Recent Graduate Membership
Partner Content Featuring MIT’s Center for Information Systems Research
Local Chapter Information
What is CISA
What is CISM
What is CGEIT
What is CRISC
How to Earn CPE
Maintain Your Certification
Write an Exam Question
US DoD Information
North America CACS
Interactive Training Tool
CSX North America
Exam Review Courses
Enterprise Training (On-Site)
Governance, Risk and Control
CERTIFICATION TRAINING & EDUCATION
CYBERSECURITY AUDIT CERTIFICATE TRAINING
Asia Pacific CACS
Capability Counts Conference
Call for Speakers
Browse All Events
COBIT 2019 Home
COBIT 2019 Publications & Resources
COBIT 2019 Training & Learning
COBIT 2019 FAQs
COBIT 5 Home
Join the Conversation
Knowledge & Insights
knowledge & insights Home
Submit an Article
Risk Scenarios: Using COBIT 5 for Risk
Implementing The General Data Protection Regulation
CISA Review Manual, 26th Edition
CISA Review Questions, Answers & Explanations Database - 12 Month Subscription
CSX Cybersecurity Fundamentals Study Guide, 2nd Edition
CISM Review Questions, Answers & Explanations Database – 12 Month Subscription
Bylaws and Articles of Incorporation
What We Offer & Whom We Serve
Our Purpose and Promise
Licensing and Promotion
Careers at ISACA
Trust In, and Value From, Information Systems
Advance Your Career
Implementing the General Data Protection Regulation
Cybersecurity Nexus (CSX)
GDPR & Privacy
IS Audit & Assurance
NEW! Partner Content Featuring MIT’s Center for Information Systems Research
The Nexus Articles
Practically Speaking Blog
Submit an Article
Read More on COBIT
Journal Print Opt-In Steps
Indicates Online-Exclusive Content
Volume 4, 2018
Information Security Matters: I Left My Security in the Office
Steven J. Ross, CISA, CISSP, MBCP
I submit that changing the definition of work necessitates a corresponding redefinition of security over the information with which we work.
IS Audit Basics: Add Value to What Is Valued
Ian Cooke, CISA, CRISC, CGEIT, COBIT Assessor and Implementer, CFE, CPTE, DipFM, ITIL Foundation, Six Sigma Green Belt
Enterprises have many stakeholders, and “creating value” means different—and sometimes conflicting—things to each of them.
Rob Clyde, CISM
Building Tomorrow’s Leaders, Today
Addressing the Challenges of IT Audits by Supreme Audit Institutions
Shourjo Chatterjee, CIA
Supreme Audit Institutions (SAIs) refer to the national agencies entrusted with ensuring accountability in the functioning of national governments through external audit.
Cyberconflicts: Reflections and Implications for Today’s Enterprises
Jeimy J. Cano M., Ph.D., CFE
International uncertainties and global political instability establish new tensions that affect the dynamics of organizations due to the multinational forces in play in global geopolitics.
Cybersecurity Education Based on the NICE Framework: Issues and Challenges
Izzat Alsmadi, CCNA
The NICE Cybersecurity Framework was proposed several years ago as part of an initiative to enhance cybersecurity education to accommodate industry or job needs.
Cybersecurity Employee Retention and Management Culture
Mike Saurbaugh, CRISC, CISM, CISSP, MSIA
Ask security leaders if they have enough cybersecurity professionals on staff and the likely response will be “no.” But the demand is not just a numeric value; it also pertains to the abilities of the professionals.
Data Governance From the Actuary and Risk Management Perspectives
Mehmet Zeki Önal, CISA, CRISC, CGEIT, CCSA, CRMA
From the risk management perspective, the need for data governance exists not only in the insurance sector, but also in all sectors affected by IFRS regulations.
Data Spill Lessons From the Oil Industry
Sridhar Govardhan, CISA, CISM, SABSA
The journey of data from cost burden to business enabler has generated a new buzzphrase referring to data as “the new oil.”
Getting the Basics of Cybersecurity Right
Ramón Serres, CGEIT, CISM, CSX Fundamentals, CCSK, CISSP
Managing cybersecurity or, more specifically, managing cybersecurity risk, is much more than just technology and, in most cases, has nothing to do with having the money to afford state-of-the-art technology.
Integrating KRIs and KPIs for Effective Technology Risk Management
Rama Lingeswara Satyanarayana Tammineedi, CISA, CRISC, CBCP, CISSP, MBCI, PMP
Performance evaluation of an organization’s risk management system ensures the risk management process remains continually relevant to the organization’s business strategies and objectives.
Protection From GDPR Penalties With an MFT Strategy
Companies facing the EU’s looming General Data Protection Regulation (GDPR) compliance mandate could benefit from a modernized managed file transfer (MFT) solution.
Roles of Three Lines of Defense for Information Security and Governance
Amelia Ho, CISA, CISM, CA, CFE, CIA, CISSP, FRM, PMP
Organizations aim to achieve their objectives while managing risk within their risk appetites. A good governance structure for managing risk is to establish three lines of defense.
Securing the SWIFT Infrastructure Across the Cyber Kill Chain
Vimal Mani, CISA, CISM, Six Sigma Black Belt
Recent cyberattacks have shaken faith in the traditional security measures implemented at global organizations in and around the SWIFT infrastructure in place.
Technology Innovation Dynamics: Innovation Governance
Robert E. Davis, DBA, CISA, CICA
How organizational representatives communicate about technological innovation is often a significant factor in the success or failure of innovation management.
The Downstream Effects of Cyberextortion
Tony Martin-Vegue, CISM, CISSP
Ransomware is specially crafted malicious software designed to render a system and/or data files unreadable until the victim pays a ransom.
The Power of IT Investment Risk Quantification and Visualization: IT Portfolio Management
Guy Pearce, CGEIT
The IT Portfolio Management Model was based on the principles of financial portfolio management, specifically, the relationship between investment risk and investment return as per the so-called risk-return tradeoff.
The Price of a Data Breach
Van Ha Le and Bianca Zamora
Although technological advancements have improved efficiency, they have unintentionally increased the risk of confidential and other sensitive information becoming compromised.
The Promises and Jeopardies of Blockchain Technology
Governments, enterprises and civilians can make strategic mistakes by ignoring or discounting blockchain’s downsides..
Help Source Q&A
Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP
Our organization is considering multiple projects for developing and implementing IT-based solutions. I have checked on various websites, but could not get a detailed list of generic risk scenarios for IT-related projects.
Based on Volume 2, 2018
Standards, Guidelines, Tools and Techniques
ISACA Member and Certification Holder Compliance
An up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques
Tools: Using Audit Tools to Support Strategic Objectives
Robin Lyons, CISA, CIA
There are two phases of the audit process where IS auditors can leverage tools to make their work align to and support the organization’s strategic objectives.
download our app
Download Full Issue