Volume 4, 2011

The ISACA Journal is dedicated to the publication of managerial and technical guidance from experienced global authors to enhance the proficiency and competitive advantage of its international readership. With volume 4, 2011, the Journal focuses on the theme Security in a Box, with articles on information security management for governments, planning for and implementing ISO 27001, and measuring and monitoring application security, among others.

Journal
- Current Issue
- JOnline
- Past Issues
  - 2013
  - 2012
  - 2011
    - Volume 6
    - Volume 5
    - Volume 4
    - Volume 3
    - Volume 2
    - Volume 1
  - 2010
  - 2009
  - 2008
  - 2007
  - 2006
  - 2005
  - 2004
  - 2003
  - 2002
  - 2001
  - 2000
- Journal Author Blog
- Submit an Article
- Advertise
- CPE Quizzes
- Current Digital Journal
- Journal Mobile Apps

Book Reviews

Book Review: Hacking Exposed Web Applications: Web Application Security Secrets and Solutions, 3rd Edition

Joel Scambray, Vincent Liu and Caleb Sima | Reviewed by Connie Spinelli, CISA, CFE, CIA, CMA, CPA
This book is an eye-opening resource for grasping the realities of today’s web application security landscape.

Book Review: Security Information and Event Management Implementation

David Miller, Allan Sharper, Stephen VanDyke and Chris Blask | Reviewed by Jeimy J. Cano M., Ph.D., CFC, CFE, CMAS
This book presents analysis of major monitoring solutions, such as event correlation OSSIM, Cisco MARS, ArcSight and Q1 Labs QRadar.

Cloud Computing

Cloud Computing Risk Assessment: A Case Study

Sailesh Gadia, CISA, ACA, CPA, CIPP
It is important to understand the risks associated with utilizing cloud computing due to its nebulous nature. It is not just a new technology; it is a different way of doing business.

CPE Quiz

Quiz 137

Based on Volume 2, 2011

Features

Information Security Management for Governments

Krishna Raj Kumar, CISA, CISM
This article seeks to share a simple model that can be used for ISM in governments.

Measure and Monitor Application Security

Sivarama Subramanian, CISM
This article attempts to define metrics that measure the effectiveness of application security in an organization.

Planning for and Implementing ISO 27001

Charu Pelnekar, CISA, CISM, ACA, AICWA, BCOM, CISSP, CPA, MCSE, QSA
The goal of this article is to provide guidance on the planning and decision-making processes associated with ISO 27001 implementation.

Rethinking Physical Security in the Information Age

Peter English, CISM
Advanced electronic equipment and fast, cheap communications mean that many previously static aspects of daily life, including physical security, are lagging behind the new reality that has been created.

The Assimilation of Marketing’s Service Quality Principles and the IT Auditing Process

Thomas J. Bell III, Ph.D., CISA, PMP, and Thomas Smith, Ph.D.
The purpose of this article is twofold: to describe the development of a multiple-item scale for measuring service quality and to discuss SERVQUAL properties and assimilation with SAS No. 70 auditing services.

Five Questions

Five Questions With…

Justin Greis, CISA, CISM, CGEIT, CRISC, CISSP, CIPP, PMP, ITIL, GIAC/GSEC
Justin Greis is a senior manager in the advisory practice of Ernst & Young.

Guest Editorial

Where Have All the Control Objectives Gone?

Erik Guldentops
With this year being COBIT’s 15th anniversary, it may be good to reflect on past experiences and future objectives.

HelpSource Q&A

Gan Subramaniam, CISA, CISM, CCNA, CCSA, CIA, CISSP, ISO 27001 LA, SSCP
Let us try to develop a checklist to audit the IT systems integration project.

Information Security Matters

The Triangulated Pendulum

Steven J. Ross, CISA, CISSP, MBCP
BCM and CMP can be dissociated from DRP, but data disruptions ripple through entire organizations.

IT Audit Basics

IT Risks—Present and Future

Tommie W. Singleton, Ph.D., CISA, CGEIT, CITP, CPA
With the major role that IT risk plays in the current business environment, it is beneficial to understand as much about IT risk as possible.

Online Exclusive

JOnline: BMIS—An Introduction to the System Environment

Haris Hamidovic, CIA, ISMS IA, ITIL, IT Project+
BMIS takes a business-oriented approach to managing information security.

JOnline: Impact of Security Awareness Training Components on Perceived Security Effectiveness

Karen Quagliata, Ph.D., PMP
Security awareness training is a vital nontechnical component to information security.

JOnline: The Influence of Irrelevant Information on IS Auditor Key Risk Factor Predictions

Daniel D. Selby, Ph.D., CPA
The results of this study reveal that IS auditors’ KRF assessments are significantly lower when irrelevant information is present vs. when irrelevant information is not present.

Standards, Guidelines, Tools and Techniques

ISACA Member and Certification Holder Compliance
Get an up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques.

Translated Articles

Applicatiebeveiliging meten en bewaken

Sivarama Subramanian, CISM
In dit artikel wordt geprobeerd meetgegevens te definiëren voor het meten van de effectiviteit van applicatiebeveiliging in een organisatie.

Planning voor en implementatie van ISO 27001

Charu Pelnekar, CISA, CISM, ACA, AICWA, BCOM, CISP, CPA , MCSE, QSA
Het doel van dit artikel is richtlijnen te bieden met betrekking tot het plannings - en besluitvormingsproces rond de implementatie van ISO 27001.


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC

World Congress: INSIGHTS	Training Week	Webinars
North America CACS	eLearning Campus	Virtual Conferences
EuroCACS / ISRM	On-Site Training
Governance, Risk and Control	Exam Review Courses	COBIT EDUCATION
North America ISRM
Latin America CACS / ISRM
Oceania CACS
Asia-Pacific CACS / ISRM


COBIT 5 Home
Product Family
Training & Accreditation
Licensing
Join the Conversation
News
Recognition
FAQs

ISACA: Serving IT Governance Professionals

Volume 4, 2011

Read the Digital Journal