ISACA Now Blog

 Filters

 ‭(Hidden)‬ Admin Links

Knowledge Center > ISACA Now

New E-book Spells Out GEIT Implementation

Peter Tessin, Technical Research Manager, ISACA
Posted: 8/26/2016 2:59:00 PM | Category: ISACA | Permalink | Email this post

Technology can be a double-edged sword for business. On the one hand it can provide extraordinary advantages, and on the other it can present potential risks. A new ISACA e-book, Getting Started With GEIT: A Primer for Implementing Governance of Enterprise IT, spells out how to get greater efficiency and effectiveness out of IT assets and make sure their use is aligned with larger, enterprise-wide strategic aims.

The 52-page book details how implementing a Governance of Enterprise IT (GEIT) system can provide numerous benefits to a business, including lower costs, increased control, improved resource efficiency and effectiveness, and better strategic alignment and risk management.

 
Read More >>
    

CSX Europe: Raj Samani Talks Ransomware, Being a CTO

Raj Samani, Chief Technology Officer of EMEA, Intel Security
Posted: 8/25/2016 3:19:00 PM | Category: Security | Permalink | Email this post

At the inaugural CSX 2016 European Conference in London 31 October to 2 November, Raj Samani, Intel Security’s chief technology officer (CTO) of EMEA, and special advisor for the European CyberCrime Centre (EUROPOL), will provide his unique perspective as a participant supporting actual criminal enterprise takedowns, on who the bad actors are—their tactics, techniques and targeting mechanisms, and how to win the battle against them.

ISACA Now recently had a virtual sit-down with Samani to discuss his views on combatting ransomware, what it is like to be a CTO, and his advice for those starting out in the industry.

 
Read More >>
    

Questions to Ask Yourself Before Pursuing the CISA Designation

Kyle Miller, CISA, QSA, Senior Consultant, Plante Moran, PLLC, Member, CISA Certification Working Group (ISACA)
Posted: 8/24/2016 3:14:00 PM | Category: Certification | Permalink | Email this post

Before I pursued the Certified Information Systems Auditor (CISA)
designation, I wish I would have ____________________.

I recently posed that question to a number of candidates who had pursued the CISA (Certified Information Systems Auditor) designation. As the responses poured in, I identified 5 questions which, if answered early in the pursuit process, could help future candidates avoid uttering that same “wish I would have” statement. So to future CISA pursuers, take a moment to ask yourselves the following questions:

 
Read More >>
    

Process Improvement for Management of IT-related Processes

John Jasinski, CGEIT, CRISC, CISA, CISM, ITIL, Business Process Consultant
Posted: 8/23/2016 3:00:00 PM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

Most organizations have objectives for quality and improvement. Enterprises want employees to continually look for opportunities that fuel effectiveness and strengthen the company. The improvement theme is both a nice to have and a basis to survive, providing a direction to get better and a model for personal behavior and work culture. The basic improvement model is one of common sense, similar to those used in psychology and coaching. It can be teamed with any process reference model.

The improvement model has evolved over time with influences from many thought leaders, good practices and industries, including Dr. Edwards Deming, a key influence with the Plan-Do-Check-Act (PDCA) cycle (preferred over Guess-Do-Pray-Hope); John Kotter with organizational change; international standards such as those from the International Organization for Standardization (ISO), ISO 90001 for Quality, ISO 20000 for IT Service Management, ISO 27001 for IT Security; COBIT, ITIL, the National Institute of Standards and Technology (NIST) and Project Management Body of Knowledge (PMBOK), all of which incorporate or support improvement themes; and, Six Sigma programs, which have an improvement phase and so should you.

 
Read More >>
    

CISA Exam Prep Course on VILT set for 30 August-1 September

Shawna M Flanders CISA, CISM, CRISC, CSSGB, SSBB, President and Chief Technical Consultant/Trainer, Business Technology Guidance Associates, LLC
 
Posted: 8/18/2016 3:11:00 PM | Category: Certification | Permalink | Email this post

Today’s IT auditor needs to have strong analytical skills and a broad general knowledge of technology, along with an understanding of the auditing process. They also need to know about organizational business processes and the technology that supports those processes to effectively assess risk and articulate it in common business language. Unfortunately, the most knowledgeable and experienced candidate may fail in his or her assignment if they do not possess exceptional soft skills.

The most important soft skills include the ability to:

  • Clearly communicate verbally and in writing using common business language
  • Be nonjudgmental or unbiased throughout the audit process
  • Remain calm and collected even during conflict situations
  • Serve as a mentor or consultant to the enterprise on control design and testing

The IT auditor is presented with a variety of assignments ranging from reviewing access rights to running queries or even reviewing firewall rules. He or she may observe project meetings, sit on the change control board, observe a DR test, review the due care process of onboarding a new vendor or cloud provider, or even serve as a consultant during a product implementation. Being prepared to perform these varying tasks requires experience and training.

 
Read More >>
    
<< First   < Previous     Page: 1 of 128     Next >   Last >>

 About This Blog

 

This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.

   

To volunteer to write a blog or suggest a topic send an email here.