ISACA Now Blog


 ‭(Hidden)‬ Admin Links

Knowledge Center > ISACA Now

Chic Geek Speak: Vanquish the “Nice Syndrome”

Pam Nigro, MBA, CISA, CGEIT, CRISC, CRMA, DTM; Senior Manager, Internal Controls and Risk Management; Blue Cross Blue Shield of Illinois; Vice President, ISACA Chicago Chapter
Posted: 4/28/2016 9:02:00 AM | Category: ISACA | Permalink | Email this post

We have often heard these pearls of wisdom during our formative years:  “Play nice. If you don’t play nice, no one will want to play with you.” “You have to be nice.” “Be a nice girl.”

Unfortunately, many of us (myself included) suffer from what I’m calling the “Nice Syndrome.” Merriam-Webster dictionary defines nice as pleasing and agreeable. Nice was rewarded, reinforced and subsequently internalized, leading to:

  • Putting other’s needs before your own
  • Over apologizing
  • Consistently asking for permission
  • Denying your own power
  • Not asking for what you want or need
  • Tolerating too much negativity
  • Being overly patient

In the workplace, we continue to be nice. We don’t rock the boat. We play nice even when it means denying one’s self. We sacrifice self and wait for our reward. Unfortunately, the rules we learned as girls no longer apply as women in the workplace. We instead work extra hard, do the work of others, deny ourselves lunch or breaks. We put work first, our families second, and ourselves last.


Avoid Monetizing Safety Risk

Joseph W. Mayo, President, J.W. Mayo Consulting Services
Posted: 4/27/2016 3:12:00 PM | Category: Risk Management | Permalink | Email this post

Last year I attended an international risk management conference and was quite shocked by one of the sessions I attended. One of the presenters said, "ERM's job is to protect the balance sheet." Enterprise risk management (ERM) is a function that must address all types of risk, not just financial risk.
Monetizing risk and normalizing risk are two of the biggest problems risk practitioners face. Monetizing and normalizing risk makes it very easy to report risk exposure and risk treatment cost but obscures the true risk impact. When risk impact is obscured or under valued, it causes decision makers to make very poor decisions. This is especially true for safety risk where poorly managed risk events can lead to loss of life.


COBIT: Journey from Control Objectives for Auditors to Governance and Management Framework for Enterprise IT

Abdul Rafeq, CISA, CGEIT, Managing Director, WINCER Infotech Limited
Posted: 4/26/2016 3:01:00 PM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

My COBIT journey began in 1995 when the draft executive summary of COBIT 1st Edition was published in the ISACA Journal. I had passed the CISA exam and had decided to focus on IT audit as my new career. My first reading of the summary made me realize that this was the one-stop shop reference guide for me. After two decades, I can still say with a firm conviction that COBIT has empowered me to remain relevant and add value in all my assignments. Back to the story…

As I used and adapted COBIT’s control objectives, for multiple assignments and clients (small, medium or large), COBIT became the best collection of practices and approaches to use to remain ahead of the technology curve. The next release of COBIT, with the management guidelines, provided a new perspective for managing performance of IT through the key goal indicators and key performance indicators.


Automate Security or Face the Wrath of the Millennials

Andrew Plato, CISSP, CISM, QSA, President/CEO, Anitian
Posted: 4/21/2016 3:19:00 PM | Category: Security | Permalink | Email this post

Like it or not, Millennials will dominate the workforce of the future. Right now, Millennials comprise about 38% of the workforce, and by 2025, that will rise to 50%. For the past year, Anitian has been researching the impact this trend will have on workforce development and information security. In short, most companies are not equipped for this change. Among the many issues we have uncovered, automation is one of the most disruptive to information security.

The Millennial generation has grown up surrounded with ubiquitous Internet access. Moreover, they have also grown up in a world where significant aspects of their lives are automated.


Navigating the Breach Regulatory Maze: Proper Incident Risk Assessment and Response

Mahmood Sher-Jan, CEO, RADAR® business unit, ID Experts
Posted: 4/19/2016 3:23:00 PM | Category: Risk Management | Permalink | Email this post

Cyber attacks. Lost paper files. Third-party snafus. Misdirected emails. Endless are the ways in which sensitive personal information is accidentally or deliberately exposed. Despite best efforts, it is impossible to stop sensitive data from falling into the wrong hands.

According to a new report, Risk Based Security identified 3,930 data breaches reported during 2015, exposing more than 736 million records. Poorly managed, these data security and privacy breaches put organizations at high risk for regulatory fines, lawsuits, lost business and reputational harm. In addition, customers, patients and employees affected by the exposure of their sensitive information fall prey to identity theft and other forms of fraud.

<< First   < Previous     Page: 1 of 117     Next >   Last >>

 About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.


To volunteer to write a blog or suggest a topic send an email here.