journal header

Volume 4, 2017

This Week's Online-Exclusive Feature

Building a Security Culture

Building a Security Culture: Why Security Awareness Does Not Work and What to Do Instead
16 August 2017
Joseph Opacki

It is no secret that phishing has become a huge problem. In 2016, the Anti Phishing Working Group noted that there were 1,220,523 total phishing attacks—65 percent increase over the previous year. Between the last quarter of 2004 and the same period in 2016, the number of phishing attacks observed rose from 1,609 to 92,564—a jaw-dropping 5,753 percent increase.

During 2016, phishing attempts grew by 33 percent across the five most targeted industries. While financial institutions remained the most popular target and saw a significant increase in phishing volume, the industry’s share of phishing attacks has fallen significantly in recent years in line with a monumental increase in attacks elsewhere. Read More >>

Indicates Online-Exclusive Content



Podcast  New!
ISACA Journal Volume 1 Podcast

The Automation Conundrum

This Week's Featured Blog

Developing an Information Privacy Plan
24 July 2017

My most recent Journal article was based on an analysis of data privacy I performed for an ISACA presentation. The privacy areas of concern detailed by the International Association of Privacy Professionals (IAPP) and the 7 categories of privacy according to ISACA were integrated with the privacy and security controls included in National Institutes of Standards and Technology (NIST) Special Publication (SP) 800-53 revision 4 to reveal the key ingredients to inform privacy planning.

In my most recent Journal article, I reveal the root causes of data breach incidents and related statistics that highlight the severity of data breaches. Read More >>

Indicates Online-Exclusive Content



What's New for Nonmembers

IS Audit Basics Articles

Audit Programs

The Soft Skills Challenge, Part 7

Data Management Body of Knowledge—A Summary for Auditors

Risk-based Audit Planning for Beginners

The Auditors, IS/IT Policies and Compliance

Preparing for Auditing New Risk, Part 2


Full Journal Issues

Volume 4, 2016 Mobile Apps

Volume 3, 2016 Data Privacy

Volume 2, 2016 Project Management: Methodologies and Associated Risk

Volume 1, 2016 Transforming the Auditor

Volume 6, 2015 The Internet of Things

Volume 5, 2015 Cybersecurity