Volume 6, 2012

The ISACA Journal is dedicated to the publication of managerial and technical guidance from experienced global authors to enhance the proficiency and competitive advantage of its international readership. With volume 6, 2012, the Journal focuses on the theme Cybersecurity and Risk Analysis, with articles on the changing face of cybersecurity, managing technology risk and preparing for HTML5, among others.

Journal
- Current Issue
- JOnline
- Past Issues
  - 2013
  - 2012
    - Volume 6
    - Volume 5
    - Volume 4
    - Volume 3
    - Volume 2
    - Volume 1
  - 2011
  - 2010
  - 2009
  - 2008
  - 2007
  - 2006
  - 2005
  - 2004
  - 2003
  - 2002
  - 2001
  - 2000
- Journal Author Blog
- Submit an Article
- Advertise
- CPE Quizzes
- Current Digital Journal
- Journal Mobile Apps

Cloud Computing

Leveraging the Cloud for Added Value

Steven C. Markey
IS professionals must be ready to articulate the pros and cons of this new environment, and where and how it can provide added value for the business.

CPE Quiz

Quiz 145

Based on Volume 4, 2012

Features

Demonstrating Due Diligence in the Management of Information Security

Ed Gelbstein, Ph.d.
The ability to demonstrate that due diligence has been exercised needs to be considered and an appropriate plan of action developed accordingly.

Lack of Privacy Awareness in Social Networks

S. Srinivasan
Social networks have opened up a new avenue of communication for millions of people around the world.

Preparing for HTML5 Capabilities and Threats

Hongwen Zhang
Compared with previous versions, HTML5 is a safer and more effective tool for delivering today’s rich web content; however, it also introduces several security risk factors.

Preventive Technical Controls for Application Security

Rohit Sethi, CISSP, CSSLP, and Ehsan Foroughi, CISM, CISSP
SALM solutions offer the unprecedented ability to achieve auditable and scalable prevention-based application security.

SME Cybersecurity and the Three Little Pigs

David R. Han
Cybersecurity attacks have increased in frequency and affect virtually all industries.

The Changing Face of Cybersecurity

Stewart Hayes, Malcolm Shore and Miles Jakeman, Ph.D.
The Internet has a well-earned reputation as a hostile environment, and the growth of organised cybercrime is evidence that there is not enough being done to manage the risk.

Using Scenario Analysis for Managing Technology Risk

Mukul Pareek, CISA, ACA, AICWA, PRM
In the world of market and credit risk, scenario analysis is used as a part of stress testing.

Five Questions

Five Questions With...

Brian Schaeffer, CISA, CISSP
Brian Schaeffer, CISA, CISSP, is senior vice president and chief information officer (CIO) at Liberty Bell Bank.

HelpSource Q&A

Gan Subramaniam, CISA, CISM, CCNA, CCSA, CIA, CISSP, ISO 27001 LA, SSCP
What are the subcontrols that I must consider and evaluate to assess the effectiveness of the system and the appropriateness of the access privileges granted?

Information Ethics

Risk and Responsibility

Vasant Raval, DBA, CISA
If we agree that in our profession, a primary concern is risk assessment and risk management, it is imperative that we comprehend the fundamental nature of risk.

Information Security Matters

The Cost of Cyberattacks

Steven J. Ross, CISA, CISSP, MBCP
From a purely financial standpoint, what would a widespread cyberattack look like should it be broadly targeted on the economy of an entire nation?

IT Audit Basics

What Every IT Auditor Should Know About Proper Segregation of Incompatible IT Activities

Tommie W. Singleton, Ph.D., CISA, CGEIT, CITP, CPA
While there are many important aspects of the IT function that need to be addressed in an audit or risk assessment, one is undoubtedly proper segregation of duties (SoD), especially as it relates to risk.

Online Exclusive

JOnline: A Strategic Framework for IT Disaster Recovery Assessments

Klaus Julisch, Ph.D. and Damian Walch
This article presents a practice-tested framework that structures and prioritizes the assessment of DR programs, testing the most business-critical aspects first.

JOnline: Is the Business Network Connected to SCADA? Need for Auditing SCADA Networks

Ashwin K. Chaudary, CISA, CISM, CGEIT, CRISC, CISSP, PMP
The integration or connection of SCADA networks to business networks is more necessary than ever before.

JOnline: Security Metrics—A Beginner’s Guide

Caroline Wong | Reviewed by Upesh Parekh, CISA
Security metrics are important not only for claiming the optimum share of IT budget, but also for creating security awareness across the company and improving the overall security posture of the organization.

Standards, Guidelines, Tools and Techniques

ISACA Member and Certification Holder Compliance
An up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques

Translated Articles

Preparing for HTML5 Capabilities and Threats (Arabic)

Hongwen Zhang

The Changing Face of Cybersecurity (Arabic)

Stewart Hayes, Malcolm Shore and Miles Jakeman, Ph.D.


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC

World Congress: INSIGHTS	Training Week	Webinars
North America CACS	eLearning Campus	Virtual Conferences
EuroCACS / ISRM	On-Site Training
Governance, Risk and Control	Exam Review Courses	COBIT EDUCATION
North America ISRM
Latin America CACS / ISRM
Oceania CACS
Asia-Pacific CACS / ISRM


COBIT 5 Home
Product Family
Training & Accreditation
Licensing
Join the Conversation
News
Recognition
FAQs

ISACA: Serving IT Governance Professionals

Volume 6, 2012

Read the Digital Journal