journal header

Volume 2, 2017

This Week's Online-Exclusive Feature

Audit Transparency in Action
22 March 2017
Danny M. Goldberg, CISA, CRISC, CGEIT, CCSA, CGMA, CIA, CPA, CRMA

Professional trainers have many opportunities to speak to companies and organizations about leading practices in the internal/IT audit industries. Trainers have the luxury of opining on internal matters while remaining outsiders, which enables them to stay removed from intercompany politics and corporate culture. Many trainers believe, within any environment, certain foundational aspects of internal/IT audit are necessary for success. One of these key pillars is the general concept of audit transparency. The general perception is that, whenever possible (and it should be possible in all audits except for fraud investigations), internal/IT audit should pride itself on 100 percent transparency. This is foreign to many auditors and is not ingrained in the thought process of departments. Read More >>

Indicates Online-Exclusive Content

 

 


Podcast  New!
ISACA Journal Volume 1 Podcast

The Automation Conundrum

This Week's Featured Blog

Going for the ATO
13 March 2017
Jo Anna Bennerson, CISA, CGEIT, CPA, ITILv3, PMP

The Authority to Operate (ATO) is necessary to work in the system of US federal government agencies. My recent Journal article provides details on how to obtain the authority to operate. The following steps can help US enterprises gain the approval to operate with the federal government:

   ●  Ensure confidentiality, integrity and availability—The first necessary step toward achieving ATO is confidentiality, integrity and availability (CIA). This means that only approved people can get in, any changes to the system or data are genuine, and the system is up and ready for use.
   ●  Embrace the NIST 800-53 control families—Every family is a tightly knit assembly of control with a dash-one, or parent control, followed by offspring controls that dive deep into the security measure. For instance, the Access Control Family starts with the dash one control of access control policy. Read More >>

Indicates Online-Exclusive Content

 

 


What's New for Nonmembers

IS Audit Basics Articles

Navigating the US Federal Government Agency ATO Process for IT Security Professionals

The Auditors, IS/IT Policies and Compliance

Preparing for Auditing New Risk, Part 2

Preparing for Auditing New Risk, Part 1

The Soft Skills Challenge, Part 6

The Soft Skills Challenge, Part 5

 

Full Journal Issues

Volume 2, 2016 Project Management: Methodologies and Associated Risk

Volume 1, 2016 Transforming the Auditor

Volume 6, 2015 The Internet of Things

Volume 5, 2015 Cybersecurity

Volume 4, 2015 Regulations & Compliance

Volume 3, 2015 Governance and Management of Enterprise IT (GEIT)