ISACA Journal Author Blog

 ‭(Hidden)‬ Admin Links

ISACA > Journal > Journal Author Blog

Evaluating E-health Governance Frameworks

Elena Beratarbide, Ph.D., CISA
Posted: 4/20/2015 3:20:00 PM | Category: | Permanlink | Email this post

E-health plays an essential role in supporting health care in today’s digital society; it is perceived as crucial for high quality and cost-effective health care. However, getting the expected benefits from e-health has been difficult to demonstrate.

There has been a growing interest in adopting e-health governance frameworks to obtain reassurance that investments return the expected results in health care. However, how IT governance is implemented within health care and the actual impact on strategic alignment remains poorly understood.

My recent Journal article presents the findings from a recent comprehensive technical report on e-health governance. The report explores the application of well-known frameworks (e.g., COBIT and ITIL) within the National Health Services (NHS) in Scotland and their impact on e-health governance maturity and strategic alignment with health care. The report mainly presents results of a longitudinal study conducted since 2008 within Scottish health care organisations, but it offers cross-national and cross-sectoral benchmarking. My Journal article discusses the implication of these report findings.


ERP Implementation in the Education Sector: Using a Hybrid IT Governance Framework

Manas Tripathi and Arunabha Mukhopadhyay, Ph.D.
Posted: 4/13/2015 3:11:00 PM | Category: | Permanlink | Email this post

Our recent Journal article proposes a hybrid IT governance framework, enterprise resource planning/business process management/saving, investing and returning value (ERP-BPM-SIRV), for academic institutes to follow for effective implementation of ERP. The ERP-BPM-SIRV framework is a useful tool for c-suite decision makers at academic institutes as it details a series of sequential steps along with feedback loops and provides an exhaustive set of actions to take over time. The framework also focuses on the “what” (decisions are being taken) and “who” (made decisions). The ERP-BPM-SIRV framework has been formulated based on the study of an ERP implementation at an Indian business school.


Implementing Continuous Control Monitoring

David Vohradsky, CGEIT, CRISC Posted: 4/6/2015 8:49:00 AM | Category: | Permanlink | Email this post

In my recent Journal article, I presented a review and pragmatic steps for the implementation of continuous control monitoring (CCM) for IT general controls. My approach has now been considered in 2 CCM implementations for use across enterprise change management, incident management and antivirus management controls.

This CCM approach started with a top-down analysis of control objectives to determine which formal assertions to test. The implementations focused initially only on existence tests (i.e., does a change have an approval) and, therefore, took more of a bottom-up approach to look at the data, what could be done with them and what other assertions were possible.


Staying Secure in the IoT

Marcelo Hector Gonzalez, CISA, CRISC, and Jana Djurica
Posted: 3/30/2015 3:22:00 PM | Category: Security | Permanlink | Email this post

The Internet of Things (IoT) is changing how people and technology interact. With billions of devices projected to be connected in the near future, the opportunity to be innovative is amazing.

In recent months, there have been several publications discussing the IoT, with many articles in favor of it and many against it. On one hand, it is said that all things should be connected:  refrigerators, coffee machines, wearables, microwaves, umbrellas, fitness bands and drones. On the other hand, there is an opinion that this trend needs to be stopped, regulated or banned by government organizations because of security and privacy concerns. For example, the US Federal Trade Commission (FTC) publicly raised concerns about the security risk associated with the rising number of interconnected systems and devices.


Preventing Cyberattacks With COBIT 5 Processes

Fredric Greene, CISSP
Posted: 3/22/2015 3:01:00 PM | Category: Security | Permanlink | Email this post

It is easy to second guess organizations after an attack as opposed to working with them on cybersecurity or information security initiatives. But this questioning can also offer some benefit, helping the  security professionals learn what could have been done to defend the organization against the cyberattack. The following is a brief look at the attacks on Sony, Morgan Stanley and Anthem as a sample across the entertainment, financial and health insurance industries:

  • Sony Pictures Entertainment (SPE) was the victim of a breach that exfiltrated more than 100 terabytes of data (47,000 records), after which large volumes of data were erased. Servers, networks and other infrastructure were rendered nonoperational.
  • Morgan Stanley was the victim of an internal financial adviser who stole data on 350,000 clients using a reporting tool that gave him access to massive amounts of data on clients.
  • Anthem suffered the disclosure of 80 million unencrypted customer and employee records accessed through stolen administrator credentials.

I would suggest  that there are specific COBIT® 5 processes and practices that can be effective in halting or minimizing these types of attacks.

<< First   < Previous     Page: 1 of 53     Next >   Last >>