ISACA Journal Blog

The Benefits and Risk of Blockchain Technology

Phil Zongo
Posted: 8/20/2018 3:11:00 PM | Category: Risk Management | Permalink | Email this post

Phil ZongoBlockchain technology, which rose to prominence in 2008 with the publication of the fascinating white paper Bitcoin: A Peer-to-Peer Electronic Cash System, is widely predicted to drastically transform several sectors. For instance, blockchain-based smart contracts are anticipated to facilitate the direct, transparent and irreversible transfer of funds from donors to those in dire need, eliminating needless intermediary costs and cutting global poverty. The healthcare sector also fits the bill perfectly for blockchain implementation. Through its core virtue of decentralized architecture, blockchain could supplant archaic, fragmented and heterogenous healthcare systems—boosting the quality of patient care and lowering healthcare delivery costs. Potential blockchain use cases are as wide-ranging as the enterprises trying them.

 
Read More >>
    

Knowing What to Protect

Sridhar Govardhan, CISA, CISM, SABSA
Posted: 8/16/2018 2:38:00 PM | Category: Security | Permalink | Email this post

Sridhar GovardhanWith so many compromises leading to data breaches, one common concern is even after so much investment going into technology, people and processes, why are breaches occurring? Are we “barking up the wrong tree”?

Perhaps, yes. Today there is a different challenge that security professionals are faced with: where to focus and what to protect. The traditional approach of protecting everything is failing; focus and effort should be on critical assets.

Knowing what to protect is extremely relevant for deciding the level of security protection required. The asset could either be raw data or processed information along with the ecosystem (e.g., operating system, application, web, data or application programming interface [API]). Lack of visibility to this key and critical piece of information leads to:

 
Read More >>
    

SWIFT Infrastructure Needs to Be Secured in a Structured Manner

Vimal Mani, CISA, CISM, Six Sigma Black Belt
Posted: 8/13/2018 2:47:00 PM | Category: Security | Permalink | Email this post

In the last few years, SWIFT has become a favorite target for hackers across the globe. The frequency of SWIFT-targeted cyberattacks is a good indicator of the same. In most of these SWIFT-targeted attacks, the network perimeter was compromised before the core SWIFT platform was touched. It is first important to ensure that we have a foolproof network perimeter built around SWIFT infrastructure with appropriate security solutions in a defense-in-depth manner.

Data confidentiality in SWIFT can be achieved through the encryption of all payment-related data and having all links controlled by SWIFT using strong encryption algorithms. Access to SWIFT payment data should be protected by means of one-time passwords (OTP). Controls such as unique sequencing of all messages, dual storage, real-time acknowledgement to the user, and message authentication procedure between the sender and receiver also help ensure SWIFT data integrity by protecting from fraudulent modification of SWIFT data, which was the technique used by hackers in many recent SWIFT-targeted attacks. Availability of SWIFT infrastructure can be achieved using several measures, many of which are built into organizations in the form of continuity planning, duplication, and, in some cases, triplication of equipment, extensive recovery schemes and automatic rerouting of payments in the event of failure of some network nodes.

 
Read More >>
    

Love Them or Loathe Them, Good IT Business Cases Are of Inestimable Value to Good IT Portfolio Managers

Guy Pearce, CGEIT Posted: 8/6/2018 3:16:00 PM | Category: Risk Management | Permalink | Email this post

Many struggle to pull credible business cases together. Business case mechanics aside, the hard work not only involves identifying the required data, collecting them and ensuring that they are of the right quality, it also involves receiving buy-in for the business case from stakeholders, hopefully without too much fudging. That business cases can be fudged highlights the importance of an explicit assumptions section; it is a vital component of a good business case because it can be used to assess the veracity of the business case’s inputs.

In spite of how hard building a business case can be though, properly assessing the contribution of new IT investments to the organization helps prevent wasting precious organizational resources on “investments” that yield little for the organization. A good business case also helps ensure a good understanding of the dependencies of the project on various organizational resources, all of which helps ensure the business success of the IT investment.

 
Read More >>
    

Managing Technology Innovation Efficacy

Robert E. Davis, DBA, CISA, CICA
Posted: 8/2/2018 3:06:00 PM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

Technological innovation has significant governance dynamics. Linked to the governance dynamics are offensive and defensive innovation strategies. Offensive strategies encompass reconfiguration, redefinition and pure spending. Reconfiguration occurs when the challenger performs an activity innovation in the value chain or the configuration of the entire business. Redefinition arises when a challenger redefines the competitive scope compared to the market leader. Pure spending transpires when the challenger buys a market position through superior resources utilization or greater willingness to invest.

Conversely, a defensive strategy focuses on lowering the probability of competition from new entrants pursuing innovation monetarization or from established competitors seeking to reposition a line of business. Defensive strategies encompass technology licensing, selective retaliation, entry deterrence and forming coalitions. The principal objective of implementing a defensive plan is to influence new entrants or established competitors to conclude that market participation is an unattractive organizational commitment.

 
Read More >>
    
        Page: 1 of 81     Next >   Last >>