Other Blogs
There are no items in this list.
Knowledge & Insights > ISACA Now > Categories
Representing Australia, SheLeadsTech and ISACA at United Nations a Dream Come True

Jo Stewart-RattrayGrowing up as a girl from the Australian bush, the United Nations was a long distance away, physically speaking, but not as far from my thoughts as one might think.

You see, I was a big Audrey Hepburn fan, and Hepburn’s service as a goodwill ambassador for the United Nations International Children’s Emergency Fund placed UN participation on my radar as a worthy, albeit improbable, dream to which I should aspire.

I am blown away that this dream is about to come true.

I will soon be part of the official Australian government delegation to the 62nd session of the UN Commission on the Status of Women. The session, which will take place 12 March to 23 March at UN headquarters in New York, will focus on how technology can help empower rural girls and women. It will be an honor to collaborate with Gillian Bird, the Australian ambassador to the UN, the Honourable Kelly O’Dwyer, Australia’s Minister for Women, and several other distinguished Australians to address a topic about which I am extraordinarily passionate. I will serve as one of only two members of the Australian delegation who work outside government.

Before going any further, I feel compelled to express my gratitude to ISACA for setting this incredible opportunity in motion. It is the work that I have done through ISACA, and particularly as a champion for the SheLeadsTech program, that opened the doors for me to be considered.

Throughout my career in the technology field, I have had to demonstrate considerable resilience, often finding myself to be the only woman in the room at a given meeting, conference session or client engagement. I have often had to persevere in the face of biased thinking and work environments. While I am a big believer in the importance of developing perseverance, I will continue to work toward a world in which the career path for the next generation of women in the tech workforce is much smoother than the one I encountered.

In addition to the work in which our delegation will participate – which will result in a publicly released report detailing our findings and recommendations – I look forward to the new connections that I will make in the coming weeks and months. Many influential people and groups are keenly interested in the UN Commission on the Status of Women, and this will be a prime opportunity to expand my network of like-minded advocates for women in the technology sector. Building global alliances, after all, is one of the three pillars of the SheLeadsTech program, and what better place to do so than at the UN?

I look forward to keeping the ISACA global community updated on the progress of the Commission on the Status of Women. While walking the corridors of the UN will be a new and thrilling experience for me, advocating for rural women and girls, for women in the tech industry and for the empowerment of women and girls across the world has been a lifelong passion. I pledge to make the most of this honor by doing my part to move this incredibly important work forward.

Five Questions with Technology Futurist and North America CACS Keynoter Shara Evans

Shara EvansEditor’s note: Technology futurist Shara Evans, founder and CEO of Market Clarity, will deliver the closing keynote address at North America CACS 2018, which will take place 30 April-2 May in Chicago, Illinois, USA. Evans recently visited with ISACA Now to discuss topics ranging from the future of travel to why many executives struggle to take a long view of technology. The following is an edited transcript:

ISACA Now: What inspired your passion for technology and scientific research?
For as long as I can remember, I’ve been a science fiction fan, devouring sci-fi novels like they were candy. One of my earliest recollections was watching the original Astro Boy cartoons. I remember him flying around fighting giant robots, aliens and all sorts of bad guys. So, there I was at 4 or 5 years old, trying to figure out how to design rocket jets for the heels of my shoes.

So much of what I read in science fiction novels inspired me. Unfortunately, I grew up in a period where science and technology were thought to be outside of what little girls should aspire to. In fact, my teachers actively discouraged me from taking classes in this area, instead enrolling me in things like “Home Economics” (being a good little housewife) and Typing (which actually worked out well once I started programming).

I originally thought I was going to be a lawyer/politician because I saw so much injustice in the world and wanted to do something with my life that could make a difference … But much to my surprise, I found I had an aptitude for computer programming and logic when I was finishing my undergraduate degree in political science. In the last semester of my senior year, while taking a sociology course, I had to use SPSS for a research project about cultural bias in the media. That was a long time ago, in the days when computer mainframes used card-punch machines for input. I picked up SPSS very quickly, then went on to teach myself a range of programming languages. I did my graduate work in computer science rather than going to law school. I’ve been in the technology field ever since.

ISACA Now: What are some recent technology innovations that you think bode especially well for society?
Whenever I look at technologies, I always see a double-edged sword: wonderful advances that can come from using a given technology, and conversely, threats to our security and privacy. We really need to think ahead to what can happen and balance how we use technologies so that we end up with a wonderful future, rather than a dystopian nightmare.

Some of the advances that I'm particularly excited about are in the med-tech area. For instance, a project in Brazil called Walk Again used a combination of virtual reality, robotic exoskeletons and brain machine interfaces to help eight quadriplegics regain feeling below their waists, dramatically changing the lives of the people involved with this experiment.

There are so many examples of combining biology, chemistry, medical science and technology that have the potential to really help people. Bio-printing is another example, where 3D printers are used to print living tissue. Already, noses and ears have been bio-printed, sometimes in combination with cutting-edge stem cell therapies that allow cells matching the recipient to grow on top of the 3D bio-printed scaffolding. Eventually, we will be able to print entire organs – no more waiting for transplants.

ISACA Now: You recently gave a talk about the future of travel. What do you anticipate will be the biggest changes on that front?
Two things: Hyperloop transport and the exploration of outer space.

There are already a number of companies actively exploring pilot hyperloop transport systems. So far, experiments with pilot test tracks are going well. If this comes to fruition, we will have large transport tubes taken to near-vacuum conditions to eliminate air resistance, which can autonomously transport people or cargo at speeds of up to 760 mph or more. This technology has the potential to change what it means to live in regional areas, taking the pressure off increasingly dense and expensive metropolitan areas.

Outer space exploration is another exciting area. Because of the emergence of re-usable rockets, exploration of space is going to be feasible within the next 10 years. Imagine the job possibilities and adventure that would bring!

ISACA Now: What are the biggest keys to getting more women into the tech workforce?
I think the only way to successfully achieve gender balance in the technology workforce is to encourage little girls (elementary school or younger) by presenting technology as something they can relate to, have fun with, and imagine themselves doing as a career.

One of the things that I noticed at [the Consumer Electronic Show] last year was the number of robot educational games designed to teach children how to program robots. We need to ensure that the teaching games being developed also appeal to little girls.

I think companies also need to be more open-minded about hiring women with a technical aptitude who may not have formal qualifications in this area. Give them a chance, offer training opportunities, and you’d be surprised how many shining stars are groomed.

It’s also important to understand and communicate that not all tech industry jobs are about writing code. So much of what we have developed is the result of imagination (often taking hints from science fiction) or trying to solve real-world problems. And, with AI and many other technologies, there are repercussions with respect to privacy, security and ethics. We need input from women on these issues, too.

ISACA Now: What are some common challenges with inspiring executive teams and boards of directors to take the long view in thinking about the potential impact of technology on their businesses?
I do keynotes and workshops for boards of directors and executive teams all the time. One of the biggest challenges is getting them to look beyond the 12-month horizon. As a futurist, my medium-term horizon is two to five years out – but to my clients, medium-term is six months. My long-term is the five- to 10-year horizon and beyond, whereas long-term to my clients is typically 12 to 18 months out.

So, when I talk about medium- or long-term opportunities and risks, I need to take them on a timeline journey about all kinds of technologies, how they relate to their businesses, and the consequences of failing to take action, whether it be missing out on huge opportunities, loss of competitive advantage, planning for the impact of automation – especially on their workforces – and the exponentiality factor as applied to today’s technologies. Most people are used to gradual changes, but we’ve now hit a curve in our technological advancement where the baseline is already high and we’re doubling capabilities every 18 to 24 months.

Encouraging Women in Tech is About a Better Future for All of Us

Graciela BragaWhy is ISACA’s SheLeadsTech program needed?

Why does the 2030 Agenda for Sustainable Development consider the technology gender gap to be an important topic to address, and who must be involved in the solutions?

Where are we now?
Thematic focus and indicators are useful to understand the current situation. Factors such as access to education and training, Internet usage and salary comparisons provide some helpful context.

In the Organization for Economic Co-operation and Development (OECD) area, only 3% of graduates in ICTs are women. This percentage could be balanced by job training and, in fact, OECD calculations show that 55% of women are engaged in on-the-job training.

The worldwide proportion of seats held by women in national parliaments grew from 13.3% in 2000 to 23.4% in 2017, according to UN data. On the other hand, in the business sector, less than one-third of senior- and middle-management positions were held by women in 2015.

According to The International Telecommunication Union (ITU), 53% of the world’s population was not using the Internet at the close of 2016. Women were more affected than men: global Internet penetration for men was 51% compared to 45% for women. Regional gender gaps were significant, ranging from 23% in Africa to 2% in the Americas.

In 2016, 84% of individuals in OECD countries were using the Internet, but this usage varied across OECD countries and among social groups. In 2016, Internet usage among women in OECD countries was significant (83%), but differences remained between young (96%) and elderly women (61%). In all OECD countries except the United States, the proportion of Internet users with tertiary education was above 90% in 2016, but there were wide differences among less educated people.

We all know women often earn significantly less than men, even after individual and required skills for the job are taken into consideration.  But this is different for ICT skills. According to OECD calculations, returns on ICT tasks are higher for women than for men (and this was a surprise to me). We can see positive trends if we analyze the percentage change in hourly wages for 10% increase in ICT task intensity. In fact, the difference between country percentage for female and male workers is positive or equal in a great proportion of analyzed countries.

Where do we want to be?
In 2015, the UN General Assembly adopted the 2030 Agenda for Sustainable Development as the agreed framework for international development. The agenda has a stand-alone goal on gender equality and the empowerment of women and girls (goal 5). There are gender equality targets in other goals, too. The 17 goals and 169 targets went into effect in 2016 and will guide the decisions taken over the next 15 years.

One of the paragraphs expresses where we want to be, or where we must be: “Realizing gender equality and the empowerment of women and girls will make a crucial contribution to progress across all the Goals and targets. The achievement of full human potential and of sustainable development is not possible if one half of humanity continues to be denied its full human rights and opportunities. Women and girls must enjoy equal access to quality education, economic resources and political participation as well as equal opportunities with men and boys for employment, leadership and decision-making at all levels . . . The systematic mainstreaming of a gender perspective in the implementation of the Agenda is crucial.”

How do we get there?
Education, participation and the use of technology are enablers for change.

The first step will be achieved if women’s full and effective participation and equal opportunities for leadership at all levels in all area of life are ensured and reforms are undertaken to give women equal rights to economic aspects.

Education is a must to achieve participation. Education is a human right. If this right is not protected, discrimination against women and girls will not end.

ISACA's SheLeadsTech program is committed to prepare current and upcoming female leaders for the digital future through thought training and skills development programs.

Governments and members of society in general must approve and defend legislation for the promotion of gender equality and the empowerment of all women and girls.

The business community can strengthen recruitment, salary and promotion policies to ensure women are not treated differently just because they are women. The business community also can support programs such as ISACA’s SheLeadsTech to further the mission and help build global alliances.

Finally, as women and men, we can:

  • Respect women in all situations and places, including social, business and familiar environments;
  • Educate our daughters and sons in the same respectful environment; and
  • Encourage female family members’ participation in ICT fields and in programs like ISACA's SheLeadsTech, taking into consideration more than getting a better salary or managerial position. The real reason is more than this. It is all about a better future for all.

Editor’s note: An ISACA SheLeadsTech webinar on The Benefits of a Diverse Workforce will take place on 15 February.

Faces of ISACA: Bent Poulsen, CISA, CISM, CGEIT, CRISC

Bent PoulsenEditor’s note: The ISACA Now series titled “Faces of ISACA” highlights the contributions of ISACA members to our global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Bent Poulsen, a longtime officer with the ISACA Denmark Chapter. Interested in joining ISACA and networking with colleagues like Poulsen? Learn more here.

Denmark is famous for its social cohesion and community-minded population, as underscored by many Danes belonging to a variety of local associations, clubs and civic organizations.

“So, we are used to taking care of each other,” said Bent Poulsen, a longtime officer with the ISACA Denmark Chapter.

Poulsen embodies that spirit of volunteerism, having spent three stints as president of the ISACA Denmark Chapter. He remains active on the chapter board, and over the years also has contributed through ISACA’s global board of directors and extensive committee work.

These days, many of his efforts focus on GDPR. GDPR preparation has become a pressing priority for the information security and privacy communities ahead of the May enforcement deadline. Poulsen is an external consultant on a GDPR project and has been active in supporting his ISACA colleagues’ GDPR efforts.

“ISACA Denmark Chapter has had several seminars and member meetings addressing GDPR, and we have established a networking group for members focusing on GDPR, including addressing DPO challenges,” Poulsen said.

Poulsen said the chapter is especially active in discussions on topics such as the control of data leakage, the right to be forgotten and ensuring that only necessary information is collected.

While GDPR is a high-priority topic for many in the ISACA professional community these days – especially in Europe – Poulsen has seen a long line of challenges surface during a career that has spanned more than four decades. From 1998-2014, Poulsen was chief auditor at VP Securities, where he later served as chief risk and compliance officer, established a new risk management and compliance function and implemented the necessary enterprise risk management (ERM) processes. He currently serves as external examiner at several Danish universities, including the Copenhagen School of Business.

Poulsen earned his first ISACA certification, CISA, in 1989, and later added the CISM, CGEIT and CRISC certifications to his credentials. Those certifications had “a great impact” on his career, Poulsen said.

“All my certifications have supported my work for many years, and naturally the CRISC was very useful when setting up the new risk management and compliance function in VP Securities,” Poulsen said.

Outside of work, Poulsen enjoys boating and fishing at local spots such as Sejerø Bay and Kattegat, as well as playing golf.

Bent Poulsen Boating

While relishing those opportunities will be part of his future, so, too, will advancing his work in the tech community – as well as his own.

“I will continue to be part of the ISACA family, and I will enjoy life together with family and good friends,” Poulsen said.

New Year, New Technology Energizing ISACA’s Professional Community

Theresa GrafenstineTechnology advances at a remarkable pace, connecting enterprises with customers in new ways and positioning organizations to achieve greater success through digital transformation. As ISACA’s professional community is acutely aware, those advancements are accompanied by new security threats, new legal and regulatory challenges, and questions about what all of this will mean for the business technology workforce.

Here is one certainty: the roles played by ISACA’s professional community are more important today than ever before. We enter the new year energized to build off ISACA’s achievements of 2017 and take even bolder steps forward in 2018 to deliver upon our purpose and promise.

ISACA’s leadership team met in December to review some of the 2017 outcomes. Some of the year’s many highlights included:

  • The launch of ISACA’s CSX Training Platform, providing enterprises on-demand, real-world cybersecurity training solutions;
  • The first full year of operation for ISACA’s Customer Experience Center, which helped the organization better meet our professional community’s needs, including successfully managing the transition to computer-based testing for our core certifications;
  • The creation of a plan to build out our business development efforts in China;
  • The Leadership Development Advisory Council’s work to create a new program that will help ISACA members advance their careers and expand the pipeline of future volunteer leaders;
  • The official launch of ISACA’s SheLeadsTech program, with a new mission to empower, elevate and engage women in leadership roles across the global technology community;
  • Many new doors opened and relationships established with influential leaders and policymakers in Washington, D.C., London, Brussels and beyond;
  • Growth in the geographic footprint and collective impact of ISACA’s conferences, including record attendance at North America CACS.

This is just a representative slice of how ISACA worked to advance the needs of our professional community in 2017. In 2018, our board of directors, professional staff and incredible network of chapters and volunteers will build off this momentum while also prioritizing new opportunities to amplify the organization’s influence and impact.

Across the spectrum of our professional domains, there is much to anticipate in the new year. Cybersecurity continues to command mindshare across the globe. On that front, we will continue optimizing our relationship with the CMMI Institute with a new cyber assessment tool that will allow enterprises to better understand their level of cyber resilience in the context of risk management and compliance, and in comparison to other organizations.

We will deliver new cybersecurity resources specifically geared toward auditors, and we will commit to purposeful dialogue that will help our professional community understand how automation and the shifting technology landscape will impact the future of our core areas of interest, such as audit and assurance, and information and technology governance. Our commitment to helping auditors advance their expertise and career growth through credentialing, the latest training and education opportunities and an ever-expanding array of audit and assurance programs remains steadfast.

Whether you’re reading this from Europe or elsewhere around the globe, there is an excellent chance that GDPR – which will be enforceable in May – will change the way you and your organization conduct business. ISACA’s GDPR working group is overseeing an inspired push to help our professional community prepare for this high-impact regulation and its after-effects.

The new year also will bring ramped-up attention and focus on ISACA’s upcoming 50th anniversary, with festivities officially kicking off later this year leading up to a yearlong global celebration of our 50th throughout 2019. While our anniversary celebration will include recognition of the organization’s remarkable past, there will be a larger emphasis placed on envisioning ISACA’s next 50 years. That is because we recognize what a valuable resource ISACA can be to help our professional community navigate the technology sea changes that are reshaping the global economy and society as a whole.

What an exciting year ahead that awaits us all! As it begins, I would like to thank you for being part of ISACA’s global family. I wish you a wonderful new year, and can hardly wait to see what’s next together.

Predicting Trends in AR and VR for 2018

Antony VitilloVirtual reality and augmented reality are predicted to be two of the most important trends for the next 10 years, but both have a long road to get there. At the end of 2017, VR is inside its trough of disillusionment, while AR is relegated to rough headsets and some interesting apps on mobile platforms. I am sure that these technologies will succeed in the long term, so let us see what 2018 can mean for them in their path toward mainstream adoption.

Virtual reality
Virtual reality will have to escape from its current quicksand. To do that, it has to solve three pain points of its potential customers:

  1. Price. VR headsets and required PCs are too expensive;
  2. Ease of use. VR headsets require complicated setups and technical expertise;
  3. Lack of content. There are not enough interesting experiences to justify the purchase of a VR headset.

Virtual reality companies will take various approaches to solve these issues. First, we’ll see the rise of standalone headsets: these are all-in-one headsets that are portable and work out of the box, requiring no setup or technical expertise. HTC already has started pre-orders for its Vive Focus, while Oculus has announced two headsets of this kind for next year: Oculus Go and Oculus Santa Cruz. Oculus Go is Facebook’s weapon to try to make virtual reality mainstream: Mark Zuckerberg’s goal is having 1 billion people inside VR, so he is going to release this device that, being priced at only $200, can let many people enter the VR world. 

Prices of existing VR headsets will continue to go down, following the current trend. In recent months, we have seen many discounts: in one of them, Acer VR headsets were even priced at $200. Most companies will bet on price and usability, while some others, like Pimax, will start offering premium headsets for a high price, and this will satisfy the needs of enterprises and innovators.

Regarding content, the latest release of games with famous brands like Fallout 4 VR or Doom VFR, and the announcement of funding of many other experiences by all the major VR companies, will ensure that VR appeals to more people.

In 2018 VR should grow, but not skyrocket, yet: Oculus and Vive likely will announce the new version of their tethered headsets, but they will be sold in 2019.

Augmented reality
The ecosystem for augmented reality is years behind the one of virtual reality. Regarding AR glasses, the only big piece of news should be the release of the Magic Leap One, the eyeglass that the secretive Florida-based company has teased for years. This could be the only device able to disrupt the market because all the other important innovations, like the HoloLens 2 and the reported Apple headset, should be released in 2019 or beyond. Technology is still not ready for an AR glass that is not a device for developers and innovators.

On the contrary, mobile augmented reality will grow: Apple ARKit and Google ARCore will become available on more and more phones, enabling more people to experiment with augmented reality using the tool that they already have in their pocket. The AR apps for these platforms will become more widespread and will offer more interesting features than what is currently available.

Looking at the XR market today, it seems that 2018 could be a transition year toward 2019, when things should evolve fast. However, for better or for worse, XR technologies have always surprised me in these years, so I would also expect some developments that are unpredictable.

Editor’s note: For additional insights on augmented reality and virtual reality, download ISACA’s AR/VR tech brief.

Faces of ISACA: Dr. Nancy Asiko Onyango, CISA, CGEIT, CRISC

Nancy Asiko OnyangoEditor’s note: The ISACA Now series titled “Faces of ISACA” highlights the contributions of ISACA members to our global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Kenya resident Dr. Nancy Asiko Onyango, who recently was appointed as director of the International Monetary Fund’s Office of Internal Audit and Inspection. Interested in joining ISACA and networking with colleagues like Dr. Onyango? Learn more here.

Nancy Asiko Onyango recalls being encouraged to wear blue jeans during her early days in the audit profession to be more comfortable when sifting through paper files, which would then be marked up with different colored pencils to highlight various findings.

Just as audit has made huge strides during her three decades in the profession, so has Dr. Onyango’s career. Dr. Onyango recently was appointed as director of the International Monetary Fund’s Office of Internal Audit and Inspection.

“What excites me most about this incredible opportunity is working for an institution that is respected, admired and inspires awe in equal measure across the globe, and strives to set a good institutional example for others,” said Dr. Onyango, a longtime ISACA member. “I think there is room for me to learn and grow, and at the same time there is the opportunity to make a contribution and leave a legacy.”

Dr. Onyango, of Nairobi, Kenya, emerged from a rigorous recruitment for the position with the IMF, an organization spanning 189 countries that works to foster global monetary cooperation, secure financial stability and reduce poverty around the world. Dr. Onyango’s background bringing structure to organizations’ governance programs and internal controls, combined with her international experience across both governmental and private sector organizations, made her a logical fit for the position.

“While I love the structure and consistency in governmental organizations, the rigidity can be challenging if one is accustomed to working in a fast-changing environment commonly associated with listed companies and the private sector,” Dr. Onyango said. “I have over the years learned to appreciate the differences, and the need to adapt our audit approaches and working style to accommodate both private and public sectors.”

Dr. Onyango’s past roles include CEO at Reliance Risk Advisory Solutions and partner at PricewaterhouseCoopers in Kenya. She also spent part of her 10 years working in London as senior manager for PwC UK.

While Dr. Onyango retains an affinity for London, in her view, there is no place like Nairobi.

“It’s my favorite city in the world, since it’s the city I know best and can find all sorts of places and things to do,” Dr. Onyango said. “It’s also the only city in the world situated right next to a national park where you can find lions, giraffes and zebras, amongst many other animals in the wild.”

Dr. Onyango and her family, though, will be relocating to Washington, D.C., USA – global headquarters of the IMF – in January, in preparation for her new role. No matter where her career has taken her, ISACA has remained a constant for Dr. Onyango for more than 20 years. Dr. Onyango has been an ISACA member since 1994, has served on the board of the Kenya chapter and holds ISACA’s CISA, CGEIT and CRISC certifications. She considers her relationship with ISACA instrumental in her career success.

“The organization I worked for offered us an ISACA qualification or a UK-based one. I chose ISACA’s because of its international outlook, and the rest is history,” Dr. Onyango said. “I find the resources, methodologies, guidance and publications very useful as they keep me informed on current issues in the technology world. I also love meeting people from all over the word at the conferences and global leadership meetings.”

As she moves forward in her career, connecting with the next wave of technology professionals is important to Dr. Onyango. While she considers herself “a bit of a tomboy” – Dr. Onyango grew up with three brothers and now has three sons – she is especially passionate about providing coaching and mentoring to women in the auditing field.

The lessons she is imparting these days are markedly different than the ones she could have provided in her days of relying upon color pencils, as both the audit profession and her career have blossomed in remarkable fashion.

“The most fundamental change for me was the transformation into an advisory type role for internal auditors,” Dr. Onyango said. “I loved the fact that we could finally be more proactive and futuristic in our thinking and make a difference during the conceptual or formative stages within a project, function, or even organization.”

ISACA Awards: Recognizing Contributions Positively Impacting ISACA

Melissa SwartzAs ISACA’s volunteer engagement manager, I realize how fortunate I am to have found myself working for an organization bringing together some of the most passionate, dedicated and talented people I’ve ever encountered. Case in point: as I write this blog post from a hotel room, in between attending the Asia Pacific CACS conference and Asia Pacific Chapter Leader event in Dubai, and the GDPR Working Group meeting in Greece, I am awestruck at the thought leadership, volunteer leadership and industry leadership surrounding me at every turn, in every city, on every business trip I take.

It inspires and energizes me to hear the chatter of an excited audience lingering after a thought-provoking keynote or to see chapter leaders mentoring students. What inspires you? Have you seen an insightful presentation at an ISACA event or read a thoughtful article in an ISACA publication? Have you encountered a chapter leader, volunteer colleague or professional mentor who exemplifies strong leadership skills? It’s important to celebrate these outstanding individuals and their achievements that are positively impacting our future.

To that end, I’m excited to share with you that over the last year, the ISACA Awards Working Group has revamped the ISACA Awards Program, enhancing the prestige of the program with a formal nomination and peer-review evaluation process that engages our global community and lays the foundation for more public recognition of our impressive award recipients. The 10 volunteers in the 2017 working group term reviewed the entire portfolio of ISACA Awards and restructured the three categories: 1) ISACA Global Achievement Awards – our top global honors presented for outstanding contributions to knowledge and leadership; 2) ISACA Chapter Awards – recognizing the positive impact our chapters, their programs, and their volunteer leaders have on advancing our members and the professions they serve; and 3) ISACA Certification Exam Top Scores.

The 2017 ISACA Global Achievement Award recipients were honored during the ISACA Annual General Meeting

We need you to nominate the people and programs that inspire you. Nominations are due 31 January. Global Achievement Awards will be presented at EuroCACS in May 2018, and the Chapter Awards will be presented at the Global Leadership Summit in October 2018.

In this year of transition as the new ISACA Awards Program launches, the nomination cycle for the 2019 award presentations will be open approximately June-August 2018, establishing a consistent annual timeline for submitting nominations in the future.

To recognize the widespread reach of ISACA, nominators must be ISACA members to submit a nomination package, but the candidates they recommend do not need to be ISACA members. ISACA seeks to recognize the most impactful contributions fulfilling our purpose and promise across our global professional community.

ISACA leadership is excited to recognize the talent and contributions of members of our professional community, and we need your help by nominating outstanding individuals for the awards below. To learn more about the ISACA Awards Program, including eligibility requirements, and to download a nomination form, please visit www.isaca.org/awards.

Please do not hesitate to email me at mswartz@isaca.org with any questions about the ISACA Awards Program.

ISACA Global Achievement Awards

ISACA Michael Cangemi Best Book/Author Award
Scope: Recognizes an individual or co-authors for major contributions to ISACA publications in the field of IS audit, control, risk, governance and/or security.

ISACA Eugene M. Frank Award for Meritorious Performance
Scope: Recognizes an individual whose longstanding service in multiple roles including key volunteer leadership positions has contributed to ISACA’s global success.

ISACA John Kuyers Award for Best Speaker
Scope: Recognizes an individual for outstanding speaking achievements at an ISACA sponsored event.

ISACA John W. Lainhart IV Common Body of Knowledge Award
Scope: Recognizes an individual for major contributions to the development and enhancement of the common body of knowledge used by constituents of the Association.

ISACA Harold Weiss Award for Outstanding Achievement 
Scope: Recognizes an individual for sustained contributions to the advancement of the governance of enterprise IT.

ISACA Paul Williams Award for Inspirational Leadership
Scope: Recognizes an ISACA volunteer for inspirational leadership and exemplifying dedication to the organization and its members through a specific program or initiative.

Chair’s Award
Scope: Recognizes an individual who has made an exceptional impact on ISACA or the business technology profession. This award is presented at the discretion of the ISACA Chair.

ISACA Chapter Awards

K. Wayne Snipes Best Chapter Award
Scope: Recognizes chapters that exceed service goals by actively supporting local membership, and thus ISACA.

Innovative Chapter Program Award
Scope: Recognizes an outstanding program implemented within an ISACA chapter that demonstrates an innovative approach to member engagement, continuing education, or community outreach.

Outstanding Chapter Leader Award
Scope: Recognizes a Chapter Leader for his/her effective and inspiring leadership within the chapter resulting in increased member engagement and a positive impact on ISACA’s professional community.

GDPR Working Group Hard at Work to Help You Navigate Implementation

Christos DimitriadisIt is with great delight that I announce the formal launch of ISACA’s GDPR Working Group. As the chair of the group, I have the pleasure of making this announcement. We have an impressive group of professionals, all of whom have experience in their day jobs implementing GDPR, guiding us through the process as we prepare deliverables for ISACA’s global professional community over the next few months.

The General Data Protection Regulation (GDPR) goes into effect 25 May, 2018. We understand the importance of the new regulation and the need for our members to understand and implement it. Our members are developing a GDPR Implementation Guide that will be available in early 2018 and can be used to help work your way through key steps in GDPR implementation in your organization. It will focus on key aspects of the regulation where ISACA has expertise, such as data governance, processing personal data, data portability, appropriate and adequate security and organizational measures (COBIT).

GDPR was a major topic of discussion at the recent CSX Europe conference. Joanna Karczewska and Graham Carter presented on, and I moderated, a panel with Paul Jordan, Managing Director, International Association of Privacy Professionals, and Andreas Mitrakas from ENISA. ISACA Board Director Michael Hughes also conducted an individual session on GDPR Business Implications. We are planning to produce and share a video on the panel discussion in the near future.

The working group has a face-to-face meeting coming up in early December where we will solidify additional plans for the coming months. We are divided up into workstreams and will focus in key areas. Some initial plans include:

  • GDPR Position Statement and Position paper – Create a core ISACA position and position statement, which we are planning to leverage in meetings with government officials in 2018.
  • In the UK, ISACA’s public affairs team will be engaging with Parliament around the Data Protection Bill as it progresses through Parliament – should it continue through 2018.
  • International support – As part of the GDPR working group face-to-face meeting, we wanted to determine specific activities for the international workstreams – partnering perhaps with ISACA chapters, chapters of IAPP partner events, etc. Right now, we have a PowerPoint deck that could be tailored by region.
  • International Launch Celebration, May 2018 in Brussels – Consider partnership with another organization to raise awareness about the importance of good cyber security practice to ensuring compliance.

I am deeply appreciative of the working group’s efforts to date and enthused about the progress to come. Members of the working group are:

  • Laszlo Dellei, CISA, CGEIT, CRISC
  • Michael Hughes, CISA, CGEIT, CRISC
  • Joanna B. Karczewska, CISA
  • Scott Rosenmeier, CISA, CISM, CGEIT, CRISC
  • Dr. Marc Vael, CISA, CISM, CGEIT, CRISC
  • Graham Carter, CISA, CGEIT
  • Urs Fischer, CISA, CRISC
  • Dragan Jovicic, CISA
  • Dr. Henrique Eduardo Lopes Pereira Necho, CISA
  • Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC
  • Patric J.M. Versteeg, CISA, CISM, CGEIT, CRISC, CSXP

The group is led by ISACA staff Tara Wisniewski and Jennifer Gremmels.

Additionally, ISACA internal staff has formed a cross-functional taskforce to share resources and collaborate on GDPR projects from other departments across the organization to ensure alignment. We look forward to ongoing discussions with this team and identifying new offerings our members can benefit from on an ongoing basis.

We will report regularly as updates become available. In the meantime, I encourage you to view ISACA’s current GDPR resources.

Faces of ISACA: Paul Yoder, Head of Information Systems Security, El Camino College

Paul YoderEditor’s note: The ISACA Now series titled “Faces of ISACA” highlights the contributions of ISACA members to our global professional community, as well as providing a sense of their lives outside of work. Today, we spotlight Paul Yoder, head of information systems security at El Camino College (Torrance, California, USA).Yoder recently was honored in the education category of the Center for Digital Government Cybersecurity Leadership & Innovation Awards, underwritten by McAfee. Yoder visited with ISACA Now to discuss the award and more; an edited transcript is below. Interested in joining ISACA and networking with colleagues like Yoder? Learn more here.

ISACA Now: You were recently honored for your innovation efforts at El Camino College – how were you able to gain the administration’s support for taking cyber security seriously?
It was a tenuous process since the college had never heavily invested in cyber security before. I’m sure that some people thought that hiring a dedicated security person was the first and last measure to be taken, and didn’t realize that specialized tools would have to be purchased as well to facilitate the hardening of digital assets.

First, I took a hands-on approach by joining the Technology Committee that would drive any future change in info security policy and spending. They had paid a consulting firm to write a five-year plan for upgrading the IT assets across the entire campus, and info security was one of those sections. After about 15 minutes of reading that section, I decided to throw it out and start from scratch! Since it was my first week on the job, I knew this would be a make-it or break-it kind of moment. I decided to craft a new five-year info security plan based on the SANS five-step Security Awareness Roadmap (I actually have a poster of it on my office wall). Fortunately, this didn't result in a pink slip and was actually embraced by all on the committee!

They also ranked all of the sections as to which were the most important to focus on, and info security rose to the top of the list. I reinforced this with some one-on-one “evangelism” with several key stakeholders, such as the president, VPs and deans. I met with everyone that would put me on their calendar. Let’s face it, it’s hard for us “computer geek” types to be social and outgoing sometimes, but this is a much more effective way to communicate your message than emails or phone calls.

Paul Yoder's Office

ISACA Now: What attracted you to working in a higher education environment?
I think it was the opportunity to finally create my own info security program that led me to take the job. The money wasn’t spectacular, and the drive would turn out to be pretty horrendous, but how often do cyber security professionals get to put their own individual spin on things? I just couldn't pass up the opportunity!

ISACA Now: ISACA recently released research about how stronger board oversight of cyber security and risk management leads to improved business outcomes. What are some examples you have seen of that from your career?
I couldn't agree more with this concept. Ever heard of the two-story outhouse principal? It's not only true for nasty things flowing downhill, but also for good things. If you achieve buy-in at the top, then the warm bodies further down the food chain are more likely to follow in lock-step.

One important thing to remember though when dealing with C-level executives – they don't understand or speak security like you do. Keep it simple!

ISACA Now: How has your ISACA membership furthered your professional development?
First of all, being associated with one of the top security organizations provides credibility. The well-written articles provide deep insight into the threats we face every day. I find that they usually have more substance and meat to them than the typical security blogs, which are often filled with top-level or non-essential information. ISACA also provides monthly meet-ups, and that is something that I would like to be more involved with in the future. I proudly display the ISACA chapter logo on the front page of my resume.

ISACA Now: What are some of your major interests outside work?
I have been a professional musician for many years (started trumpet lessons when I was 4!). I currently have two CDs completed and hope to start on a third project soon. I also have been involved with Togakure Ryu Ninjutsu since I was a kid, and I hope to finish a book in 2018 that teaches ordinary people how to implement effective info security at home.

1 - 10 Next