ISACA is currently updating the audit/assurance programs for COBIT 5. The first group of programs to be released will be a series of programs for the COBIT 5 processes, based on the generic structure developed in the COBIT 5 for Assurance publication. The new audit/assurance programs will be fully aligned with COBIT 5, and will explicitly reference all seven enablers. The programs will be released by domain.
DevOps refers to the movement within IT to improve relationships between development and operations. It relies on agile-like development methods, allowing smaller code changes to be released more frequently (e.g., every 5 to 6 days) when compared with traditional development and release management (e.g., with long cycle times). These methods may be especially promising for new web-based applications (e.g., more than legacy applications). The first publication in this series is an overview white paper scheduled to be issued in the fourth quarter of 2014.
Getting Started With Governance
This white paper will focus on the core concepts of governance and the practical aspects of implementing a governance framework. It is scheduled to be issued in the first quarter of 2015.
Industrial Control Systems (ICS)
Industrial control systems (ICS) - a broad term capturing distributed control systems (DCS), programmable logic controllers (PLC) and supervisory control and data acquisition (SCADA) - have long existed in many industrial and manufacturing settings but were traditionally disjoined. Technological advances and convergence with traditional information systems necessitates unparalleled security for the critical services they provide. Headline stories such as Stuxnet, Duqu and Flame reveal their fallibility and serve as constant reminders for vigilance of vulnerabilities and attack vectors. This white paper is intended to be a primer capturing ICS evolution, comparison between ICS and traditional IT cybersecurity and the challenges facing the industry. It is scheduled to be available in the second quarter of 2015.
This white paper will attempt to clarify the issue of using and implementing internal controls and using the COBIT framework. It will also address the move from having control objectives to governance and management practices in COBIT 5. This publication is scheduled to be available in the first quarter of 2015.
Operational Risk Management/Basel Using COBIT 5
This will provide an update of the existing publication “IT Control Objectives Basel II” to align it with COBIT 5 and related publications. Concepts will be updated to reflect the current state of the technology, challenges, risk and necessary assurance practices.
The book will describe the importance of protecting credit card and customer data and the role that compliance with the PCI DSS requirements plays in helping organizations develop and implement a security model that ensures the protection of data used for credit card processing. It will provide practical guidance related to the PCI DSS compliance requirements to help members understand how to achieve and maintain compliance with the standard through a robust security program that covers all six domains described in the PCI DSS standard. This book is scheduled to be available in first quarter 2015.
Sarbanes-Oxley: Using COBIT 5
This publication updates the 2006 edition of this practical guide for executive management and IT control professionals when evaluating an organization's IT controls required by the US Sarbanes-Oxley Act of 2002. It will provide practical guidance on using COBIT 5 when performing SOX engagements. It is scheduled to be available in fourth quarter 2014.
Security, Audit and Control Features SAP ERP, 4th Edition
This publication updates the 2009 edition of this practical, how-to guide in the technical and risk management series. It enables assurance, security and risk professionals (both IT and non-IT) to evaluate risks and controls in existing ERP implementations and facilitates the design and building of better practice controls into system upgrades and enhancements. It is scheduled to be available in fourth quarter 2014.