journal header

Volume 4, 2017

This Week's Online-Exclusive Feature

Enterprise Security Architecture—A Top-down Approach
2 August 2017
Rassoul Ghaznavi-Zadeh, CISM, COBIT Foundation, SABSA, TOGAF

Implementing security architecture is often a confusing process in enterprises. Traditionally, security architecture consists of some preventive, detective and corrective controls that are implemented to protect the enterprise infrastructure and applications. Some enterprises are doing a better job with security architecture by adding directive controls, including policies and procedures. Many information security professionals with a traditional mind-set view security architecture as nothing more than having security policies, controls, tools and monitoring.

The world has changed; security is not the same beast as before. Today’s risk factors and threats are not the same, nor as simple as they used to be. Read More >>

Indicates Online-Exclusive Content

 

 


Podcast  New!
ISACA Journal Volume 1 Podcast

The Automation Conundrum

This Week's Featured Blog

Developing an Information Privacy Plan
24 July 2017
Larry G. Wlosinski, CISA, CRISC, CISM, CAP, CBCP, CCSP, CDP, CIPM, CISSP, ITIL V3, PMP

My most recent Journal article was based on an analysis of data privacy I performed for an ISACA presentation. The privacy areas of concern detailed by the International Association of Privacy Professionals (IAPP) and the 7 categories of privacy according to ISACA were integrated with the privacy and security controls included in National Institutes of Standards and Technology (NIST) Special Publication (SP) 800-53 revision 4 to reveal the key ingredients to inform privacy planning.

In my most recent Journal article, I reveal the root causes of data breach incidents and related statistics that highlight the severity of data breaches. Read More >>

Indicates Online-Exclusive Content

 

 


What's New for Nonmembers

IS Audit Basics Articles

Audit Programs

The Soft Skills Challenge, Part 7

Data Management Body of Knowledge—A Summary for Auditors

Risk-based Audit Planning for Beginners

The Auditors, IS/IT Policies and Compliance

Preparing for Auditing New Risk, Part 2

 

Full Journal Issues

Volume 4, 2016 Mobile Apps

Volume 3, 2016 Data Privacy

Volume 2, 2016 Project Management: Methodologies and Associated Risk

Volume 1, 2016 Transforming the Auditor

Volume 6, 2015 The Internet of Things

Volume 5, 2015 Cybersecurity