journal header

Volume 2, 2017

This Week's Online-Exclusive Feature

The Validity of Penetration Tests
19 April 2017
Brent Michel, CISA

Penetration (pen) tests are critical to operating and maintaining an effective information security program. They are used for a variety of purposes, including assessing system readiness, identifying gaps, assigning resources and evaluating vendor viability. These tests are important, but how do reviewers establish credible results on which to base decisions? Should results be taken at face value? What external effects influence findings? This article contends that external factors, such as compliance and market pressure, can affect, and do detract from, the validity of penetration test results. Read More >>

Indicates Online-Exclusive Content



Podcast  New!
ISACA Journal Volume 1 Podcast

The Automation Conundrum

This Week's Featured Blog

Agile Audit Practice
10 April 2017
Spiros Alexiou, Ph.D., CISAP

Auditors are expected to complete audits on material issues within shorter and shorter time periods. Such audits and their completion depend on the availability of key personnel, who are also increasingly pressed for time as they are involved in day-to-day operations and other, often mission-critical, projects. Yet audit methodology, which involves a rigid separation between audit phases, such as planning, fieldwork and reporting, has failed to keep up with these changing requirements. As a result, the inability to schedule timely meetings with key personnel creates bottlenecks and this causes delays in moving to the next phase typically due to a very small part of the previous phase being incomplete. Read More >>

Indicates Online-Exclusive Content



What's New for Nonmembers

IS Audit Basics Articles

Risk-based Audit Planning for Beginners

The Auditors, IS/IT Policies and Compliance

Preparing for Auditing New Risk, Part 2

Preparing for Auditing New Risk, Part 1

The Soft Skills Challenge, Part 6

The Soft Skills Challenge, Part 5


Full Journal Issues

Volume 2, 2016 Project Management: Methodologies and Associated Risk

Volume 1, 2016 Transforming the Auditor

Volume 6, 2015 The Internet of Things

Volume 5, 2015 Cybersecurity

Volume 4, 2015 Regulations & Compliance

Volume 3, 2015 Governance and Management of Enterprise IT (GEIT)