Knowledge Center > ISACA Now

 ‭(Hidden)‬ Admin Links


Information security as a business enabler

Peter WoodThe business landscape has changed beyond recognition since I started working, way back in 1969. Every business is now reliant on IT systems and the Internet in order to function. (Just see what happens if your email systems are unavailable for an hour!) New technologies and working practices are introduced at a prodigious rate, as globalisation and consumerisation drive transformation and innovation.

As a result of our dependence on IT systems and connectivity, information and cybersecurity are being pushed up the corporate agenda. This is a good thing. However, information security and its practitioners are still seen as risk-averse business inhibitors who stifle innovation, limit agility and slow efficiency with their strict controls and policies.

Meanwhile, information security teams grapple with the challenges of securing increasingly complex and ever-changing threat landscapes, while attempting to secure increasingly diverse and poorly-understood sets of technologies.

With heightened attention at the board-level, information security professionals have an opportunity to reimagine information security as an enabling function, supporting and adding value to the business as it transforms and innovates. The challenge for many security people is that their passion and enthusiasm can be difficult to communicate to the senior level. We are asked to present arguments in a language business leaders can understand—to remove technobabble from our presentations. Oftentimes we struggle to properly express our concerns and we fail to engage these audiences.

Category: Security     Published: 4/24/2014 9:38:00 AM

The growing skills gap in IT

Brad ZomickAs you are likely aware, information technology is a rapidly growing field and a great career option for those with the right skill set. And, as you are likely aware, demand for these skills is simply not being met. There is a steadily increasing gap between the level of skills needed and the level of skills the people in the workforce e actually have.

According to a skills-gap report from the American Society for Training and Development, “…more than 15 million businesses rate the aggregate skill levels of their IT staff as less than optimal, and 93 percent of employers indicate that there is an overall skills gap among employees.”

In short—seven percent of businesses in this study considered themselves exactly where they wanted to be in terms of skilled employees.

Analysts attribute this problem to the dynamic, ever-evolving nature of the IT industry. (That is what attracts many professionals to the field.) So what can be done about it? Information technology is not going to slow down. And the field of IT is not going to curb its growth any time soon.

So we need to catch up.

IT awareness must be elevated and IT education needs to be more accessible. Online educational offerings meet this need nicely. We must give the necessary skills to students at a younger age, and promote continuing education—across business departments—among employees. IT organizations can focus on developing talent in-house, producing professionals with business skills that match their technical acumen.

Category: ISACA     Published: 4/17/2014 4:24:00 PM

Heartbleed and the Internet of Things implications

Ed MoyleChances are good you have already seen news about the OpenSSL Heartbleed vulnerability (i.e., CVE-2014-0160). It's a pretty significant bug, particularly since it impacts popular open-source web servers such as Apache (the most popular web server) and Nginx. This means that a combined population of up to 66 percent of the Internet is potentially impacted (based on data from Netcraft).

One significant area that has been covered less in the industry press is the impact this issue could have outside of the population of vulnerable web servers. Now clearly, the impact to web servers is a big deal. But consider for a moment what else might be impacted by this. Here's a hint: it's Internet of Things Day today. In other words, consider the impact on embedded systems and "special purpose" systems (like biomed or ICS).

OpenSSL has a very developer-friendly license, requiring only attribution for it to be linked against, copied/pasted or otherwise incorporated into a derivative software product. It is also free. This makes it compelling for developers to incorporate it into anything they're building that requires SSL functionality: everything from toasters to ICS systems, medical equipment, smoke detectors, remote cameras, consumer-oriented cable routers and wireless access points. It's literally the path of least resistance as a supporting library/toolkit when developing new software that requires SSL.

Category: Privacy     Published: 4/9/2014 12:59:00 PM

ISACA International President: Constant connectivity

Tony HayesWe have entered the era of constant wireless connectivity, and the ramifications of this development are widespread. For example, it is not merely that Google Glass transforms your field of vision into a computer screen, but that this technology can be used constantly, permanently digitizing your perception of the world (as long as you are wearing the glasses). Likewise, wearable health-monitoring devices benefit many with their ability to analyze a body constantly—or at least over extended periods of time—which delivers useful data about their health and well-being.

And while this is an exciting time, this is also a time to be cautious. “The known vulnerabilities associated with wearable technology are found in the software that users load onto workstations and the devices themselves,” writes Bruce R. Wilkins in the @ISACA newsletter. “These weaknesses allow ill-intentioned actors to see and modify the individual performance reported by the device.”

In short, this constantly connected technology can be hacked in the same manner our other computers can be. The fact that these wireless devices are always connected and in constantly changing locations heightens that vulnerability.

Category: ISACA     Published: 4/8/2014 2:54:00 PM

Young professionals and the future of the Internet

Ferry HarisThis year we celebrate the 25th anniversary of the Internet, which has changed the way we live and altered the way we interact with each other. We are more connected because of the Internet—connected with other people and with non-human elements that are important in our lives. Buying merchandise from other countries and working with colleagues seated in different parts of the world are just small examples of how the Internet has contributed to human civilization.

Increasingly, though, we have begun questioning the future of the Internet, specifically around issues of trust.

"The next phase of the Internet will be data-centered and connectivity-driven,” Vice President of the European Commission Neelie Kroes is quoted in a recent BBC News post. “Cloud computing, big data, the Internet of things; tools which support manufacturing, education, energy, our cars and more. The Internet is no longer about emails. To make the 'leap of faith' into this new world, reliability and trust is a pre-condition.”

This new world is an exciting one. But for young professionals like me, a recurring question is “How can we contribute to the future of Internet while bringing back trust?”

Category: Security     Published: 4/4/2014 12:13:00 PM
<< First   < Previous     Page: 1 of 75     Next >   Last >>

 About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.


To volunteer to write a blog or suggest a topic send an email here.