ISACA Journal Author Blog

 ‭(Hidden)‬ Admin Links

ISACA > Journal > Journal Author Blog

Monitoring, Analysis and Incident Management for Secure Data Centers

Brett van Niekerk, Ph.D., and Pierre Jacobs
Posted: 6/22/2015 3:08:00 PM | Category: | Permalink | Email this post

Our recent ISACA Journal article discusses the requirements for a military-grade secure data center based on the Advanced National Security Infrastructure System (ANSIS) by the National Computing and Information Agency (NCIA) in South Korea and the International Telecommunications Union (ITU-T) X.805.

This blog discusses the role of security operations center (SOC) functions, namely monitoring, visualization and incident response, in supporting security dimensions and defense-in-depth layers for data centers. The dimensions and layers in ANSIS and ITU-T X.805 are largely preventative and detection controls. While monitoring the monitoring function aids in detection, it collates information from various sources and provides the input of analysis, which can guide the incident response and recovery functions. Torsten George considers continuous monitoring and risk visualization to be 2 of the 4 key elements of cybersecurity.


Examining the Adoption of COBIT 5

Makoto Miyazaki, CISA, CPA Posted: 6/15/2015 3:10:00 PM | Category: | Permalink | Email this post

Three years have passed since the release of COBIT 5. How is the popularization of it in Japan compared with the previous version? There are actually several success stories of COBIT 5 adoption in other countries, as reported in COBIT Focus.

But in Japan, I do not know of many successful cases in which organizations fully adopted the COBIT 5 Framework and Enabling Processes, except for a few cases such as the adoption introduced in Yuichi (Rich) Inaba, CISA, and Hiroyuki Shibuya’s COBIT Focus article, “Creating Value With COBIT 5 at a Tokio Marine Group Company.”


Using COBIT to Unlock the Value of Knowledge Management

Bostjan Delak, Ph.D., CISA, CIS Posted: 6/8/2015 3:16:00 PM | Category: | Permalink | Email this post

Nicolaus Copernicus said, “To know that we know what we know, and to know that we do not know what we do not know, that is true knowledge.”

But how can organizations identify, assess and evaluate the knowledge they have? Data, information, knowledge and wisdom are the phases of the evolution. Peter Trkman and Kevin Desouza explained the difference between data, information and knowledge by arguing that data are observed, raw, unanalyzed and uninterrupted patterns with no meaning. Information is created through aggregation of data via the application of mathematical statistics or logical processing techniques, and we make sense of information through the application of knowledge. Knowledge is the collection of experiences, know-how, expertise and natural instincts that help us make sense of information.


Automation in Security Testing

Sivarama Subramanian, CISM Posted: 6/1/2015 7:22:00 AM | Category: | Permalink | Email this post

Is automation required in security testing? Of course it is. Automation already exists in preliminary stages in the security testing cycle. For example, scans for known vulnerabilities are performed through commercial tools and open source tools.

As recently as late 2014 and 2015, the automation of security testing has taken a shift in its approach. Customers are looking for automated secure code review through the build phase, which is widely known as continuous integration. This continuous integration is possible through secure code review plug-ins, which are integrated with platforms (e.g., Jenkins CI) to produce the secure code review when the source code is built. The project owners and developers will receive the secure code review report automatically.


Develop Sustainable Business Practices with COBIT 5

Graciela Braga, CGEIT, COBIT 5 Foundation, CPA
Posted: 5/26/2015 3:10:00 PM | Category: | Permalink | Email this post

Stakeholders expect that businesses create value, but at what cost? In the end, stakeholders and businesses are looking for the same thing:  to protect their future. Information technology plays an important role. It can be a solution or part of the problem depending on how it is governed and managed.

COBIT 5 can be used to help enterprises create value for their stakeholders, including sustainable development in their goals and in the governance and management of IT (GEIT):

  • Alignment of IT and business strategy to achieving sustainable development—This is important in order to set and maintain a governance framework that considers sustainability as a core principle.
  • IT compliance and support for business compliance with external laws/regulations and with internal policies—Enterprises should comply with human rights; environmental and social responsibility; natural resource management; information security management; and health, safety and labor regulations. Enterprise policies have to recognize these regulations and strongly avoid exceptions while stipulating the consequences. It is important that educational, awareness and training activities include sustainability compliance issues. This will increase the confidence of stakeholders in the enterprise.
  • Manage IT-related business risk and delivery of IT services in line with business requirements—Sustainability requires identifying risk factors that could limit the possibility of future generations to satisfy their needs and put in place countermeasures to prevent negative impacts. It also requires satisfying business requirements. Important subjects to evaluate are external laws and regulations, best practices and international standards, internal policies, and IT and business performance goals.
  • IT agility—Respond in a timely and efficient manner to a changing business environment
  • Competent and motivated personnel—If personnel understand their responsibility regarding sustainability and respect future generations’ rights in the current decision-making or performance process, there will be a greater chance of reaching sustainability objectives.
  • Knowledge, expertise and initiatives for business innovation—Innovation allows for sustainability. Knowledge, expertise and new initiatives focused on sustainability aspects are critical to being sufficiently innovative in order to discover new and more efficient methods to protect the environment, business and IT personnel.
Sustainability is a stakeholder need and a business requirement. But more than anything, it is a human responsibility. Read my recent Journal article and share how COBIT 5 assists enterprises in achieving this goal.
Read Graciela Braga’s ISACA Journal article:
Time for Sustainable Business Is Now: Leveraging COBIT 5 in Sustainable Businesses,” ISACA Journal, volume 3, 2015.
<< First   < Previous     Page: 1 of 55     Next >   Last >>