ISACA Now Blog


 ‭(Hidden)‬ Admin Links

Knowledge Center > ISACA Now

How to create a GEIT system that delivers value

Joanne De Palma, CISM, BCMM Assessor, MBA Posted: 4/23/2015 3:07:00 PM | Category: COBIT-Governance of Enterprise IT | Permanlink | Email this post

Governance is vital to accomplishing the goals of an enterprise. By its very definition, governance of enterprise IT (GEIT) places a structure around how an organization aligns IT strategy with business strategy, ensuring that companies stay on track to achieve goals and implement methods to measure performance.

To be successful, an enterprise needs to manage expectations and satisfy stakeholder requirements— the drivers behind development of enterprise goals and subsequent IT-related goals. These goals must be in alignment and are best created with the full cooperation and involvement of IT and the stakeholders.


Everyone has a part in the digital forensics process

Jaime B. Posted: 4/21/2015 3:07:00 PM | Category: Security | Permanlink | Email this post

Recently, ISACA announced the release of its free “Overview of Digital Forensics” white paper to illustrate the role of digital forensics as it relates to cybersecurity. Organizations need to discuss the role of digital forensics, even to those in non-technical roles. Without holistic consideration, there will not be data to utilize in a cybersecurity investigation.

Digital forensics is used in conjunction with other business areas to investigate issues such as insider threats. In 2014, insider threats composed up to 35 percent of information security incidents. Digital forensics and compliance becomes increasingly difficult if IT policies are not practiced as suggested under ISO 27001:2013 or NIST 800-53.


Closing the cybersecurity skills gap

Eddie Schwartz, CISA, CISM Posted: 4/16/2015 7:45:00 AM | Category: Audit-Assurance | Permanlink | Email this post

Organizations are realizing that it is not a matter of if a cyberattack will occur against their enterprises; it is a matter of when. This realization is causing executives and board members to take a growing interest in what is being done to protect and defend their top non-human asset: information. Support for growth in cybersecurity staffing is here; the problem is that the pool of skilled cybersecurity talent is facing a drought.

To address the global cybersecurity skills shortage, ISACA has launched a portfolio of innovative skills-based cybersecurity training courses and performance-based exams and certifications, through its Cybersecurity Nexus (CSX). These new CSX certifications are providing a benchmark that will help shape the future of cybersecurity hiring and the career progression of cybersecurity professionals. CSX will help assure cybersecurity pros that they can keep their skills sharp in the face of evolving threats, changing technology, and highly motivated adversaries who seem to get cleverer every minute. Organizations will have assurance that candidates have the right skills to address cybersecurity incidents from day one on the job, and that their security teams have the most important and current skills, knowledge and advanced capabilities.

This ISACA effort is critical, as 82 percent of organizations expect to experience a cyberattack in 2015. But, they feel they are relying on a workforce that is not qualified to handle complex threats, according to the State of Cybersecurity: Implications for 2015 survey from ISACA and RSA Conference. The results also revealed that 35 percent are unable to fill open cybersecurity positions.


International President: Addressing the current state of cybersecurity

Robert E Stroud, CGEIT, CRISC Posted: 4/14/2015 7:43:00 AM | Category: Security | Permanlink | Email this post

It is no secret that more and more organizations are experiencing cyberattacks, and many go undetected for lengths of time. ISACA and RSA recently joined forces on the State of Cybersecurity: Implications for 2015 survey, which uncovers issues surrounding hacks, cyberattacks, security positions, budgets and policies. As threats grow in number and complexity, it is important that organizations are equipped with the right information, team and resources to address the issues.


Becoming CISM: Tips for revision and exam day success

Darren Hampton, CISM Posted: 4/7/2015 3:02:00 PM | Category: Certification | Permanlink | Email this post

The CISM examination is difficult. Not only is there a lot of material to know and revise, but the exam is long—at four hours, it is much longer than many of us will have experienced during our formal education. Here are some tips from my own experience to help you through the ISACA exam process for all certifications.


Start with the practice exam in the CISM review book. You will find it to be hard work. I had to force myself to read each question carefully towards the end. Self-marking this exam identifies the areas for improvement in revision. Going through these questions will help you to understand the question format on the exam. These questions are not actual or even retired questions from an exam.

<< First   < Previous     Page: 1 of 96     Next >   Last >>

 About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.


To volunteer to write a blog or suggest a topic send an email here.