Knowledge Center > ISACA Now

 ‭(Hidden)‬ Admin Links


The growing skills gap in IT

Brad ZomickAs you are likely aware, information technology is a rapidly growing field and a great career option for those with the right skill set. And, as you are likely aware, demand for these skills is simply not being met. There is a steadily increasing gap between the level of skills needed and the level of skills the people in the workforce e actually have.

According to a skills-gap report from the American Society for Training and Development, “…more than 15 million businesses rate the aggregate skill levels of their IT staff as less than optimal, and 93 percent of employers indicate that there is an overall skills gap among employees.”

In short—seven percent of businesses in this study considered themselves exactly where they wanted to be in terms of skilled employees.

Analysts attribute this problem to the dynamic, ever-evolving nature of the IT industry. (That is what attracts many professionals to the field.) So what can be done about it? Information technology is not going to slow down. And the field of IT is not going to curb its growth any time soon.

So we need to catch up.

IT awareness must be elevated and IT education needs to be more accessible. Online educational offerings meet this need nicely. We must give the necessary skills to students at a younger age, and promote continuing education—across business departments—among employees. IT organizations can focus on developing talent in-house, producing professionals with business skills that match their technical acumen.

Category: ISACA     Published: 4/17/2014 4:24:00 PM

Heartbleed and the Internet of Things implications

Ed MoyleChances are good you have already seen news about the OpenSSL Heartbleed vulnerability (i.e., CVE-2014-0160). It's a pretty significant bug, particularly since it impacts popular open-source web servers such as Apache (the most popular web server) and Nginx. This means that a combined population of up to 66 percent of the Internet is potentially impacted (based on data from Netcraft).

One significant area that has been covered less in the industry press is the impact this issue could have outside of the population of vulnerable web servers. Now clearly, the impact to web servers is a big deal. But consider for a moment what else might be impacted by this. Here's a hint: it's Internet of Things Day today. In other words, consider the impact on embedded systems and "special purpose" systems (like biomed or ICS).

OpenSSL has a very developer-friendly license, requiring only attribution for it to be linked against, copied/pasted or otherwise incorporated into a derivative software product. It is also free. This makes it compelling for developers to incorporate it into anything they're building that requires SSL functionality: everything from toasters to ICS systems, medical equipment, smoke detectors, remote cameras, consumer-oriented cable routers and wireless access points. It's literally the path of least resistance as a supporting library/toolkit when developing new software that requires SSL.

Category: Privacy     Published: 4/9/2014 12:59:00 PM

ISACA International President: Constant connectivity

Tony HayesWe have entered the era of constant wireless connectivity, and the ramifications of this development are widespread. For example, it is not merely that Google Glass transforms your field of vision into a computer screen, but that this technology can be used constantly, permanently digitizing your perception of the world (as long as you are wearing the glasses). Likewise, wearable health-monitoring devices benefit many with their ability to analyze a body constantly—or at least over extended periods of time—which delivers useful data about their health and well-being.

And while this is an exciting time, this is also a time to be cautious. “The known vulnerabilities associated with wearable technology are found in the software that users load onto workstations and the devices themselves,” writes Bruce R. Wilkins in the @ISACA newsletter. “These weaknesses allow ill-intentioned actors to see and modify the individual performance reported by the device.”

In short, this constantly connected technology can be hacked in the same manner our other computers can be. The fact that these wireless devices are always connected and in constantly changing locations heightens that vulnerability.

Category: ISACA     Published: 4/8/2014 2:54:00 PM

Young professionals and the future of the Internet

Ferry HarisThis year we celebrate the 25th anniversary of the Internet, which has changed the way we live and altered the way we interact with each other. We are more connected because of the Internet—connected with other people and with non-human elements that are important in our lives. Buying merchandise from other countries and working with colleagues seated in different parts of the world are just small examples of how the Internet has contributed to human civilization.

Increasingly, though, we have begun questioning the future of the Internet, specifically around issues of trust.

"The next phase of the Internet will be data-centered and connectivity-driven,” Vice President of the European Commission Neelie Kroes is quoted in a recent BBC News post. “Cloud computing, big data, the Internet of things; tools which support manufacturing, education, energy, our cars and more. The Internet is no longer about emails. To make the 'leap of faith' into this new world, reliability and trust is a pre-condition.”

This new world is an exciting one. But for young professionals like me, a recurring question is “How can we contribute to the future of Internet while bringing back trust?”

Category: Security     Published: 4/4/2014 12:13:00 PM

Why didn’t the dog bark?

Brian BarnierAs my wife recently watched a Sherlock Holmes program in which a clue was a silent dog, I worked on a presentation for the ISACA Los Angeles Conference titled “Controls–Why They’ve Become Wasteful, A False Sense of Security and Dangerously Distracting (And How to Fix Them).” In that process, two causes for controls churn and confusion came to mind.

First, the dog (control) does not bark if it fails to meet the tight assumptions required for control to actually work. For example, the “chain of fitness” assumptions for controls require that:

  • The control is used as intended
  • The control is maintained as implemented
  • The control is implemented as designed
  • The control is designed from the appropriate template
  • The control template is appropriate for the process class and problem
  • The control is located properly in the process flow
  • The location in the process flow was determined based on the location of useful warning signs
  • Useful warning signs were determined based on robust, real-world “What if?” scenario analysis
  • Scenario analysis was conducted properly based on a thorough “know the business” understanding of environment and capabilities

Though still challenging, these assumptions are easier to meet when applied to retrospective financial reporting, when those reporting systems are stable and a threshold of materiality (percent of revenue or income) can be applied. These assumptions are more difficult to meet when a prospective view is needed of a dynamic, operational world, where a tiny issue can turn into a huge problem.

Category: ISACA     Published: 4/2/2014 2:13:00 PM
<< First   < Previous     Page: 1 of 74     Next >   Last >>

 About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.


To volunteer to write a blog or suggest a topic send an email here.