The time for making predictions about the number of IoT devices in future years and waiting for that time to come is long gone (however, if you really want to know, one source predicts there are going to be 75 billion IoT devices in 2025). If enterprises still have not thought about the ways IoT could bring them new value, now is certainly the right time to get started.
As the title suggests, COBIT 2019 and IoT could be a great combination for adding value to the enterprise. Auditors (including myself) need to follow the enterprises and keep up with IoT, so auditors can give reasonable assurance on topic.
Editor's note: David Samuelson was appointed chief executive officer of ISACA on 1 April of 2019, the year of ISACA’s 50th anniversary. Samuelson recently visited with ISACA Now to discuss the meaning of joining the organization during its milestone year and how ISACA can draw upon its decades of industry leadership to become even more impactful in the future. The following is an abbreviated transcript of the Q&A interview. To read the full Q&A, visit the ISACA50.org Story Gallery.
Small and medium-sized businesses (SMBs) lack the resources of a large business, in both finances and personnel, making it more difficult to extract client value from a robust cybersecurity program. In fact, many SMBs probably do not have a “robust” cybersecurity program. Implementing one can be costly, and the related costs are not just one-time capital expenses, but also include recurring expenses. So, why should an SMB even consider implementing a cybersecurity program when there are plenty of other high-priority business needs that demand resources?
The bottom line is the protection of data. If data is not protected, business owners should be afraid. It’s only a matter of time before a hacker comes calling and walks away with an organization’s data. They might not actually take it; they may just copy it for their use or for sale to the highest bidder and leave the business with its own copy, perhaps not even aware the data had been copied. What if that data was the corporate payroll database with employee bank routing numbers and account numbers? How about the HR files with employee social security numbers? We’ve all heard plenty of stories about major database breaches in which employee data was compromised (meaning the culprits, at a minimum, copied the data for their own use).
As a follow-up to a blog post previously published by The Mako Group’s Chief Audit Executive, Shane O’Donnell, let’s dig a little deeper into what you should be reviewing when you receive your vendors’ SOC 1, SOC 2 or SOC 3 reports.
Each SOC (Service Organization Controls) report follows a basic outline. You will find the vendor’s management assertion, the independent service auditor’s report, the vendor’s description of its system, and a listing of controls tested. Below are some key points to focus on when reviewing your vendors’ SOC reports.
As my relationship with ISACA unfolded through various volunteer roles for the past 25 years, I have had the privilege of seeing the organization evolve – through good times and challenging times – just as many of us have experienced in our personal lives and careers.
I’ve stayed with ISACA for the long haul because regardless of the hot technology or top-of-mind regulation of the day, I have consistently been proud to serve a global organization that provides the resources needed to advance business technology professionals’ careers and strengthen the technology workforce, while addressing some of the biggest challenges in our industry.
This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.
The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.
Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.
To volunteer to write a blog or suggest a topic send an email here.