ISACA Now Blog


 ‭(Hidden)‬ Admin Links

Knowledge & Insights > ISACA Now

Understanding Your Core Values - A Key to an Authentic YOU

Ookeditse Kamau, CISA, MBA, CIA, CRMA, IT Internal Auditor
Posted: 10/20/2017 3:12:00 PM | Category: Audit-Assurance | Permalink | Email this post

Ookeditse Kamau,I was chatting with a colleague from our legal team, and he made a remark that he was “learned.” This is how the legal counselors refer to each other when they’re in a jovial mood.

I answered back and said auditors are the most ethical professionals. Although intended as a joke, I believe that, as auditors, we ought to understand our core values in order to provide quality service to our stakeholders. I asked myself what values resonate with being ethical. Before I Googled the values that resonate with acting in an ethical manner, I decided to test myself. I Googled a good resource on what values are and took a journey of discovery. I found a good piece written by MindTools, and then decided to select my top 10 values. The process was iterative, and I had to go through several rounds to come close to what I classified as my top 10 values. At first, I selected more than 10. To narrow the list to 10, I had to deal with the following challenges:


Design Your Career Destiny So It Doesn’t Happen by Default

Caroline Dowd-Higgins, Author, Executive Director of Career & Professional Development, Indiana University Alumni Association
Posted: 10/18/2017 3:39:00 PM | Category: ISACA | Permalink | Email this post

Caroline Dowd-HigginsI was honored to present the keynote session at last week’s Women’s Forum for the ISACA Chicago Chapter. Here I share a few salient points from the daylong event that will resonate for women (and men) focusing on designing their professional lives so they don’t happen by default.

Manage up. Don’t assume your boss knows what a rock star you are at work. Your boss is busy doing his or her own job. Unless you are causing a problem, your boss may not notice all the great work you are doing the other 11 months of the year beyond your annual performance review. Send your boss a brief monthly email with a punch list of what you accomplished and your stretch goals. It’s a great way to keep your boss informed regularly about your ROI. If you supervise others, be sure to teach them how to manage up to you!


Shining a Light on Shadow IT

Jane Seago, Business Writer, and Terry Trsar, Business Consultant
Posted: 10/17/2017 3:09:00 PM | Category: Risk Management | Permalink | Email this post

Microsoft: More than 80 percent of employees admit to using unapproved SaaS apps for corporate purposes.

Cisco:  15 to 25 times the number of known cloud services are purchased by employees without IT involvement.

These are just two examples of the quiet, but pervasive, existence of shadow IT in enterprises today. Although the name “shadow IT” sounds like something that might appear in an espionage novel, it is very real and very alarming, as we discovered in gathering material to write ISACA’s new white paper, Shadow IT Primer. We interviewed business and technology professionals whose responsibilities include IT operations, audit and security, and who deal with shadow IT on a regular basis. Their insights and real-world examples give the ISACA publication a perspective that is not reflected in other articles on the topic.


Is a Breach at Your Company Inevitable?

Jason Baczynski, CISM, CISSP, Security Assurance Professional
Posted: 10/16/2017 3:06:00 PM | Category: Security | Permalink | Email this post

Jason BaczynskiThe former CEO of Equifax recently stated in a speech to the University of Georgia that there are “those companies that have been breached and know it, and there are those companies that have been breached and don't know it.” While this statement must be taken with a grain of salt (it was made after his company was made aware of the massive breach), we still have a sentiment that has become very common.

This type of reasoning was popularized following the RSA breach that was disclosed in 2011. Following this event, many organizations which had breaches would lament the inevitability of a breach. This reasoning often has the related tagline of an “advanced persistent threat,” which further reinforces the mindset that succumbing to shadowy figures is inescapable. In reality, these “advanced” threats are often nothing more than a phishing email, poor passwords, or an attacker running a “point and click” exploit of a vulnerability that has been freely available for months. A cynical view is that both statements amount to nothing more than an attempt to leverage the fear, uncertainty and doubt of all things cyber in an excuse for the shameful security practices of these organizations.


GDPR Can Bring Major Benefits to Governance, Security Professionals

Vilius Benetis, CEO of NRD CS
Posted: 10/12/2017 3:10:00 PM | Category: Privacy | Permalink | Email this post

Vilius BenetisThe European Union has long considered that a person owns all non-public data about him. Each individual then explicitly grants and revokes rights to process (for example: collect, analyze, aggregate and store) his or her personal data to everyone interested.

With some data, it is easy. One signs a contract, and later on, perhaps cancels the contract, along with permissions to process the data. But the question is not only about granting or revocation of rights to process, but also about getting to know which data is stored, how it was processed, with whom it was shared, and having the possibility to remove that data from systems (i.e., to be forgotten).

<< First   < Previous     Page: 1 of 168     Next >   Last >>

 About This Blog


This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.

The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.

Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.


To volunteer to write a blog or suggest a topic send an email here.