Volume 5, 2011

The ISACA Journal is dedicated to the publication of managerial and technical guidance from experienced global authors to enhance the proficiency and competitive advantage of its international readership. With volume 5, 2011, the Journal focuses on the theme Governance, Tying Together the Three Lines of Defense, with articles on IT governance and the cloud, IT general and application controls, and the impact of governance on identity management programs, among others.

Journal
- Current Issue
- JOnline
- Past Issues
  - 2013
  - 2012
  - 2011
    - Volume 6
    - Volume 5
    - Volume 4
    - Volume 3
    - Volume 2
    - Volume 1
  - 2010
  - 2009
  - 2008
  - 2007
  - 2006
  - 2005
  - 2004
  - 2003
  - 2002
  - 2001
  - 2000
- Journal Author Blog
- Submit an Article
- Advertise
- CPE Quizzes
- Current Digital Journal
- Journal Mobile Apps

Cloud Computing

Governance in the Cloud

Joseph Kirkpatrick
Security by abdication is when a company decides that rather than accept the responsibility of securing and maintaining systems, people or processes, it will abdicate the responsibility by moving to the cloud.

CPE Quiz

Quiz 138

Based on Volume 3, 2011

Features

A Framework for Estimating ROI of Automated Internal Controls

Angsuman Dutta and Dan Dopp
This article establishes the key concepts that can be used as the building blocks of an ROI model.

Analyzing IT Value Management at KLM Through the Lens of Val IT

Steven De Haes, Ph.D., Dirk Gemke, John Thorp, CMC, ISP, and Wim Van Grembergen, Ph.D.
The goal of this article is to provide insight to practitioners regarding how to introduce better value management approaches.

IT General and Application Controls: The Model of Internalization

Emanuele Palmas, CISA
Implementing in-house ITGC/ITAC is a great opportunity for auditors to improve their knowledge of the company, and for the company, it is a chance to build IT governance that strengthens corporate governance.

IT Governance and the Cloud: Principles and Practice for Governing Adoption of Cloud Computing

Ron Speed, CISA, CRISC, CA
IT governance and risk managers need to work closely with business managers to promote understanding of key cloud computing principles and to help establish effective governance practices.

The Impact of Governance on Identity Management Programs

Rafael Etges, CISA, CRISC, CIPP/C, CISSP, and Anderson Ruysam, CRISC, CISSP, ITIL
What are the governance elements required to ensure the success of an IDM deployment in a complex enterprise environment? What is the bottom-line impact of having—or not having—these elements in place?

The Significance of the Dodd-Frank Act

Larry Marks, CISA, CGEIT, CRISC, CFE, CISSP, PMP Plus
The relevant questions that need to be asked are: How does the Dodd-Frank Act impact IT auditors? How does the Dodd-Frank Act impact global organizations?

Five Questions

Five Questions With…

Hongwen Zhang, Ph.D.
Hongwen Zhang is the CEO and cofounder of Wedge Networks, as well as the co-inventor of Wedge Networks patented technology WedgeOS.

Guest Editorial

The Three Lines of Defence Related to Risk Governance

Ken Doughty, CISA, CRISC, CBCP
Effective ERM involves the strategic implementation of three lines of defence as the first principle of the risk management framework. At each line of defence there needs to be risk governance guidance to support the ERM framework.

HelpSource Q&A

Gan Subramaniam, CISA, CISM, CCNA, CCSA, CIA, CISSP, ISO 27001 LA, SSCP
How do you define ‘limited personal use’ of systems, applications and other resources? How do you determine that someone has exceeded the permitted limit? Can any metrics be used to determine whether someone exceeds acceptable limits?

Information Security Matters

The Train of Danger

Steven J. Ross, CISA, CISSP, MBCP
Serious cyberattacks have been in the news quite a lot recently. Large organizations in the United States, including Lockheed, Google, Citigroup and the International Monetary Fund, have all reported successful attempts perpetrated against them.

IT Audit Basics

Auditing IT Risk Associated With Change Management and Application Development

Tommie W. Singleton, Ph.D., CISA, CGEIT, CITP, CPA
This article provides the IT auditor with concepts, techniques, processes and structures that can mitigate the change management risk associated with AppDev.

Online Exclusive

JOnline: An Introduction to Information Security Management in Health Care Organizations

Haris Hamidovic, CIA, ISMS IA, ITIL-F, IT Project+ and Jasmina Kabil
The main objective of this article is to provide an introduction to the key elements of information security management in health care using ISO 27799:2008.

JOnline: Certification—The Answer to Cybersecurity Woes?

Derek Mohammed, Ph.D., CISA, CISSP, PMP
Organizations need fully articulated security policies and procedures based on industry best practices to solidify their information system defenses and meet legal, contractual and regulatory requirements.

JOnline: La Gerencia de la Seguridad de la Información: Evolución y Retos Emergentes

Jeimy J. Cano, Ph.D., CFE
Asegurar una efectiva estrategia de seguridad de la información, no es sólo cuestión de instalar y mantener artefactos tecnológicos especializados.

Standards, Guidelines, Tools and Techniques

ISACA Member and Certification Holder Compliance
An up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques

Translated Articles

L’impatto della governance sui programmi di gestione delle identità

Rafael Etges, CISA, CRISC, CIPP/C, CISSP, and Anderson Ruysam, CRISC, CISSP, ITIL
Quali sono gli elementi di governance necessari per garantire il successo di un’implementazione di un IDM all’interno di un contesto aziendale complesso? Qual è l’impatto finale dell’introduzione (o della mancata introduzione) di tali elementi?

La governance IT e il Cloud: principi e pratiche per governare l’adozione del Cloud Computing

Ron Speed, CISA, CRISC, CA
I responsabili della governance e del rischio IT devono lavorare a stretto contatto con i manager di business, allo scopo di promuovere una comprensione dei principi chiave del Cloud Computing e per contribuire a definire pratiche di governance efficaci.

估計投資報酬率的自動化內部控制架構 (A Framework for Estimating ROI of Automated Internal Controls)

Angsuman Dutta and Dan Dopp
隨著企業關鍵流程自動化，資訊已成為企業的命脈.

資訊科技的一般和應用控制 (IT General and Application Controls)

Emanuele Palmas, CISA
在內部實施資訊一般和應用控制，提供了稽核人員增進他們瞭解公司的一個很好機會；就公司而言，則為公司建立資訊治理並加強公司治理的契機。


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC

World Congress: INSIGHTS	Training Week	Webinars
North America CACS	eLearning Campus	Virtual Conferences
EuroCACS / ISRM	On-Site Training
Governance, Risk and Control	Exam Review Courses	COBIT EDUCATION
North America ISRM
Latin America CACS / ISRM
Oceania CACS
Asia-Pacific CACS / ISRM


COBIT 5 Home
Product Family
Training & Accreditation
Licensing
Join the Conversation
News
Recognition
FAQs

ISACA: Serving IT Governance Professionals

Volume 5, 2011

Read the Digital Journal