ISACA Journal Author Blog

 ‭(Hidden)‬ Admin Links

ISACA > Journal > Journal Author Blog

Managing a Global Team in the Compliance World

Mohammed J. Khan, CISA, CRISC, CIPM Posted: 7/6/2015 8:14:00 AM | Category: | Permalink | Email this post

Human resource management (HRM) is an area in which every manager has to constantly mature  throughout their career. It becomes even more of a challenge when dealing with intra-regional and extra-regional boundaries that are inevitably going to stretch the demands of a robust and well-balanced people manager. Add to that the complexities of compliance, whether it is audit, privacy, ethics or information security, and HRM becomes exponentially harder, considering the sensitivity of these areas. The issues of a multigenerational workforce, along with increasing challenges with cultural diversity and inclusiveness, can lead to some challenges in having a global team. However, the benefits are quite significant, and this becomes even more important for an organization that is truly global in nature. Some of these benefits include proximity to customers (internal and external), a broader reaching talent pool and flexibility in managing resources.


Monitoring, Analysis and Incident Management for Secure Data Centers

Brett van Niekerk, Ph.D., and Pierre Jacobs
Posted: 6/22/2015 3:08:00 PM | Category: | Permalink | Email this post

Our recent ISACA Journal article discusses the requirements for a military-grade secure data center based on the Advanced National Security Infrastructure System (ANSIS) by the National Computing and Information Agency (NCIA) in South Korea and the International Telecommunications Union (ITU-T) X.805.

This blog discusses the role of security operations center (SOC) functions, namely monitoring, visualization and incident response, in supporting security dimensions and defense-in-depth layers for data centers. The dimensions and layers in ANSIS and ITU-T X.805 are largely preventative and detection controls. While monitoring the monitoring function aids in detection, it collates information from various sources and provides the input of analysis, which can guide the incident response and recovery functions. Torsten George considers continuous monitoring and risk visualization to be 2 of the 4 key elements of cybersecurity.


Examining the Adoption of COBIT 5

Makoto Miyazaki, CISA, CPA Posted: 6/15/2015 3:10:00 PM | Category: | Permalink | Email this post

Three years have passed since the release of COBIT 5. How is the popularization of it in Japan compared with the previous version? There are actually several success stories of COBIT 5 adoption in other countries, as reported in COBIT Focus.

But in Japan, I do not know of many successful cases in which organizations fully adopted the COBIT 5 Framework and Enabling Processes, except for a few cases such as the adoption introduced in Yuichi (Rich) Inaba, CISA, and Hiroyuki Shibuya’s COBIT Focus article, “Creating Value With COBIT 5 at a Tokio Marine Group Company.”


Using COBIT to Unlock the Value of Knowledge Management

Bostjan Delak, Ph.D., CISA, CIS Posted: 6/8/2015 3:16:00 PM | Category: | Permalink | Email this post

Nicolaus Copernicus said, “To know that we know what we know, and to know that we do not know what we do not know, that is true knowledge.”

But how can organizations identify, assess and evaluate the knowledge they have? Data, information, knowledge and wisdom are the phases of the evolution. Peter Trkman and Kevin Desouza explained the difference between data, information and knowledge by arguing that data are observed, raw, unanalyzed and uninterrupted patterns with no meaning. Information is created through aggregation of data via the application of mathematical statistics or logical processing techniques, and we make sense of information through the application of knowledge. Knowledge is the collection of experiences, know-how, expertise and natural instincts that help us make sense of information.


Automation in Security Testing

Sivarama Subramanian, CISM Posted: 6/1/2015 7:22:00 AM | Category: | Permalink | Email this post

Is automation required in security testing? Of course it is. Automation already exists in preliminary stages in the security testing cycle. For example, scans for known vulnerabilities are performed through commercial tools and open source tools.

As recently as late 2014 and 2015, the automation of security testing has taken a shift in its approach. Customers are looking for automated secure code review through the build phase, which is widely known as continuous integration. This continuous integration is possible through secure code review plug-ins, which are integrated with platforms (e.g., Jenkins CI) to produce the secure code review when the source code is built. The project owners and developers will receive the secure code review report automatically.

<< First   < Previous     Page: 1 of 55     Next >   Last >>