ISACA Journal Blog

Cybersustainability: Ensuring Digital Strategies That Protect Data

Karen Walsh, JD, and Joe Raschke, CRISC, CIPP, CISSP Posted: 10/8/2019 8:52:00 AM | Category: Security | Permalink | Email this post

Increasingly, security professionals use language that makes a distinct comparison between our physical environment and our digital infrastructures. We use terms such as “digital ecosystem,” “digital footprint,” “IT environment,” “data leakage” and “data pollution.” As data breaches continue to increase in number and severity, we need to begin thinking about how we protect today’s data for tomorrow’s future digital strategies.

What Is Cybersustainability?
Fundamentally, cybersustainability looks at data as a finite resource, similar to a coral reef or fossil fuels. Similarly, we can look at data from both the “prevent from being polluted” perspective and the “preserve the resource” perspective.


I Know What I Know (If You Know What I Mean)

Ian Cooke, CISA, CRISC, CGEIT, COBIT Assessor and Implementer, CFE, CIPP/E, CIPM, CIPT, FIP, CPTE, DipFM, ITIL Foundation, Six Sigma Green Belt
Posted: 9/23/2019 4:56:00 PM | Category: Audit-Assurance | Permalink | Email this post

Ian CookeEdie Brickell (incidentally the wife of singer/songwriter Paul Simon) had a modest 1988 hit titled “What I Am.” The opening lines of the song contain the lyrics “I'm not aware of too many things. I know what I know if you know what I mean.”

Besides being a nice play on words, the lyrics are quite prophetic; in reality, we all are somewhat restricted by what we know and understand. We, as ISACA members and IT specialists, all know a lot about IT risk and its 3 main categories. Specifically:


How to Prepare for Taxation in a Digitalized Economy

Helena Strauss, CISA, CA(SA) Posted: 9/9/2019 3:02:00 PM | Category: Audit-Assurance | Permalink | Email this post

Helena Strauss
While IT professionals and auditors are not required to be tax experts, they do need to have a certain level of mindfulness with regard to taxation within the digitalized economy going forward as tax collection is slowly but surely becoming part of the natural business ecosystem where taxation happens by default.

IT professionals and auditors should consider the following to better address taxes within the digitalized economy:

  • Regarding the client’s business structure, does it deliver highly digitalized services and does it have an international economic presence?
  • Does the client have sufficient IT controls in place to identify the origin of its users of digitalized services provided? Controls such as bank account details, IP addresses, customer addresses might suffice, although they can be changed or anonymized. This information should be used to bill the client and apply the correct Value Added Tax (VAT)/Goods and Services Tax (GST) rates, which is a fully digitized process.
  • Does the client make use of freelance or contract workers within the gig economy? If so, payments to them should be made after withholding taxes (dependent on the jurisdiction in which the worker resides). This is also a digitalized process in most instances.

The following IT internal controls questions should also be answered:


Digital Transformation Oversight Extends Beyond Technology

Guy Pearce, CGEIT
Posted: 9/3/2019 3:01:00 PM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

Digital transformation. Digitalization. Digitization. Three business terms in common use today that describe the differences in scope of the organizational digital effort, in this case in order of decreasing scope. Unfortunately, the first word of the term “digital transformation” seems to receive all the attention, with the second word left to scrabble for the scraps. This could be because digital technology efforts are already difficult enough if they are considered in a corporate context rather than as a silo, while the associated transformation efforts—largely involving people and business transformation—are even more difficult. For technology efforts however, forgoing the people component readily results in the expectations of the investment not being met.


Auditing Green IT

J. David Patón-Romero, CISA, PMP, Maria Teresa Baldassarre, PMP, Moisés Rodríguez, CISA and Mario Piattini, CISA, CRISC, CISM, CGEIT, PMP Posted: 8/29/2019 2:56:00 PM | Category: Audit-Assurance | Permalink | Email this post

Sustainability has become a key focus in the 21st century. Both society and organizations recognize the importance of sustainability in their day-to-day functions and demand guidelines that help them implement, control and improve practices in this regard. Many IT organizations have begun to implement green IT practices. Based on our experience applying an extension of COBIT in different organizations to audit green IT, we believe that the following steps should be considered:

  1. Understand the scope—Due to the novelty of green IT, many organizations do not fully understand the scope of green IT practices. Thus, it is important to differentiate between green-by-IT practices (in which IT is used to reduce the negative impact that other areas have on the environment) and green-in-IT practices (in which sustainable practices are applied in IT itself to reduce its negative environmental impact).
  2. Conduct a systematic and progressive green IT assessment—Assessing all the processes established by COBIT (adapting them to green IT) is unfeasible. So, it is advisable to group COBIT processes using a maturity model. This allows auditors to conduct a more organized and progressive audit, assessing first and ensuring compliance with the most basic and necessary processes of the first maturity levels before assessing more complex processes of higher levels.
  3. Implement improvement actions—We have also guided organizations toward the improvement of the practices they carry out. Organizations should develop improvement plans and progressively implement the processes level by level of maturity.

We believe that these 3 steps can help you not only when properly assessing green IT, but also when establishing a strategy to implement and improve the processes and practices that are carried out. This will benefit your work as auditors, making the entire audit process simpler and more complete, and it will help organizations achieve better results in green IT.

        Page: 1 of 92     Next >   Last >>