@ISACA Volume 8: 13 April 2011 

@ISACA Relevant, Timely News

Human Behaviors Influence Approaches to Technology
North America CACS ● Las Vegas, Nevada, USA ● 15-19 May 2011

Focusing on the human impact of technology, this year’s North America Computer Audit, Control and Security (CACSSM) conference in Las Vegas, Nevada, USA, will be relevant, both now and in the future, to IT audit, security, control and governance professionals.

The keynote speaker, Cheryl L. Shavers, Ph.D., chief executive officer of Global Smarts Inc. (formerly under secretary of commerce for technology at the US Department of Commerce) will take a look at emerging technologies and their persuasive impact on our lives. Shavers will kick off the new Human Factors track that is devoted to examining how people relate to technology used in an enterprise.

One-third of this year’s speakers are new to ISACA events and several of ISACA’s highly rated speakers are returning with the latest insights on technology issues and trends. Tracks feature:

  • Core competencies
  • Audit programs and ISACA research
  • Privacy issues and data protection
  • Emerging issues
  • How to audit IT governance and compliance issues
  • Human factors
  • Risk and exposure management

In the closing keynote, David Foote, chief executive officer and chief research officer of Foote Partners LLC, will provide insights from an analyst’s perspective on the human factors driving technology and change in IT audit, security, risk and governance.

Delve into the human side of technology. Visit the North America CACS page of the ISACA web site for more information and to register for this event.


Tips on Leveraging Social Media while Managing Risk
By Tara Kissoon, CISA, CISSP

Social media tools have become platforms to increase communication by organizations while fostering brand awareness and stronger customer service. With the emergence of these services, the introduction of new risks becomes apparent.

Here are tips on leveraging social media while managing risk to the organization:

  1. Create a framework—Research how individuals are using social media and use this information as input to define a corporate social media strategy, policy and training program.
  2. Develop the strategy—Align the strategy with corporate objectives and obtain senior management approval. This should include outlining key channels, type of engagement, risks, communication and ongoing monitoring.
  3. Minimize the risk—Identify controls to minimize unnecessary risk to the organization (i.e., brand, reputation, consumer confidence).
  4. Training and awareness—Incorporate social media and security within the corporate security awareness and training program. Educate users on industry best practices for securely using these types of online environments.
  5. Ongoing monitoring—Monitor ongoing exploits occurring in the social media environment. Provide a vehicle to determine and communicate ongoing risks and appropriate risk mitigation strategies.

For more guidance on social media, download a complimentary copy of ISACA’s social media white paper, Social Media:  Business Benefits and Security, Governance and Assurance Perspectives, from the Social Media page of the ISACA web site.

Tara Kissoon, CISA, CISSP, is a director at Visa Inc. Her expertise is focused in developing and implementing information security and risk management controls across global payment systems.


CISA Named to List of Hot Certifications

ISACA’s Certified Information Systems Auditor® (CISA®) certification was included in the top 5 IT certifications on Foote Partners’ semiannual “HOT LIST Forecast” of IT skills and certifications that will increase in value over the next 6 months. CISA was among 466 certifications that Foote Partners tracked for premium pay and market demand.

The report was developed from data from all of Foote Partners’ benchmark pay survey research, its comprehensive IT spending surveys, and from interviews with more than 500 IT executives and decision makers. The HOT LIST Forecast is popular with consulting firms and their clients, and employers use it as a compensation planning tool. It is also used as a companion to the Foote Partners’ IT Skills and Certifications Pay Index, on which CISA was named as garnering the highest pay premium of all security certifications.

For more information on the CISA certification, visit the CISA page of the ISACA web site.


ISACA Certifications Are Important Market Differentiators
Bob Smart, CISA, CRISC, Shares His Experiences As a CISA and CRISC

Bob Smart is ICT security manager at Shared Services of South Australia, specializing in IT risk and audit. As a member of the ISACA® Adelaide Chapter board since 2006, he has been a part of various committees. Currently, he serves as certification coordinator and webmaster.

Smart decided to pursue the Certified Information Systems Auditor® (CISA®) certification because he found it to be well respected both in Australia and globally. “At a certain stage of my career, when I was working mainly on IT audit assignments, CISA manuals and ISACA technical work programs were valuable resources in my development,” he said. “And, now, I believe the Certified in Risk and Information Systems Control™ (CRISC™) designation is more aligned with my current role in broader IT risk advisory, and for that reason, I decided to pursue the new CRISC credential.”

Smart explained that most top-tier professional services organizations in Australia expect IT consultants to achieve CISA status before being promoted to senior ranks. “Becoming CISA certified was an important step in my career,” he said. “Similarly, I believe that my clients would prefer to receive advice from someone with independently verified experience and capabilities. Also, many large private clients and government departments require certain capabilities from their service providers and ISACA certifications are always recognized and preferred,” he added.

On a personal level, Smart finds that ISACA certifications and professional development programs help sharpen his skills and demonstrate his commitment to continuous education and development.

Smart enjoys several benefits as a certified IT professional. “Working as an external advisor provides me with an opportunity to meet like-minded professionals and work on diverse projects in a broad range of industries, allowing me to learn new things, and apply my knowledge in new and challenging situations,” he said. “There are simply no boring days or ‘business as usual’ days in my practice. The ultimate reward comes at the end, when you know that you helped your client by strengthening their control environment and identifying new opportunities for them—creating a lasting difference.”

Smart believes that ISACA certifications are “important market differentiators” and why he and the partner in his practice support staff pursuing ISACA certifications. He advised, “I am confident that having the CISA credential helped me with at least one early promotion. Furthermore, each of my team members is either a CISA or has passed the exam and is awaiting certification. With the addition of the Certified in the Governance of Enterprise IT® (CGEIT®) and CRISC designations, I believe ISACA provides the right certification for any IT governance, risk, control and audit professional.”

Smart recently registered to take the June Certified Information Security Manager® (CISM®) exam. “While preparing to earn my third ISACA certification, I can confidently say that each designation matched my development needs at different stages of my career,” he said. “If you are considering enrolling, consult with your managers, colleagues or the certification coordinator in your local chapter who can help you determine the most appropriate certification for your circumstances and aspirations.”


New Webinar Program for 2011 Includes Archives
Download the Recent Webinars on Data Encryption and Cloud Computing Now

ISACA® has launched a new program for 2011—a series of monthly, 60-minute, live and interactive webinars. These events will present a wide range of topics surrounding today’s most challenging IT and information systems issues. This program is free and open to everyone. Those who attend the live event have the opportunity to participate in a live Q&A session at the conclusion of the presentation. For those who cannot attend the live event, each webinar is recorded and available for on-demand viewing.

The March webinar, titled “Address Regulatory Mandates for Data Encryption Without Changing Your Applications,” was presented by Roxana Bradescu, director of database security products with Oracle, and Andrew Meade, senior database administrator with TransUnion Interactive. The session focused on Oracle Advanced Security, which offers encryption for data and key management to help organizations meet regulatory requirements and save money. The session also shared how TransUnion Interactive addressed PCI DSS encryption requirements using Oracle Database 11g with Oracle Advanced Security.

The February webinar, titled “Integration with Legacy Systems in the Cloud,” was presented by Liam Lynch, chief security strategist with eBay Marketplace. The session focused on addressing why an enterprise would use cloud computing platforms and explored information security issues that must be addressed.

Visit the Webinar page of the ISACA web site to view archived webinars and to learn more about upcoming events.


New Resource Available on the Culture of Security

ISACA® has added a new publication, Creating a Culture of Security, to its library. Creating a Culture of Security examines how culture affects the information security program, how to create an intentional security culture and how to utilize ISACA’s Business Model for Information Security™ (BMIS™) in these efforts. It also discusses a range of methods to promote cultural growth to help security professionals assess and understand their current cultural state and provides guidance on how to move toward an improved future state. The book identifies potential barriers and provides recommendations for overcoming them. Creating a Culture of Security is available as a free download to ISACA members from the Research page of the ISACA web site and for purchase from the ISACA Bookstore.

Learn more about the ongoing ISACA research projects and upcoming deliverables by visiting the Current Projects page of the ISACA web site.


Translations of White Papers Increases Global Access

ISACA® has translated white papers in an effort to provide more resources to members in their native languages. Recent translations include:


Read More Articles in Our Archives