ISACA Journal Blog

 ‭(Hidden)‬ Admin Links

ISACA > Journal > Practically Speaking Blog

Leveraging Artificial Intelligence

Posted: 2/19/2018 3:36:00 PM | Category: Risk Management | Permalink | Email this post

ISACA has provided guidance on the definition and use of threat intelligence and the sources of threat intelligence. These sources range from ISACA feeds, consulting firms, open source threat information and existing tools. ISACA had indicated in this guidance that the use of artificial intelligence (AI) would be expected to extract insight from the information and monitoring systems on a more effective basis. As organizations look to improve their threat intelligence and mitigate existing and potential risk, they tend to ask what skills and resources are required to support such an initiative. Given resource constraints, organizations are exploring the use of AI to better understand the intelligence, since it can consume and more efficiently analyze large volumes of data. The enterprise must be equipped with skilled individuals capable of designing, implementing, supporting and maintaining AI technology.


Working With Big Data

Mohammed J. Khan, CISA, CRISC, CIPM Posted: 2/15/2018 2:18:00 PM | Category: Security | Permalink | Email this post

The institutions we all serve are inevitably going to utilize big data, if not now, soon. This is because of the power of extracting value from big data for the benefit of the products we make and the customers we serve. This can be said about almost all industries and, as we move towards technological advancement and creating new efficient ways to make our work intelligent, it is key to also think about the regulatory landscape that we must constantly assess. In my recent Journal article, I wrote about how audit professionals who work with big data, deal with global privacy implications, and handle sensitive research data require the knowledge and technical aptitude to audit the big data space to stay relevant. Almost all enterprises are now taking on big data projects, and staying compliant with growing regulatory risk requirements is causing internal compliance, risk and audit functions at these enterprises to demand auditors with these necessary skill sets.


Big Data in Organizations

Adeniyi Akanni, Ph. D., CISA, CRISC, ITIL Posted: 2/12/2018 3:08:00 PM | Category: Security | Permalink | Email this post

Big data is a huge volume of data that cannot be treated by traditional data-handling techniques because it is mostly unstructured and complex. Thus, proper collation, coordination and harnessing of such data is necessary for relevant users, such as chief information officers, IS auditors and chief executive officers, to make meaningful decisions. My recent Journal article describes a 6-stage cycle for implementing big data for organizations, especially commercial banks. This is illustrated by the acronym DIRAPT, which stands for definition, identification, recognition, analysis, ploughing-back and training. I consider DIRAPT to be a cycle because there is a need to repeat the stages over and over:


Updating the COBIT Process Assessment Model

Joao Souza Neto, Ph.D., CRISC, CGEIT, COBIT Certified Assessor, Rafael Almeida, Pedro Linares Pinto, Miguel Mira da Silva, Ph.D. Posted: 2/8/2018 3:09:00 PM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

Determining the level of process maturity for a given set of IT-related processes allows organizations to determine which processes are essentially under control and which represent potential “pain points.” Process maturity has been a core component of COBIT for more than a decade; however, in COBIT 5, there was a change from the Maturity Model used in COBIT 4.1 to a Process Capability Model.

Currently, the COBIT 5 Process Assessment Model (PAM) is based on International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) ISO/IEC 15504, which is a global reference for conducting process capability assessments. Meanwhile, a new standard, namely the ISO/IEC 330xx family, replaced and extended the ISO/IEC 15504 family. Since the ISO/IEC 15504 family is now withdrawn and was replaced by the ISO/IEC 330xx family, an update of the ISACA publication COBIT Process Assessment Model (PAM):  Using COBIT 5 should be considered.


Putting Machine Learning in Perspective

Andrew Clark Posted: 2/5/2018 3:30:00 PM | Category: Risk Management | Permalink | Email this post

Andrew ClarkMachine learning is bantered around in the media often these days, many times erroneously. The key question that concerns auditors is not how to build machine learning algorithms or how to debate on the relative merits between L1 and L2 regularization, but rather, in what context is the algorithm operating within the business? Additionally, do we have assurance that it meets all regulatory and business constraints and fulfills the needs of the enterprise?

<< First   < Previous     Page: 1 of 77     Next >   Last >>