journal header

Volume 5, 2016

This Week's Online-Exclusive Feature

Cyberattacks—The Instability of Security and Control Knowledge
21 September 2016
Jeimy J. Cano, Ph.D., CFE

In a world of accelerating change that is moving toward more digital tendencies, security and control practices have become an ongoing exercise in reinvention. Generating value, positively surprising the customer and periodically creating discontinuities are the business mantras that dominate the available literature on management in the 21st century. These mantras cannot be ignored by information security and cyber security executives.

It has been said that “There are two kinds of companies: those who have suffered a cyberattack and those who have not realized it yet,” which is a reflection that illustrates the paradox of boards that are concerned with cyber security in their organization while not truly understanding it. Read More >>

Indicates Online-Exclusive Content



Podcast  New!
ISACA Journal Volume 5 Podcasts

This Week's Featured Blog

Framework for Protecting Your Valuable IT Assets
26 September 2016
Shemlse Gebremedhin Kassa, CISA, MSCS

Technology is evolving at an amazing pace and offering a vital benefit for businesses. On the other hand, it has also brought ever-increasing security threats. There is no agreed upon and well-suited security audit framework for tackling IT security challenges, and there is also no holistic approach for the audit process. Because of this lack of agreement, it is getting more challenging to monitor assets; confidentiality, integrity and availability (CIA); threats; vulnerability; risk; and control.

My recent Journal article proposed 8 audit processes in 1 hierarchical framework to understand and design visualizations on the previously mentioned security concepts. Read More >>

Indicates Online-Exclusive Content



What's New for Nonmembers

IS Audit Basics Articles

The Soft Skills Challenge, Part 4

Elements of an IS/IT Audit Strategy, Part 2

Elements of an IS/IT Audit Strategy, Part 1

Auditing IS/IT Risk Management, Part 3

Auditing IS/IT Risk Management, Part 2

Auditing IS/IT Risk Management, Part 1

Is There Such a Thing as a Bad IS Auditor? Part 2


Full Journal Issues

Volume 5, 2015 Cybersecurity

Volume 4, 2015 Regulations & Compliance

Volume 3, 2015 Governance and Management of Enterprise IT (GEIT)

Volume 2, 2015 Opportunities and Challenges of New Technology

Volume 1, 2015 Analytics and Risk Intelligence

Volume 6, 2014 Cybersecurity