journal header

Volume 3, 2019

This Week's Online-Exclusive Feature

Three Ideas for Cybersecurity Risk Management

Three Ideas for Cybersecurity Risk Management
26 June 2019
Sakthivel Rajendran, CISA, CRISC, CISM, CCSK, CEH, GMOB

The terms “information security” and “cybersecurity” are commonly used to address risk to information. For discussion purposes herein, information security means implementing processes and technology to protect information, whereas cybersecurity deals with precautions taken to guard against crime, which includes monitoring for suspicious network access attempts and steps taken to handle such attempts. Cybersecurity is a subgroup within the information security domain.

COBIT 5 for Risk specifies that “the main drivers for risk management in its different forms include the need to improve business outcomes, decision-making and overall strategy.” Read More >>

Indicates Online-Exclusive Content



This Week's Featured Blog

Patch Management Practice
17 June 2019
Spiros Alexiou, Ph.D., CISA, CSX-F, CIA

Unpatched systems represent a very serious IT security threat with potentially extremely important consequences, as documented in a large number of high-profile breaches that exploited known unpatched vulnerabilities. Since these vulnerabilities are known, not just to attackers, but also to system administrators, and since patches exist, it is on first look surprising that unpatched systems even exist. The reality, however, is that patching is not that simple: Because of interdependencies, it must be verified that the patch is compatible with everything else in the system, e.g., an operating system patch must be compatible with the applications and databases running on top of the operating system. Sometimes, they are not, as manifested, for instance, in the recent Spectre and Meltdown vulnerability, where some application providers explicitly warned against patching. Verifications mean testing by other vendors, and this may not be a high priority for the application vendor, with an answer or full solution sometimes coming with the next release. Read More >>

Indicates Online-Exclusive Content



What's New for Nonmembers

IS Audit Basics Articles

Developing the IT Audit Plan Using COBIT 2019

Auditing Cybersecurity

Assurance Considerations for Ongoing GDPR Conformance

Affect What Is Next Now

Auditing the IoT

Add Value to What Is Valued


Full Journal Issues

Volume 3, 2018 The Smart Transformation

Volume 2, 2018 Innovation Governance

Volume 1, 2018 The Future of Data Protection

Volume 6, 2017 Transforming Data

Volume 5, 2017 Enabling the Speed of Business

Volume 4, 2017 Mobile Workforce

Sponsored Feature Articles

Why Security Product Investments Are Not Working

Why Attackers Are Turning Their Attention Toward ERP Applications

Innovating Internal Audit to Unlock Value

Centralized, Model-Driven Visibility Key to IT-OT Security Management

The AICPA’s New Cybersecurity Attestation Reporting Framework Will Benefit a Variety of Key Stakeholders

Indicators of Exposure and Attack Surface Visualization