Volume 2, 2011 

The ISACA Journal is dedicated to the publication of managerial and technical guidance from experienced global authors to enhance the proficiency and competitive advantage of its international readership. With volume 3, 2011, the Journal focuses on the theme Risk Management—What Is Your Capacity?, with articles on IT scenario analysis in ERM and considerations when evaluating ISRM, among others.

Book Reviews
Book Review—Enterprise Security for the Executive: Setting the Tone From the Top
Jennifer L. Bayuk | Reviewed by C.W. Axelrod, Ph.D., CISM, CISSP
The greatest value of this book is its description of information security practitioners’ experiences in dealing with C-level management and how those relationships should be handled.
Book Review—Mobile Application Security
Himanshu Dwivedi, Chris Clark and David Thiel | Reviewed by Jeimy J. Cano M., Ph.D., CFC, CFE, CMAS
This book presents a series of suggestions and security tips for developing mobile applications.
CPE Quiz
Quiz 135
Based on Volume 6, 2010
Features
A Cost-effective Approach for Sarbanes-Oxley-regulated Application Systems With Minimal IT Control Assurance
Loic Jegousse, CISA, CISM, CGEIT, CRISC
The proposed approach in this article will assist in reducing reliance on IT automated controls (ITAC) when it makes business sense to do so.
An Introduction to ICT Continuity Based on BS 25777
Haris Hamidovic, CIA, ISMS IA, ITIL-F
This article provides an introduction to the key elements of ICT continuity based on BS 25777.
IT Scenario Analysis in Enterprise Risk Management
Urs Fischer, CISA, CRISC, CPA Swiss
Scenarios are a powerful tool in a risk manager’s armory—they help professionals ask the right questions and prepare for the unexpected.
Key Considerations When Evaluating ISRM Programs and Capabilities
John P. Pironti, CISA, CISM, CGEIT, CRISC, CISSP, ISSAP, ISSMP
A mature ISRM program and capability is an enabler to the organization and, in many cases, considered a strategic advantage in business activities.
The Struggle for Privacy and the Survival of the Secured in the IT Ecosystem
Sudhakar Sathiyamurthy, CISA, CIPP, ITIL, MCSE
This article proposes a holistic privacy archetype that provides a pragmatic approach for the business to efficiently manage and stay abreast of growing regulatory and fiduciary requirements.
Value Assessment Tool for ICT Projects at the European Commission
Stefka Dzhumalieva, Franck Noël and Sébastien Baudu
The Value Assessment Tool (VAST) of the European Commission is the subject of this article.
Five Questions
Five Questions With...
Scott M. Baron, CISA, CRISC, CCDP, CCNP, MCSA, MCSE
Baron is director of digital risk and security governance for National Grid, where his team has global responsibility for IS risk and compliance efforts.
HelpSource Q&A
HelpSource Q&A
Gan Subramaniam, CISA, CISM, CCNA, CCSA, CIA, CISSP, ISO 27001 LA, SSCP
What should be our approach to determining and reaching agreement on the optimal percentage of business operations that must be or can be recovered in the event of a crisis?
Information Security Matters
What Is the Value of Security?
Steven J. Ross, CISA, CISSP, MBCP
How much more is a secure company worth than an insecure one?
IT Audit Basics
Understanding the New SOC Reports
Tommie W. Singleton, Ph.D., CISA, CGEIT, CITP, CMA, CPA
This column describes SOC reports to provide an understanding of them and to explain the differences among them in order to prepare CISAs for the changes ahead.
Online Exclusive
JOnline: El Debido Cuidado en Seguridad de la Información
Jeimy J. Cano M., Ph.D., CFC, CFE, CMAS
Las consecuencias de las fallas frente a la protección de la información en las organizaciones frecuentemente terminan en pérdidas de disponibilidad y en efectos, algunas veces catastróficos.
JOnline: Mapping PCI DSS v2.0 With COBIT 4.1
Pritam Bankar, CISA, CISM and Sharad Verma
This article contains the results of a mapping of Payment Card Industry Data Security Standard (PCI DSS) v2.0 controls with COBIT 4.1.
JOnline: The Prevalence of Information Security Controls: Perspectives From IT Auditors
Hui Lin, Ph.D., Meghann Abell Cefaratti, Ph.D. and Linda Wallace, Ph.D.
Among the various organizational, technological and operational controls outlined in ISO 27002, what security controls are the most commonly implemented?
Standards, Guidelines, Tools and Techniques
Standards, Guidelines, Tools and Techniques
ISACA Member and Certification Holder Compliance
An up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques
Translated Articles
A Luta Pela Privacidade e a Segurança das Informações No Ecossistema de TI
Sudhakar Sathiyamurthy, CISA, CIPP, ITIL, MCSE
Este artigo propõe um arquétipo de privacidade global que oferece uma abordagem pragmática para a empresa gerir de forma eficiente e ficar a par das crescentes exigências regulatórias e fiduciárias.
Análise de Cenários de TI em Gestão de Riscos Corporativos
Urs Fischer, CISA, CRISC, CPA Swiss
Os cenários são uma ferramenta poderosa em um gerente de risco do arsenal, que ajuda profissionais de fazer as perguntas certas e se preparar para o inesperado.
評估資訊安全風險管理計畫與能力時的重要考慮因素 (Key Considerations When Evaluating ISRM Programs and Capabilities)
John P. Pironti, CISA,CISM, CGEIT, CRISC,CISSP, ISSAP, ISSMP
而一個成熟的 ISRM 計畫和能力,在組織中是可以扮演一個推動者的角色,許多情況下也被視為在企業營運中的一種策略優勢.