journal header

Volume 4, 2017

This Week's Online-Exclusive Feature

Enterprise Security Architecture—A Top-down Approach
2 August 2017
Rassoul Ghaznavi-Zadeh, CISM, COBIT Foundation, SABSA, TOGAF

Implementing security architecture is often a confusing process in enterprises. Traditionally, security architecture consists of some preventive, detective and corrective controls that are implemented to protect the enterprise infrastructure and applications. Some enterprises are doing a better job with security architecture by adding directive controls, including policies and procedures. Many information security professionals with a traditional mind-set view security architecture as nothing more than having security policies, controls, tools and monitoring.

The world has changed; security is not the same beast as before. Today’s risk factors and threats are not the same, nor as simple as they used to be. Read More >>

Indicates Online-Exclusive Content



Podcast  New!
ISACA Journal Volume 1 Podcast

The Automation Conundrum

This Week's Featured Blog

Developing an Information Privacy Plan
24 July 2017

My most recent Journal article was based on an analysis of data privacy I performed for an ISACA presentation. The privacy areas of concern detailed by the International Association of Privacy Professionals (IAPP) and the 7 categories of privacy according to ISACA were integrated with the privacy and security controls included in National Institutes of Standards and Technology (NIST) Special Publication (SP) 800-53 revision 4 to reveal the key ingredients to inform privacy planning.

In my most recent Journal article, I reveal the root causes of data breach incidents and related statistics that highlight the severity of data breaches. Read More >>

Indicates Online-Exclusive Content



What's New for Nonmembers

IS Audit Basics Articles

Audit Programs

The Soft Skills Challenge, Part 7

Data Management Body of Knowledge—A Summary for Auditors

Risk-based Audit Planning for Beginners

The Auditors, IS/IT Policies and Compliance

Preparing for Auditing New Risk, Part 2


Full Journal Issues

Volume 4, 2016 Mobile Apps

Volume 3, 2016 Data Privacy

Volume 2, 2016 Project Management: Methodologies and Associated Risk

Volume 1, 2016 Transforming the Auditor

Volume 6, 2015 The Internet of Things

Volume 5, 2015 Cybersecurity