ISACA Now Blog


 ‭(Hidden)‬ Admin Links

Knowledge Center > ISACA Now

Closing the cybersecurity gap for industrial control systems

Monica Jain, CGEIT, CSSBB, CSQA, GSLC Posted: 5/19/2015 3:10:00 PM | Category: Security | Permalink | Email this post

Many of today’s industrial control systems (ICS) are considered to be antiquated, making them vulnerable to a cyberattack, especially if they are interconnected with traditional information and communications technology (ICT). Think about electricity, water and energy production as typical places where ICS are in place.

The problem is that these ICS systems have been isolated—separate and apart from IT. But, in today’s converged system environment, ICS are becoming part of the greater enterprise. This makes ICS and IT vulnerable to the same threat agents and attack vectors.


Addressing IT skills gap at State Audit Institution of Oman

Mohamed Nayaz Posted: 5/14/2015 3:01:00 PM | Category: Government-Regulatory | Permalink | Email this post

Earlier this year, the ISACA Muscat chapter worked with the State Audit Institution (SAI) of Oman to help address a skills gap within its IT auditing team. After hearing about ISACA’s Certified Information Systems Auditor (CISA) and other certifications from chapter leaders, the SAI decided to sponsor any of its auditors who are interesting in taking ISACA certification exams.

Though SAI is responsible for carrying out audits of all Omani government entities, the more than 500 SAI auditors carrying out field audits do not have IT audit qualification. While they carry out the functional audits, they do not focus on IT audits. Seeing a gap, SAI officials approached our chapter with questions about ISACA’s IT audit qualifications and their potential relevance to the Omani State Audit Institution.


International President: The Nexus of Cybersecurity News

Robert E Stroud, CGEIT, CRISC Posted: 5/12/2015 3:03:00 PM | Category: ISACA | Permalink | Email this post

Information is powerful. In today’s fast-moving world, timely information is critical to keeping cybersecurity plans and programs current.

But, having the time and diligence to filter massive amounts of information to a digestible, actionable form is nearly impossible. Besides myriad global regulations and other developments, all manner of cybersecurity breaches are frequently in the news. In fact, the growing rate of breaches around the world has organizations preparing for when they will be attacked, rather than wondering if they will be.


Connected Cars—Is the risk worth the reward?

Ramses Gallego Posted: 5/7/2015 3:19:00 PM | Category: Security | Permalink | Email this post

There is a revolution taking place in the automotive industry that will affect nearly every car owner, driver and passenger. It is the introduction of connected cars and the promise of enhanced safety and convenience.

With that promise comes massive security and privacy risk. After all, cars will be operated by highly intelligent computing devices that can be accessed remotely. Driver override will be built-in, but malicious tampering is possible. And in this case, there is absolutely no margin for error.

Having connected cars is fantastic and is the way the industry and society have been progressing, but not without questioning the concept and not without the assurance that the system cannot be compromised. It is critical that we ensure customers that a hacker cannot take over operation of the vehicle. And so far, it has been proven that this is possible today.


ISACA Madrid Chapter’s role in government and regulatory advocacy

Antonio Ramos Posted: 5/5/2015 3:06:00 PM | Category: Government-Regulatory | Permalink | Email this post

Serving as a volunteer on ISACA’s Government and Regulatory Advocacy (GRA) Subcommittee 3 (Europe/Africa) has been a great opportunity for me to meet new people, face new challenges and look for creative ways to use ISACA deliverables and research.

ISACA chapters, as local groups, need to take care of their members and show them the value of membership. One way of providing value to chapter members is through government and regulatory advocacy activities with objectives including: having ISACA intellectual property (IP) adopted as good practice, making recommendations that help to implement national regulations or even becoming part of them by gaining ISACA professional certifications and becoming a requisite or a recommendation for particular activities.

<< First   < Previous     Page: 1 of 97     Next >   Last >>

 About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.


To volunteer to write a blog or suggest a topic send an email here.