ISACA’s Growing Influence as a Resource for Governments

Additional resources

Notes From the Board Room

Explore unique perspectives on nonprofit leadership from the members of the ISACA board.

My Transformational Journey: from Chapter Leader to the ISACA Global Board

Pam Nigro shares how her years in ISACA chapter leadership compares and contrasts to her current role on the ISACA Global Board of Directors, and what has helped her progress along the way.

Advocacy

Help us guide and educate the global community, its leaders and governments to realize the positive potential of technology.

Current Board of Directors

Get to know ISACA’s Board of Directors, a dynamic group of executive volunteers committed to providing expertise and direction to ISACA leadership.

Notes from the Boardroom: vol. 10

Editor’s note: “Notes from the Boardroom” is a series of blog posts from ISACA board directors providing transparency, context and perspective on how the ISACA board is carrying out its governance responsibilities. In this installment, ISACA Board Director Massimo Migliuolo explores how the Board views ISACA’s growing advocacy influence.

I have been fortunate to witness and contribute to the digital revolution firsthand, from the early days of mobile technology to the meteoric rise of artificial intelligence. This evolution has transformed how societies operate, connect and govern. But with progress comes new vulnerabilities, many of which need to be addressed at the governmental level.

As digital disruption accelerates, the lines between technology, governance and national security are blurring. For ISACA members—professionals at the forefront of audit, risk, cybersecurity, privacy and digital trust—this presents both a challenge and an unprecedented opportunity.

A major interest for me is how ISACA can be a stronger partner to governments, and how ISACA members, as part of our community, can help shape the future of secure, ethical digital innovation.

Since I joined the ISACA Board of Directors, I have seen firsthand how the organization’s value to governments is growing. This is the result of decades of building credibility, fostering professional excellence and staying ahead of technological shifts, as well as more targeted regional efforts in recent years. It is an encouraging development for our members, as strengthening governmental policy and guidance will ultimately expand opportunity across digital trust disciplines and make these professions healthier for both practitioners and their organizations.

ISACA is Uniquely Positioned as a Global Resource

Governments worldwide are grappling with escalating cyber threats while simultaneously leaning more heavily on digital technologies to deliver public services, safeguard national security and drive economic growth. In this context, ISACA and ISACA’s members are uniquely positioned to support government leaders through:

• Proven frameworks for IT governance, risk management and cybersecurity
• Globally recognized certifications that help build a skilled and trusted workforce
• Targeted training and resources to up-skill public sector professionals
• Thought leadership that bridges global trends with local relevance

Below are several ways in which ISACA’s frameworks, certifications, training and expertise can further enhance impact on governments around the globe.

Frameworks

ISACA frameworks address cybersecurity and resilience holistically, combining elements from several domains, from core cybersecurity to audit, risk, privacy, governance of digital technology, and maturity and capability in software development and services, taking into account emerging technologies. This holistic nature speaks to the heart of the challenge as none of those domains can operate in a silo and create sufficient value on their own.

ISACA’s CMMI (Capability Maturity Model Integration), originally created for the US Department of Defense to assess the quality and capability of their software contractors, has expanded beyond software engineering to help governments and organizations around the world understand their current level of capability and performance, and offer a guide to optimize results. This particularly applies to cyber resilience, providing confidence for the increasingly complex supply chain of governmental organizations, as well as to monitor the implementation of existing and new regulations through its world-class maturity assessment model.

ISACA’s CMMI spinoff framework, the Medical Device Discovery Appraisal Program (MDDAP), targets continuous improvement in quality and patient safety through structured best practices, an appraisal method and provides a roadmap toward improvement for device-makers enrolled in the Voluntary Improvement Program (VIP). VIP is supported by the US Food and Drug Administration (FDA) under their Case for Quality initiative and offers participants regulatory opportunities as a reward for their commitment to continuous improvement.

Additionally, ISACA’s COBIT (Control Objectives for Information and Related Technologies) framework provides a structured approach to aligning IT with business goals while managing risks and ensuring compliance. COBIT follows a systemic approach correlating organizational structures, people and skills, policies and processes, information, and digital technology, as well as culture, to offer a holistic view that can be invaluable to cybersecurity and resilience, among other domains. Utilizing COBIT, governments can establish more resilient and transparent cybersecurity policies, aligning public and private sector risk management strategies and assess, manage, and mitigate these risks in critical sectors such as infrastructure, public services, and defense. They can also develop proactive cybersecurity strategies, reducing the impact of cyber threats on national security.

Finally, the recently published Digital Trust Ecosystem Framework (DTEF) goes a step further by integrating all ISACA frameworks and good practices while addressing new domains like ethics to address the broader notion of trust.

ISACA puts forward those holistic frameworks to help governments as they design new regulations or guides for the industry, or when implementing existing ones, demonstrating its contribution at an international level.

For example, ISACA has been referenced in parliamentary hearings on cybersecurity in the UK and Germany, supporting regulatory updates as well as the implementation of new laws through a stronger workforce and through holistic frameworks. We used those frameworks when responding to consultations in the EU (e.g., AI Act, NIS2, DORA, CSR), US and Australia, supporting regulatory updates and demonstrating thought leadership. CMMI and COBIT are referenced in numerous governmental guides while DTEF is in the OECD AI Catalogue of Toolsⁱ. In India, the IT Ministry released a report on developing an AI Competency Framework for public sector officials titled “Empowering Public Sector Leadership: A Competency Framework for AI Integration in Indiaⁱⁱ” that specifically recommends COBIT as a data governance framework.

The list goes on, but the message is that when governments are attempting to increase their capability in incident response, assess or audit the implementation of regulations, achieve cyber resilience, implement new cybersecurity strategies or more broadly enable their economies through elevated trust in digital technology, ISACA is mobilizing its global community and resources to help them be successful.

Certifications, Training and Expertise

No matter the sophistication of a regulation, no government can be successful in a continuously shifting digital technology space without a well-trained workforce. ISACA is committed in helping create that workforce in cybersecurity and its adjacent domains through its world-renowned credentials and training programs (CISA for IT audit, CISM and CCOA for information and cyber security, CRISC for risk, CDPSE for privacy and CGEIT for governance). 

These credentials are globally respected and impactful. CISA has been recognized by UK's NCSCⁱⁱⁱ as a leading standard for companies conducting assurance reviews under the GovAssure regime, while CISA and CISM are part of the US DoD 8140 reimbursement schedule. ISACA credentials have been recognized as an internationally valuable instrument to form cybersecurity professionals under the final report of the International Coalition on Cyber Security Workforces (ICCSW), coordinated by the UK Department of Science, Innovation and Technology (DSIT).

Through ISACA training and credentialing programs, governments can bridge the cybersecurity skills gap and cultivate national talent to counter cyber threats, helping with the implementation of new or existing regulations. ISACA’s global community acts like a bridge between government, the industry and academia, and is helping to create and update governmental skills frameworks for achieving a standardized approach in each jurisdiction. From ISACA’s contribution to the European Cybersecurity Skills Framework (ECSF) to the UK Cybersecurity Council, or through its long-standing contribution to NIST for the NICE framework, ISACA brings its international experience to the table, helping not only to improve such skills frameworks, but also work toward their alignment internationally.  

ISACA’s Expanding Impact in Public Sector Resilience

Through global engagements and strategic contributions, ISACA is increasingly recognized not just as a source of technical standards, but as a strategic partner in public sector resilience. Governments are turning to ISACA-aligned professionals for guidance on securing digital infrastructure, conducting audits, strengthening governance and responding to cyber threats.

ISACA’s growing value to the public sector includes:

• Proven frameworks like COBIT to manage IT governance and digital risk at scale
• Globally respected certifications to build trusted, capable public sector teams
• Tailored training and capacity building in audit, compliance and cybersecurity
• Thought leadership and collaboration with policymakers to shape digital governance and policy

As digital disruption accelerates, the convergence of technology, governance and national security creates both challenges and opportunities. ISACA professionals—whether in the public or private sector—are uniquely positioned to shape how nations secure their digital future. By aligning with ISACA’s principles and contributing to its global knowledge base, you help build more resilient and secure governments.

What Can Our Community Do Next?

• Engage with public sector initiatives. Seek collaboration with local agencies or contribute to government projects.
• Pursue certifications that validate your expertise and leadership in digital trust.
• Promote ISACA’s frameworks in your professional networks.
• Stay informed on cybersecurity, governance and digital policy trends—your insights matter.

In summary: ISACA’s relevance to government continues to grow as a trusted ally in national cybersecurity efforts. By leveraging ISACA’s resources, governments can:

• Build robust IT governance structures
• Strengthen cybersecurity resilience
• Enhance risk management strategies
• Address the cybersecurity talent gap
• Develop effective incident response capabilities

Through these efforts, the ISACA community plays a pivotal role in protecting critical infrastructure, advancing national security and upholding public trust in an increasingly digital world. The Board stands in support of these initiatives as an important driver of ISACA’s global impact.

ⁱ https://oecd.ai/en/catalogue/tools/isaca-digital-trust-ecosystem-framework-dtef-application-to-assure-ai-environments
ⁱⁱ https://indiaai.gov.in/article/empowering-public-sector-leadership-a-competency-framework-for-ai-integration-in-india?
ⁱⁱⁱ https://www.isaca.org/about-us/newsroom/press-releases/2024/isacas-cisa-certification-recognized-by-uks-national-cyber-security-centre-as-a-leading-standard