ISACA Now Blog


 ‭(Hidden)‬ Admin Links

Knowledge Center > ISACA Now

Assessing Security Risks in Third-party Payment Processing

Larry Alton Posted: 8/25/2015 3:01:00 PM | Category: Security | Permalink | Email this post

Managing financial information is a dangerous business, and the past year has been marked by a number of significant data breaches. Large companies with the money and power to best protect credit information, such as Target, Home Depot, and Urban Outfitters, have all been affected, leaving smaller companies with less robust security infrastructure feeling like a breach is bound to occur, posing a risk to their customers.

Financial data management does not need to be this stressful. Many of these smaller businesses, however, rely on third-party companies to perform their payment processing and data management, further complicating risk assessment. Here are some issues to consider when dealing with external payment management for your business.


Keys to Creating a Cyberresilient Enterprise

Ron Hale, Ph.D., CISM Posted: 8/20/2015 3:01:00 PM | Category: Security | Permalink | Email this post

Today’s cyberattacks on enterprises are persistent and advanced—no enterprise is 100 percent secure. It is no longer sufficient to only focus on prevention and detection. Enterprises need to consider cybersecurity from this standpoint and be part of an integrated and holistic, enterprise-wide approach.

With cyber incidents increasing, it is important for businesses to become cyberresilient; anticipating, withstanding and recovering from attacks. At the rapid evolving rate of cybercrime, it is more than an issue for the IT department—it is an issue for everyone in the business. The National Association of Corporate Directors, for example, encourages boards of directors to have a role ensuring that management is fully engaged in developing response plans .


COBIT 5—Yoga for Enterprise IT

Vittal Raj, CISA, CISM, CGEIT, CRISC, CFE, CIA, CISSP, FCA, COBIT 5 Foundation Accredited Trainer Posted: 8/18/2015 3:11:00 PM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

Yoga is a popular science and art of well-being. Its benefits range from as modest as being helpful for fixing specific ailments or disorders to transforming one’s body-mind communion to attain a state of eternal exhilaration and union, by aligning oneself with the world and nature.

Consider applying the concept of yoga to enterprise IT—if business is seen as the body, information surely is its mind. And, the right information at the right time with the right person can make the difference between exceptional success and dooming failure.

Given that we now inhabit an increasingly connected digital world, there is less disagreement on the ever more critical dependence on IT. Businesses clearly recognise the strategic nature of IT, but also often find themselves entangled in a range of IT pains and disillusioning disorders. Such issues include IT operational issues, IT project failures, cost over-runs and data breaches and a stagnating, or, at the other extreme, hyper IT that keeps costing resources and attention, without synchronised business deliveries. Baffled with finding the answers, organisations increasingly tend to find themselves at a loss when it comes to ascertaining the right approach to making IT work optimally for business.


How COBIT 5 can help internal audit be “the new pillar of senior management”

Graciela Braga, CGEIT, COBIT 5 (F), CPA Posted: 8/13/2015 3:03:00 PM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

Internal audit has recently been called “the new pillar of senior management” because it is a key element in the structure of the company, contributing to the strength of internal control, risk management and corporate governance. COBIT 5, the last ISACA’s framework for the governance and management of enterprise IT, can help the internal audit function to be this pillar in many ways.

COBIT 5 is based on the assumption that companies exist to create value for their stakeholders. If companies exist for this purpose, auditors have to assess and report to the board of directors on whether benefits are delivered and risk and resources are optimized.


Adjusting to the DevOps Mindset

Ed Moyle Posted: 8/12/2015 3:06:00 PM | Category: Audit-Assurance | Permalink | Email this post

There is no question about it, DevOps is coming to the forefront in enterprise. A 2014 survey from Rackspace found that 79 percent of those they surveyed plan to implement DevOps practices or approaches by the end of 2015. Meaning, most shops now are DevOps shops. For ISACA members, this can have a significant impact—security, assurance, risk, and governance impacts aplenty.

Security pros will need to understand how DevOps can impact existing security controls; some controls (automated static or dynamic application security testing controls—or even manual code reviews) may need to be adjusted in light of faster release cycles and new tools. There might also be hidden security advantages as the transition takes place. As tools like Puppet, Chef, Salt, and others allow them to better meet historical challenges: for example, by leveraging those tools to perform security hygiene tasks (e.g. patching, automated configuration validation, etc.).

<< First   < Previous     Page: 1 of 102     Next >   Last >>

 About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.


To volunteer to write a blog or suggest a topic send an email here.