ISACA Now Blog


 ‭(Hidden)‬ Admin Links

Knowledge Center > ISACA Now

Corporate Governance: Evaluating and Directing Value Creation

Peter Hill, CISA, CISM, CGEIT, IT Governance Network
Posted: 5/5/2016 3:04:00 PM | Category: ISACA | Permalink | Email this post

Organizations are contending with increasingly dynamic and demanding external and internal environments by making good corporate governance accessible and fit for application through the adoption of governance practices that sustain value creation. Governance and management systems are being designed to reinforce and govern a holistic, interrelated set of arrangements that can be understood and implemented in an integrated manner using organizational structures, processes, practices and ethical, conscious behavior.

Governance and Management
Corporate governance is the system that a governing body exercises ethical and effective leadership to establish:


Penetration Testing Part of an Effective Cyber Defense

Ron Hale Ph.D., CISM, ISACA, Chief Knowledge Officer
Posted: 5/4/2016 3:04:00 PM | Category: Security | Permalink | Email this post

With countless organizations falling victim to cyber breaches, it seems that security groups are often unprepared to defend against attacks. Being prepared means understanding which types of attacks to expect and being able to detect and withstand an attack.

Many organizations have implemented cyber controls, but they lack evidence their controls work. Implementing controls does assure that network or security operations can detect malicious attempts as they are launched, but controls cannot effectively block the attempts. Penetration testing, or pen testing, is effective for detecting cyberattacks, stopping malicious activities and initiating response activities as soon as possible.


WIRED Editor David Rowan Predicts Future of Audit, Governance, Risk Management

David Rowan, Editor, WIRED
Posted: 5/3/2016 3:01:00 PM | Category: ISACA | Permalink | Email this post

ISACA Now recently interviewed David Rowan, editor of WIRED magazine and keynote speaker at EuroCACS 2016. He discussed the future of audit, governance and risk management, as well as what can be done to stop cybercriminals once and for all.

ISACA Now: What are some of the changes/innovations audit, governance and risk management professionals should expect in the next 5-10 years?
We are in a networked world of ever increasing transparency, as well as increasing vulnerability to data breaches. Starting with transparency, the recent breaches of client confidentiality over Panamanian accounts, and the Snowden disclosures before that, are a stark reminder that every professional’s decisions could tomorrow be scrutinized on the front page of the New York Times. If you’re an auditor or a risk management professional, are you comfortable with your advice, your private emails, your entire work life being exposed to the twittersphere? I hope so. At the same time, we’ll find foreign states and criminal gangs investing ever greater efforts in breaching supposedly secure corporate networks to transfer funds or steal proprietary data. How well defended are you against these real and growing risks? Is your CEO taking personal responsibility?


Chic Geek Speak: Vanquish the “Nice Syndrome”

Pam Nigro, MBA, CISA, CGEIT, CRISC, CRMA, DTM; Senior Manager, Internal Controls and Risk Management; Blue Cross Blue Shield of Illinois; Vice President, ISACA Chicago Chapter
Posted: 4/28/2016 9:02:00 AM | Category: ISACA | Permalink | Email this post

We have often heard these pearls of wisdom during our formative years:  “Play nice. If you don’t play nice, no one will want to play with you.” “You have to be nice.” “Be a nice girl.”

Unfortunately, many of us (myself included) suffer from what I’m calling the “Nice Syndrome.” Merriam-Webster dictionary defines nice as pleasing and agreeable. Nice was rewarded, reinforced and subsequently internalized, leading to:

  • Putting other’s needs before your own
  • Over apologizing
  • Consistently asking for permission
  • Denying your own power
  • Not asking for what you want or need
  • Tolerating too much negativity
  • Being overly patient

In the workplace, we continue to be nice. We don’t rock the boat. We play nice even when it means denying one’s self. We sacrifice self and wait for our reward. Unfortunately, the rules we learned as girls no longer apply as women in the workplace. We instead work extra hard, do the work of others, deny ourselves lunch or breaks. We put work first, our families second, and ourselves last.


Avoid Monetizing Safety Risk

Joseph W. Mayo, President, J.W. Mayo Consulting Services
Posted: 4/27/2016 3:12:00 PM | Category: Risk Management | Permalink | Email this post

Last year I attended an international risk management conference and was quite shocked by one of the sessions I attended. One of the presenters said, "ERM's job is to protect the balance sheet." Enterprise risk management (ERM) is a function that must address all types of risk, not just financial risk.
Monetizing risk and normalizing risk are two of the biggest problems risk practitioners face. Monetizing and normalizing risk makes it very easy to report risk exposure and risk treatment cost but obscures the true risk impact. When risk impact is obscured or under valued, it causes decision makers to make very poor decisions. This is especially true for safety risk where poorly managed risk events can lead to loss of life.

<< First   < Previous     Page: 1 of 117     Next >   Last >>

 About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.


To volunteer to write a blog or suggest a topic send an email here.