ISACA Now Blog


 ‭(Hidden)‬ Admin Links

Knowledge Center > ISACA Now

CSX Europe: Raj Samani Talks Ransomware, Being a CTO

Raj Samani, Chief Technology Officer of EMEA, Intel Security
Posted: 8/25/2016 3:19:00 PM | Category: Security | Permalink | Email this post

At the inaugural CSX 2016 European Conference in London 31 October to 2 November, Raj Samani, Intel Security’s chief technology officer (CTO) of EMEA, and special advisor for the European CyberCrime Centre (EUROPOL), will provide his unique perspective as a participant supporting actual criminal enterprise takedowns, on who the bad actors are—their tactics, techniques and targeting mechanisms, and how to win the battle against them.

ISACA Now recently had a virtual sit-down with Samani to discuss his views on combatting ransomware, what it is like to be a CTO, and his advice for those starting out in the industry.


Questions to Ask Yourself Before Pursuing the CISA Designation

Kyle Miller, CISA, QSA, Senior Consultant, Plante Moran, PLLC, Member, CISA Certification Working Group (ISACA)
Posted: 8/24/2016 3:14:00 PM | Category: Certification | Permalink | Email this post

Before I pursued the Certified Information Systems Auditor (CISA)
designation, I wish I would have ____________________.

I recently posed that question to a number of candidates who had pursued the CISA (Certified Information Systems Auditor) designation. As the responses poured in, I identified 5 questions which, if answered early in the pursuit process, could help future candidates avoid uttering that same “wish I would have” statement. So to future CISA pursuers, take a moment to ask yourselves the following questions:


Process Improvement for Management of IT-related Processes

John Jasinski, CGEIT, CRISC, CISA, CISM, ITIL, Business Process Consultant
Posted: 8/23/2016 3:00:00 PM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

Most organizations have objectives for quality and improvement. Enterprises want employees to continually look for opportunities that fuel effectiveness and strengthen the company. The improvement theme is both a nice to have and a basis to survive, providing a direction to get better and a model for personal behavior and work culture. The basic improvement model is one of common sense, similar to those used in psychology and coaching. It can be teamed with any process reference model.

The improvement model has evolved over time with influences from many thought leaders, good practices and industries, including Dr. Edwards Deming, a key influence with the Plan-Do-Check-Act (PDCA) cycle (preferred over Guess-Do-Pray-Hope); John Kotter with organizational change; international standards such as those from the International Organization for Standardization (ISO), ISO 90001 for Quality, ISO 20000 for IT Service Management, ISO 27001 for IT Security; COBIT, ITIL, the National Institute of Standards and Technology (NIST) and Project Management Body of Knowledge (PMBOK), all of which incorporate or support improvement themes; and, Six Sigma programs, which have an improvement phase and so should you.


CISA Exam Prep Course on VILT set for 30 August-1 September

Shawna M Flanders CISA, CISM, CRISC, CSSGB, SSBB, President and Chief Technical Consultant/Trainer, Business Technology Guidance Associates, LLC
Posted: 8/18/2016 3:11:00 PM | Category: Certification | Permalink | Email this post

Today’s IT auditor needs to have strong analytical skills and a broad general knowledge of technology, along with an understanding of the auditing process. They also need to know about organizational business processes and the technology that supports those processes to effectively assess risk and articulate it in common business language. Unfortunately, the most knowledgeable and experienced candidate may fail in his or her assignment if they do not possess exceptional soft skills.

The most important soft skills include the ability to:

  • Clearly communicate verbally and in writing using common business language
  • Be nonjudgmental or unbiased throughout the audit process
  • Remain calm and collected even during conflict situations
  • Serve as a mentor or consultant to the enterprise on control design and testing

The IT auditor is presented with a variety of assignments ranging from reviewing access rights to running queries or even reviewing firewall rules. He or she may observe project meetings, sit on the change control board, observe a DR test, review the due care process of onboarding a new vendor or cloud provider, or even serve as a consultant during a product implementation. Being prepared to perform these varying tasks requires experience and training.


Audit: A Key Success Factor

Paul Phillips, Technical Research Manager, ISACA
Posted: 8/17/2016 3:12:00 PM | Category: Audit-Assurance | Permalink | Email this post

Why is it that some companies succeed and others fail? There is a general consensus certain things are common among successful companies. We call these things key success factors. Key success factors are essential attributes that are critical to an organization reaching its business goals.

There is no agreed-upon list of success factors because they vary depending on the nature of the business, among other things. Some business experts would say good, productive employees are a key success factor. Others believe keeping loyal customers is a critical factor. Still others would submit that having clear policies and procedures is how organizations succeed.

<< First   < Previous     Page: 1 of 128     Next >   Last >>

 About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.


To volunteer to write a blog or suggest a topic send an email here.