The Certified Information Systems Auditor (CISA) certification has truly benefited my professional aspirations.
In 1997, when I transitioned from active duty as a Captain in the US Army, I had a 10-year-old computer science degree and not a great deal of experience in corporate America, particularly in the financial services industry. The extent of my background at that time was having an IRA. Fortunately, I was able to gain an entry level position as an IT Auditor at Prudential Insurance Company of America (now Prudential Financial) in Newark, New Jersey, through their junior military officer (JMO) hiring program.
The 7th annual IT Audit Benchmarking Survey shed light on several IT challenges that are at the top of the agenda for executive management and will have a direct impact on IT audit plans for many enterprises in 2018.
While the survey highlighted several key challenges, I will be drilling more in-depth into one key aspect, which is the co-sourcing of IT audit. Within the survey, it was noted that IT audit’s role has grown since 2012, in that half of all organizations now have a designated IT audit director. Such growth emphasizes the importance of the IT audit role. Given the current technological advancements, IT audit plans are required to be aligned and inclusive of the risks that accompany them. That not only requires a different set of skills that are needed in order to have value-added audit results, but also requires internal management to reconsider their IT audit plans.
The National Institute of Standards and Technology (NIST) Cybersecurity Framework, also known as the Framework for Improving Critical Infrastructure Cybersecurity and commonly referred to as CSF, is top of mind for many organizations.
Whether driven by the May 2017 Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, the need for a common framework between business partners or as a way to measure best practices, many organizations are considering adopting NIST’s framework as a key component of their cybersecurity strategy.
Where calls to “get ready for GDPR” permeated last year’s InfoSecurity Europe conference in London, keynote speakers at this year’s event—conducted just 10 days after the European Union’s regulatory enforcement deadline—put a stronger spotlight on GDPR compliance and sunk more serious messaging teeth into their talks.
Nowhere was this more evident than during the event’s “EU’s GDPR Is Here– Now What?” panel, where two enterprise privacy and security officers, a Microsoft cyber senior executive and a UK GDPR policy lead weighed the realities and rigor of the new regulatory environment.
Vivienne Artz, chief privacy officer for Thompson Reuters, said the organization has “put its house in order. Privacy, privacy and security by design are the new normal.”
The ISACA Journal has been at the heart of ISACA’s knowledge community for more than 40 years, a tradition we are proud to carry forward into the future.
The ISACA Journal has remained a valued asset to ISACA’s professional community because it has continually evolved to meet the needs and interests of practitioners amid the ever-changing technology landscape. This year, for example, the Journal has highlighted key industry topics such as the future of data protection, innovation governance and smart transformation, with more timely content in the pipeline for the coming months. As much as we focus on the type of content that will be most relevant to Journal readers, we are equally mindful of the way in which the Journal audience is consuming content in the digital era.
This blog is intended to offer a way for ISACA leaders, constituents and staff to exchange information of interest pertinent to the association, the business environment and/or the profession.
The comments on this site are the author’s own and do not necessarily represent ISACA’s opinions or plans. ISACA does not endorse, monitor or control any links to external sites offered in this blog, and makes no warranty or statement regarding the content on those external sites.
Anyone posting comments on this site should ensure that the content remains on-topic and steers well clear of any statements that could be considered insensitive, offensive or threatening. Given ISACA’s global nature, the need to communicate in a way that is accessible and acceptable to many cultures should be taken into account. ISACA retains the right, at its sole discretion, to refuse content that is considered inappropriate.
To volunteer to write a blog or suggest a topic send an email here.