Knowledge Center > ISACA Now

 ‭(Hidden)‬ Admin Links


Global privacy concerns about the Internet of Things

Rebecca HeroldI have been looking into the privacy risks of the Internet of Things (IoT) for the past few years. I initially became interested through my work with National Institute of Standards and Technology (NIST) while researching the privacy risks of the smart grid and leading the group responsible for NISTIR 7628 Volume 2, and then a new version two years later in NISTIR 7628 Volume 2 Revision 1. Looking into smart meters led to my personal research of looking into smart appliances and then wearables.

For the past year, I have been working with a large medical devices group (and spoke at its conference) to identify the information security and privacy risks that are created by new and emerging medical devices, many of which are “smart” devices, generally meaning they are also part of the IoT. Smart medical devices can bring significant benefits to the associated patients, such as automatically applying medication based upon health readings, or sending alerts to a physician or hospital in the event of a medical emergency. However, they also create privacy risks when inappropriate entities get access to the data and use it for malicious actions. For instance, health insurance companies that use the medical device data as a basis to increase insurance premiums or cancel health insurance coverage; or those with ill intent accessing the medical device to do physical harm to the associated individual.

Category: Privacy     Published: 9/18/2014 8:35:00 AM

International recognition and accreditation for ISACA certifications

Prof. Frank YamIn today’s ever changing environment it is important for professionals to be able to show tangible proof of their experience and knowledge. That is why, as the chair of ISACA’s Certification and Career Management Board, I am proud to announce that ISACA’s four certifications— Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC)—have been renewed under ISO/IEC 17024:2003 and once again comply with the American National Standards Institute (ANSI) policies and procedures.

The ISO 17024/ANSI accreditation process involves the completion of an application to validate that ISACA’s procedures for their certifications meet essential requirements for openness, balance, consensus and due process. This is a great accomplishment as the accreditation is recognized internationally and has become the hallmark of a quality certification program. This renewed accreditation demonstrates the integrity of ISACA’s certifications, enhances public confidence in the quality of the certifications and facilitates their mobility across borders.

Professionals and employers benefit from ISACA’s dedication to certification. For many professionals, a CISA, CISM, CGEIT and/or CRISC after their name confirms to employers that the professional possesses the experience and knowledge to meet the challenges of the modern enterprise. Employers often favor candidates with appropriate certifications when choosing among candidates for an open position.
Recognitions such as this speak to the integrity of ISACA’s certifications and bring further acknowledgement of the certifications globally.

Category: Certification     Published: 9/16/2014 3:10:00 PM

Cybersecurity—A Call for Governance

Daniel ArlottoIt may not be the secret formula for Coca Cola, but all businesses have confidential information that they store in networked databases or similar places. Whether it has been purchased, created, developed, improved, or enhanced, confidential information must be protected and cybersecurity is the key. Cybersecurity is a growing and rapidly changing field. It is crucial that the central concepts that frame and define this field are understood by professionals who are involved and concerned with the security implications.

Let’s be honest. For many technology fluent cybersecurity professionals this space has become their “playground.” Organizations are making investments in technology and cybersecurity analysts are installing and configuring the latest data loss prevention (DLP), security information and event management (SIEM), and advanced persistent threat (APT) tools. These practitioners are displaying the passion required to keep up with their chosen profession in an ever-changing technology landscape. However, in the absence of a solid governance framework these tools may not achieve maximum value for the organization.

According to Israel Sánchez—CISM, CRISC, deputy director of Information Security for the Prevention of Electronic Crimes Scientific Division, Mexico Federal Police Enterprises—enterprises must establish appropriate governance including, but not limited to, identifying the basic operating procedures for the prevention, attention, reaction and investigation of incidents of computer security and cybercrime. Israel and several of his Latin American colleagues will be presenting on this and other topics at the upcoming ISACA Latin America CACS/ISRM 6-7 October in Panama.

Category: Security     Published: 9/11/2014 3:01:00 PM

How the uncertainty of life can bring about new accomplishments

Neha ChandraNeha Chandra is a recent Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC) exam passer and is preparing to pursue the Certified Information Security Manager (CISM) certification in the future. Here she shares about how the uncertainty of life led her to accelerate her certification process.

What was your exam study process?
CISA was the first ISACA exam I mustered the courage to attempt. Given the difficulty of the exam and a couple of examples of failed attempts around me, I was planning to take the CISA exam in December 2013. However, uncertainty thy name of life, I met with a road accident in June that rendered a friend of mine bedridden for six months. It was during the first month of her illness that I decided to divert my attention and take up something challenging enough to keep myself engrossed. I scheduled my exam for September 2013, instead of December and started reading the CISA Review Manual. For the next two months it became an addiction.

Taking the CRISC exam this past June was driven by my manager who had recently passed it. This was a last minute decision leaving me only 15-20 days to prepare, but because risk management is a part of my day-to-day work, I found it easy to relate to the review manual. I also found the local chapter review course and members to be very motivating and supportive. True to the spirit of ISACA, they believe in sharing knowledge, tips and experiences. For young professionals like me, that makes a lot of difference.

Category: Certification     Published: 9/9/2014 3:26:00 PM

International President: COBIT online launches today—take a sip

Robert E StroudI tried my first green drink recently and found that after avoiding them for a long time, I actually did like it. Green drinks have grown to be popular for their health benefits—they are basically smoothies made with a variety of fruits and vegetables—but since the ingredients often include spinach, kale and green apples, they turn green, hence the name.

This comes to mind as the online version of COBIT is officially launched today. Many professionals have already used COBIT and found that it benefits their enterprises. But there are still some folks who hesitate—much like me with the green drink—because they’re not fully aware of just how much value is packed into it.

At its core, the new online platform helps increase the usability of COBIT by bringing together the key resources for the governance and management of enterprise IT. This is especially critical at this moment in time as we see the daily news of businesses worldwide having to address and recover from major incidents that could have been mitigated by appropriate oversight. No business can ever be 100 percent secure, but having solid governance and management in place can help reduce the risk of financial loss and reputation damage.

Category: COBIT-Governance of Enterprise IT     Published: 9/8/2014 10:07:00 AM
<< First   < Previous     Page: 1 of 83     Next >   Last >>

 About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.


To volunteer to write a blog or suggest a topic send an email here.