Stephen Pedneault | Reviewed by Gail Michaelson, CISA, PMP, SSGB
This book is a primer on how fraud works and how to prevent, detect and prosecute it.

Jake Kouns and Daniel Minoli | Reviewed by Vishnu Kanhere, Ph.D., CISA, CISM, AICWA, CFE, FCA
This book provides an overview of industry practices and a practical guide to IT risk management frameworks, methodologies and techniques.

Based on Volume 3, 2010

S. Ramanathan, CISA, CISSP
The subject of this article is to present a more fundamental approach to GRC and to suggest the most appropriate methodology to make the exercise sustainable.

Arvind Mehta, CISA, C-EH, ISO 27001 LA
The right approach to identify the exact scope and extent of testing for Sarbanes-Oxley ITGC is to perform a detailed risk assessment focused on the risks associated with each general control process area.

Tarak Modi, CISA, CISSP, PMP
This article looks at how FISMA and its family of key NIST SPs are changing to meet the challenges posed by increasingly elusive hackers who are using better and more sophisticated tools and techniques.

Vítor Prisca, CISM, CGEIT, and Manuel Moreira, CISA, IPMA Level C: Certified Project Manager
This article presents an effective methodological approach to implement and sustain the COBIT PO9 "Assess and manage IT risks" process.

Sachidanandam Sakthivel, Ph.D.
This article discusses the risk factors for RV, suggests methods to manage RV to reduce project risks, and relates RV and its management to various control objectives in COBIT.

Loic Jegousse, CISA, CISM
This article explores the concepts of a risk management model in the context of change management to IT systems, and their ramifications with respect to system life cycle controls.

Dan Wilhelms
SMEs are not required to demonstrate compliance to outside auditors or to the government. So how does an organization decide whether the benefits of implementing a second-generation GRC solution outweigh the cost?

Rajesh Kapur, CISA, FIETE, MIE
BSC has the potential to oversee the mechanism of converting a long-term strategic plan into sets of immediately doable activities.

Robert Schperberg, CISM, EnCEP
Schperberg is Chevron’s global IT forensics investigations lead.

Gan Subramaniam, CISA, CISM, CCNA, CCSA, CIA, CISSP, SSCP, ISO 27001 LA
By being clinical and dispassionate, with no personal agenda, auditors serve the best interests of their employers and their profession.

Steven J. Ross, CISA, CISSP, MBCP
If the sheriff is the CISO, the mayor is the risk manager.

Tommie W. Singleton, Ph.D., CISA, CGEIT, CITP, CMA, CPA
To mitigate the risks associated with access control, it is necessary to identify the risks associated with access controls and to assess the level of those risks.

Jeff Roth, CISA, CGEIT
This article discusses what is needed to address the recent NIST SP 800-53 requirement changes and to build greater value delivery and extract more cost-effective management controls.

Haris Hamidovic, CIA
This article provides an introduction to the key elements of IT governance, to key industry frameworks used by organizations, and to guiding principles for directors of organizations on the use of IT based on ISO/IEC 38500:2008.

Christopher P. Buse, CISA, CISSP, CPA, Larry Marks, CISA, CGEIT, CFE, CISSP, PMP and Steve Sizemore, CISA, CGAP, CIA
This article discusses the US Department of Health and Human Services Health Breach Notification Rule: Final Rule.

Stephen Gantz, CGEIT, CEH, CIPP/G, CISSP-ISSAP
This article focuses on the privacy and security aspects of the HITECH Act portion of the US American Recovery and Reinvestment Act, EHR certification criteria, and standards included in meaningful use.

ISACA Member and Certification Holder Compliance
An up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques

Vítor Prisca (CISM, CGEIT) 는 Manuel Moreira (CISA ,IPMA 레벨 C: 공인 프로젝트관리자)

Sachidanandam Sakthivel