2013, ISACA will offer an additional Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) exam administration on Saturday, 7 September 2013. This September exam administration will be in addition to the June and December administrations; it will include only the CISA and CISM exams and will be offered only in select locations around the globe. To view a list of exam locations visit the September Exam Sites page of the ISACA web site.

Seating for the September CISA and CISM exams is limited and guaranteed only through the final registration deadline date. The September CISA and CISM exams will be available in all languages in which the respective exam is currently offered.

Registration for the September 2013 exam opens on Wednesday, 24 April 2013. The key dates for the September CISA and CISM exams are:

  • Early registration deadline: 28 May
  • Final registration deadline: 22 July

Additional details on the 7 September 2013 CISA and CISM exam administration can be found on the September Exam Frequently Asked Questions web page.


Read More Articles in Our Archives