ISACA Now Blog


 ‭(Hidden)‬ Admin Links

Knowledge Center > ISACA Now

Docker—Why you should have it on your radar

Ed Moyle Posted: 3/26/2015 3:15:00 PM | Category: Security | Permanlink | Email this post

It is a truism that technology is always changing. But, that does not mean that every change has an equal impact to business. Some changes are a bit of a “meh;” they seem interesting for a while but, after the honeymoon phase wears off, things are more or less status quo. More rarely, other changes can be transformational—they have a foundational-level impact on the business landscape. They so change the way that technology is used that business will never be the same again. Examples of transformational technology change include distributed computing and broad-scale enterprise networking. Once upon a time there was no email, word-processing, or spreadsheets (remember the office in Mad Men?). Or, if your “wayback machine” does not go that far back, more recent examples include virtualization and cloud.


Eliminating Passwords in the Enterprise

Mike Waddingham Posted: 3/24/2015 3:09:00 PM | Category: Security | Permanlink | Email this post

Passwords can be a pain for everyone. They are not secure and are prone to misuse. Isn’t it time to get rid of them entirely?

While issuing an enterprise credential with a strong password is fairly easy to accomplish, managing that password over the credential's lifetime is more difficult. User password resets, compromised passwords and a lack of synchronized passwords across enterprise systems all cause problems for users, IT departments and security professionals.

And users truly hate passwords. There are too many to remember, each system has different rules, and there is a lack of standards for reset processes.


The lost art of “fix it yourself”

Brian Barnier Posted: 3/19/2015 3:00:00 PM | Category: Risk Management | Permanlink | Email this post

Once, I had to fix a headlight. When I tested the light bulb, it was good. When I tested the wiring to the bulb, it was good. So what was the problem? Looking closely revealed that the light bulb base was chipped and the bulb had a bayonet mount. Thus, the bulb never made contact with the wire at the bottom of the socket. If it was a screw mount, the bulb would have screwed down a bit further, contact would have been made, and all would have been fine. If you do not know what a bayonet mount is, then that is part of my main point—details matter.


Why you shouldn’t study for certification exams

Tim Sattler, CISA, CISM, CGEIT, CRISC, CISSP, CCSK Posted: 3/17/2015 3:03:00 PM | Category: Certification | Permanlink | Email this post

People often ask me about the best way to prepare for a successful CISA, CISM, CGEIT or CRISC examination. They are usually surprised to hear my advice: Do not study for the exam at all—study for the knowledge!

As to my opinion, what sets ISACA’s certifications apart from many other credentials on the market is that ISACA exams actually test your professional experience and not your exam cramming skills. Many exam items are mini scenarios that require you to apply your knowledge to typical issues arising in your daily work. You will hardly find any items that are definitional.


Security management and internal audit: Becoming two sides of the same coin

Muhammad Waheed Qureshi, CISA, CIPP/IT, CISSP, ITIL V3 Posted: 3/12/2015 8:51:00 AM | Category: Audit-Assurance | Permanlink | Email this post

Internal security audits are a valuable source of information and highlight the areas that require attention, but do not be overly driven by their findings and recommendations.

Excessively strengthened security controls can impact business negatively. Security-related audit findings must be viewed in context of the relationship between business goals, the threat profile and the security controls. Security management and internal audit are two separate streams, but are driven by similar goals and fundamentally can be two sides of the same coin.

<< First   < Previous     Page: 1 of 94     Next >   Last >>

 About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.


To volunteer to write a blog or suggest a topic send an email here.