ISACA Journal Blog

What Are Challenges in Deployment and How Can They Be Mitigated?

Rajul Kambli, CISA, CMA Posted: 1/3/2019 2:57:00 PM | Category: Risk Management | Permalink | Email this post

Rajul KambliTransformation offers many key benefits, and any enterprise that would like to sustain and grow in this ever-changing, fast-paced world would be subject to the deployment of new systems. In my recent ISACA Journal article, I discuss various challenges that any enterprise might experience and how the intensity of any of those challenges would differ based on organizational dynamics and economic variables.

Here are some key points that any enterprise should consider in the deployment process:


Bound to Happen

Randy Pierson, CISA, Kevin Alvero, CFE, Wade Cassels, CISA, CFE, CIA, CRMA Posted: 12/17/2018 3:03:00 PM | Category: Security | Permalink | Email this post

In the wake of the high-profile information security breaches that have made headlines over the past few years, leaders in the security field have been coaching organizations to make 2 fundamental changes in the way they have traditionally handled breaches. First, instead of focusing solely on impenetrability, organizations should accept that breaches are going to happen and place greater focus on detection and management. Second, organizations should be prompt and transparent when it comes to notifying impacted stakeholders about the impact of a breach instead of, well, doing the opposite.

These 2 pieces of organization-level advice can, and should, also be applied to individuals in the context of security awareness training, which was the topic of our recent Journal article.


The New Normal: The Learning Organization

Philip Casesa Posted: 12/3/2018 3:07:00 PM | Category: Security | Permalink | Email this post

Philip CasesaThe cyberworkforce gap is well documented. When we look at it from a macro level, it seems straightforward. Studies show between 1-3 million job openings over the next few years, unfilled due to a lack of talent. As schools pump out new cyber grads and push them into the workforce, our prayers are answered, right?

When we look closer at the problem, we see how woefully inadequate the macro view really is. The uncomfortable truth is this: We cannot close that gap by throwing bodies at it. The speed of change in the cyberarena means that new skill gaps are created daily, even on established cyberteams. In other words, every day our teams are not learning and applying new skills, they are a little less prepared for what may come at them. 


A Healthy Way to Think of Metrics

Julio Pontes, CISM, BS7799LA, CCSK, CISSP
Posted: 11/26/2018 3:01:00 PM | Category: Security | Permalink | Email this post

Julio PontesHealthcare has many parallels with information security since both are based on prevention, monitoring, diagnosis and correction to avoid negative results. If medical success, however, were measured only by prevention of death, doctors would be the worst professionals in the world. After all, we are all going to die one day.

Moreover, if we take that same rationale for information security and measure its success or failure only through incident prevention, we will see some successes, but, eventually, there may be failures, perhaps catastrophic. Does this sound familiar?


Optimism and the Audit Profession

Martin Cullen, CISA, CGEIT, CRISC, COBIT Assessor and Implementer, ISO 27001 LA
Posted: 11/19/2018 3:05:00 PM | Category: Audit-Assurance | Permalink | Email this post

Martin CullenI have been fortunate in my career to have attended many excellent ISACA conferences where the keynote speakers have excelled in delivering their message in very clear and pragmatic ways. One such speaker was futurist Mark Stevenson about whom I wrote in my recent Journal article, coauthored with Ian Cooke, in which we discuss the 8 principles of successful optimists and their relevance to the IT audit profession.

Personally, I found Stevenson’s closing keynote talk at the ISACA EuroCACS in Dublin in 2016 very inspiring, and it has motivated me to increase my level of participation with ISACA. Since this talk, I have spoken at an ISACA EuroCACS event, joined the ISACA Ireland Chapter board, spoken at an ISACA risk management talk, participated as a subject matter expert for ISACA webinars and am now evidently contributing to writing ISACA Journal articles and blogs.

        Page: 1 of 85     Next >   Last >>