Volume 6, 2011

The ISACA Journal is dedicated to the publication of managerial and technical guidance from experienced global authors to enhance the proficiency and competitive advantage of its international readership. With volume 6, 2011, the Journal focuses on the theme Emerging and Evolving IT Risk, with articles on data integrity, risk measurement and reporting, and data security, among others.

Journal
- Current Issue
- JOnline
- Past Issues
  - 2012
  - 2011
    - Volume 6
    - Volume 5
    - Volume 4
    - Volume 3
    - Volume 2
    - Volume 1
  - 2010
  - 2009
  - 2008
  - 2007
  - 2006
  - 2005
  - 2004
  - 2003
  - 2002
  - 2001
  - 2000
- Journal Author Blog
- Submit an Article
- Advertise
- CPE Quizzes
- Current Digital Journal
- Journal Mobile Apps

Book Reviews

Book Review: Access Control, Security, and Trust: A Logical Approach

Shiu-Kai Chin, Beth Older | Reviewed by Connie Spinelli, CISA, CFE, CIA, CMA, CPA
Access control, security and trust are among the greatest risks—compliance and otherwise—facing corporations today.

Book Review: Green IT in Practice: How One Company Is Approaching the Greening of Its IT

Gary Hird | Reviewed by Bright Munongwa CISA, CGEIT, CRISC, CIA
Organisations are becoming increasingly concerned about climate change and are looking at ways to reduce their environmental impact.

CPE Quiz

Quiz 139

Based on Volume 4, 2011

Features

Auditing Global Compliance of Data Protection Mechanisms

Dirk Lehmann, CISA, GCIA, and Frank van Vonderen, CISA, CGEIT, MSIT
In today’s society, the concern about the protection of personal data is steadily increasing.

Choosing the Most Appropriate Data Security Solution for an Organization

Ulf Mattsson
With the rising cost and increasing frequency of data security breaches, companies are starting to reevaluate how they protect their data.

Data Integrity—Information Security’s Poor Relation

Ed Gelbstein, Ph.D.
Information security has become a visible issue in business, on the move and at home.

Developing a Unified Approach to Information Security in Business Associate Relationships

Michael R. Overly, CISA, CRISC, CIPP, CISSP, ISSMP, Chanley T. Howell, and R. Michael Scarano
This article discusses three tools that providers can immediately put to use to substantially reduce the information security threats posed by their business associates.

Persistent Cross-Interface Attacks

Aditya K. Sood and Richard J. Enbody, Ph.D.
This article explores the types of attacks and vulnerabilities that persist within network devices supporting both web and traditional administrative interfaces.

Technology Risk Measurement and Reporting

Mukul Pareek, CISA, ACA, AICWA, PRM
This article attempts to identify better ways of communicating risk by drawing parallels from the more advanced disciplines of market and credit risk.

Five Questions

Five Questions With

Bob Treadway
Bob Treadway is a strategy advisor and consulting futurist who, for more than 25 years, has helped organizations and individuals anticipate and take action on what lies ahead.

HelpSource Q&A

Gan Subramaniam, CISA, CISM, CCNA, CCSA, CIA, CISSP, ISO 27001 LA, SSCP
What are the true benefits of certifications?

Information Security Matters

Eating Crow With a Tasty Sauce

Steven J. Ross, CISA, CISSP, MBCP
Enterprises other than governments have the ability to do some serious damage electronically—my turn to eat crow.

IT Audit Basics

What Every IT Auditor Should Know About Backup and Recovery

Tommie W. Singleton, Ph.D., CISA, CGEIT, CITP, CPA
All entities that use IT and data in their operations have a need for a backup and recovery plan.

Online Exclusive

JOnline: An Introduction to Information Security Incident Management Based on ISO/IEC TR 18044:2004

Haris Hamidovic, CIA, ISMS IA, ITIL-F, IT Project+
The main objective of this article is to provide an overview of information security incident management based on ISO/IEC TR 18044:2004.

JOnline: Clearing the Cloud Over PCI DSS v2.0

Pritam Bankar, CISA, CISM and Sharad Verma
This article is intended to showcase the changes made to PCI DSS v2.0 over v1.2 to further assist with detailed understanding of the control requirements to facilitate the PCI compliance process.

JOnline: Identity and Access Management—Its Role in Sarbanes-Oxley Compliance

Harmeet Kaur, CEH
As today’s business climate demands greater efficiency, security and regulatory compliance, the need for an effective IAM process has never been more pressing.

Standards, Guidelines, Tools and Techniques

ISACA Member and Certification Holder Compliance
An up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques

Translated Articles

La integridad de los datos: el aspecto más relegado de la seguridad de la información

El Dr. Ed Gelbstein
El tema de la seguridad de la información ha cobrado visibilidad en distintos ámbitos: en el trabajo, en el hogar y durante el traslado de un lugar a otro.

Medición y elaboración de informes de riesgos tecnológicos

Mukul Pareek, CISA, ACA, AICWA, PRM
El presente artículo procura identificar opciones más eficaces para la comunicación del riesgo,estableciendo paralelismos con las disciplinas vinculadas a la gestión de riesgos crediticios y de mercado, que han alcanzado un nivel de desarrollo superior.


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC


COBIT 5 Home
Product Family
Education and Training
News
Recognition
Join the Conversation
Looking for COBIT 4.1?

ISACA: Serving IT Governance Professionals

Volume 6, 2011

Read the Digital Journal