ISACA Journal Blog

 ‭(Hidden)‬ Admin Links

ISACA > Journal > Practically Speaking Blog

Governance and City Development

Graciela Braga, CGEIT, COBIT Foundation, CPA
Posted: 1/17/2017 3:01:00 PM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

Most of us live in cities. We are always busy, so we only see the impact and benefit of IT when it is not there, e.g., during failures, service unavailability, loss of physical devices, natural disasters and so on.

The definition of “city” has evolved, and IT has been an enabler for that evolution, transforming cities to become smart or smart sustainable. All types of disruptive or cognitive technology used in this transformation have benefits and risk, but if they are well governed, the probability of value delivery increases.

In my recent Journal article, I present how an IT governance framework can be implemented to help cities get value from the use of IT, following the structure proposed by ISACA’s publication Getting Started With GEIT: A Primer for Implementing Governance of Enterprise IT.

 
Read More >>
    

Phishing Attacks: Organizations in Troubled Waters Year After Year?

Baidyanath Biswas and Arunabha Mukhopadhyay, Ph.D.
Posted: 1/9/2017 4:02:00 PM | Category: Risk Management | Permalink | Email this post

Social engineering of data over the Internet through phishing involves social and technological tactics to acquire information from victims. Attackers often target naive users to unwittingly divulge critical information such as their usernames; passwords from social network sites, bank and financial web pages; and credit card details. Fraudsters create fake web pages that closely resemble the original site and spread the pages through emails, web and multimedia messages to reach the target users. Modern day phishing emails are more malicious than before. Almost 90% of phishing attacks originate from organized crime groups, and the rest originate from rogue-nation adversaries. The attackers are primarily after their targets’ login credentials.

 
Read More >>
    

The Decision to Adopt Machine Learning for Telemedicine

Shounak Pal and Arunabha Mukhopadhyay, Ph.D.
Posted: 1/2/2017 8:20:00 AM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

Telemedicine is fast-growing as a mobile health care information system (HIS) in most parts of the world. Fast Internet, smart phones and increased comfort of physicians in using electronic communication are also helping telemedicine become more widely adopted. Telemedicine consultation can contribute to reducing cost, lessening the stress of patients and improving accessibility to specialized consultations. However, it is difficult to schedule correct telemedicine sessions without a deep understanding of the health care needs of the region. The use of machine learning for decision making and better treatment has been a highly researched topic. Machine learning is also used to monitor patients remotely. However, this technique is not currently used to monitor telemedicine session broadcasting. In our recent Journal article, we present the case of an Indian health care organization that broadcasts telemedicine sessions to associated hospitals in remote locations. For the purpose of telemedicine governance, we suggest the following steps while using machine learning techniques through the department-session-organization (DSO) model proposed in our article:

 
Read More >>
    

Ethics and Data Protection Laws

Henry Chang, CISM, CIPT, CISSP, DBA, FBCS
Posted: 12/29/2016 3:08:00 PM | Category: Privacy | Permalink | Email this post

Data protection used to be a simple compliance task. Most of the data protection laws are based on the Organisation for Economic Co-operation and Development (OECD) Privacy Framework Basic Principles. The core of this framework can be summarized as transparency—the purposes of personal data collection are made known and justified to individuals and their implicit or explicit consent is obtained before collection and processing. Furthermore, if an enterprise wants to change the use of personal data to a new purpose, the enterprise must obtain individuals’ consent before proceeding.

It all sounds just about doable, but the enterprise must also consider somewhat disruptive big data analytics, which indiscriminately collects massive amounts of data with the hope that a previously unforeseen insight will suddenly be discovered. This being the case, one would wonder how the now-contradictory concepts of transparency and big data analytics can be reconciled when an enterprise begins with no idea of the use it may have for the personal data that are collected for big data analytics.

 
Read More >>
    

The Hexa-dimension Metric: Not Just for Data Privacy Protection

Wanbil W. Lee, DBA, FBCS, FHKCS, FHKIE, FIMA Posted: 12/29/2016 3:08:00 PM | Category: Privacy | Permalink | Email this post

The Hexa-dimension metric is an initiative that was prompted by the phenomenon that ramifications for privacy breaches are seldom satisfactory, no matter how meticulous the decision-making process. The reason for this lack of satisfaction is that consequences are argued in rational, logical and financial terms only. This deficiency leads me to reflect on the status quo:  the solution that is derived from the Herbert Simon decision-making model, which is the guiding light for decision making and deep-rooted in our thought and practice of management, is congenitally defective. We need to improve the decision formulation. The Simon doctrine does not deliver a satisfactory decision because decision makers are not always rational and are sometimes judgmental, emotional or reliant on escalation of commitment. In addition, the decision variables are considered in financial terms only, but risk and cost can be ethical, social, legal, technical and ecological in nature.

 
Read More >>
    
<< First   < Previous     Page: 1 of 67     Next >   Last >>