Home / Resources / ISACA Journal / Past Issues / 2014

Domain:

More Filters
Card List
audit and assurance
ISACA Journal Article

Auditing Oracle Database

Data are a very decisive resource for any business due to shielding; regularly auditing the database should never be left to chance or patchwork solutions.

Author: Muhammad Mushfiqur Rahman
An Integrated Approach to Enterprise Risk
ISACA Journal Article

An Integrated Approach to Enterprise Risk

Today, most organizations continue to rely on a traditional approach to risk management. Such an approach is built on stovepipe-oriented risk management, in which the focus...

Author: Muhammad Mushfiqur Rahman
Law and Best Practice for a Sarbanes-Oxley Systems Review
ISACA Journal Article

Law and Best Practice for a Sarbanes-Oxley Systems Review

Any organization would like to have an optimal approach to a Sarbanes-Oxley Act review, whether it is the process used or the Sarbanes-Oxley review team's composition.

Author: Frederick G. Mackaden
Data Privacy and Big Data—Compliance Issues and Considerations
ISACA Journal Article

Data Privacy and Big Data—Compliance Issues and Considerations

The big data1 craze has taken the industry by storm. With the advent of cost-effective technologies and solutions for longer-term storage of vast amounts of transaction data, more and more companies are investing in keeping more and more data for longer and longer periods.

Author: William Emmanuel Yu
An Enhanced Risk Formula for Software Security Vulnerabilities
ISACA Journal Article

An Enhanced Risk Formula for Software Security Vulnerabilities

As enterprises increasingly rely on IT to succeed, effective IT risk management has become an essential component of IT governance.1 In conjunction with this, there are various studies to address risk through the software development life cycle,2 while others are interested in risk in the production environment.

Author: Jaewon Lee
Assessing and Managing IT Operational and Service Delivery Risk
ISACA Journal Article

Assessing and Managing IT Operational and Service Delivery Risk

Service resilience has gained a lot of importance in recent years. A resilient service is one that is capable of withstanding major and minor disruptions caused by natural and man-made sources.

Authors: Upesh Parekh and Jonathan Copley
Big Data Analytics for Sophisticated Attack Detection
ISACA Journal Article

Big Data Analytics for Sophisticated Attack Detection

The number and complexity of cyberattacks has been increasing steadily in recent years. The major players in today’s cyberconflicts are well organized and heavily funded teams with specific goals and objectives...

Authors: Nikos Virvilis, Oscar Serrano and Luc Dandurand
Carry On—Sound Advice From Schneier on Security
ISACA Journal Article

Carry On—Sound Advice From Schneier on Security

A pessimistic prediction for the future of the RSA Conference, the somehow unfair public judgment of security agencies, the possibility of hacking a papal election, how to become a security expert...

Authors: Bruce Schneier, reviewed by Maria Patricia Prandini
COBIT 5 Processes From a Systems Management Perspective
ISACA Journal Article

COBIT 5 Processes From a Systems Management Perspective

COBIT 5 establishes a governance layer and does a good job of capturing stakeholder needs, driving enterprise, IT and enabler goals. COBIT 5 fosters the use of balanced...

Authors: Myles Suer, Chane Cullens and Don Brancato
Critical Information Systems Processes
ISACA Journal Article

Critical Information Systems Processes

Organizations maintain their operations with the help of processes that differ according to their organizational structure, business objectives and working styles.

Authors: Tugba Yildirim and Bilgin Metin
Data Owners’ Responsibilities When Migrating to the Cloud
ISACA Journal Article

Data Owners’ Responsibilities When Migrating to the Cloud

Understanding who owns data is not as simple as it appears at first. It is easy to say that all data belong to the organization. This is correct, but it does not identify accountability for such ownership.

Authors: Ed Gelbstein and Viktor Polic
Data Privacy—Protecting This Asset Is a Priority
ISACA Journal Article

Data Privacy—Protecting This Asset Is a Priority

Over the past few years, there has been a shift in the business world pertaining to assets that need to be protected. The digital world has brought with it complexity in terms of...

Author: Horace McPherson
Fire Protection of Computer Rooms
ISACA Journal Article

Fire Protection of Computer Rooms—Legal Obligations and Best Practices Fire Protection of Computer Rooms—Legal Obligations and Best Practices

Considering that the issue of fire protection in computer rooms is not specifically addressed in many national regulations, the US National Fire Protection Association (NFPA) Standard for...

Author: Haris Hamidovic
How Zero-trust Network Security Can Enable Recovery From Cyberattacks
ISACA Journal Article

How Zero-trust Network Security Can Enable Recovery From Cyberattacks

Managers looking for a strategy to comply with the US NIST Cybersecurity Framework requirements for response and recovery should give due consideration to Cyber DRaaS.

Author: Eric A. Beck
Integrating Security Analytics Into GRC Programs
ISACA Journal Article

Integrating Security Analytics Into GRC Programs

Business and security teams alike have seen breathtaking changes over the last few years with the rise of a digital universe that is global, social, mobile and interconnected.

Author: Yo Delmar
Reinspecting Password, Account Lockout and Audit Policies
ISACA Journal Article

Reinspecting Password, Account Lockout and Audit Policies

Reinspecting Windows sounds like reinventing the wheel, but reviewing password policy, account lockout policy and audit policy proves that auditing is not a one-time exercise; rather, it, must be...

Author: M. Faisal Naqvi
Internal Audit’s Contribution to the Effectiveness of Information Security (Part 1)
ISACA Journal Article

Internal Audit’s Contribution to the Effectiveness of Information Security (Part 1)

The internal audit and information security functions should play complementary roles in an organization’s information security program.

Authors: Paul John Steinbart, Robyn Raschke, Graham Gal and William N. Dilla
IS Audit Basics: The Core of IT Auditing
ISACA Journal Article

IS Audit Basics: The Core of IT Auditing

With the advent of the latest wave of information technologies such as big data, social media, technologies as a service and the cloud in general, it is worth taking the time to revisit the basics of IT audit.

Author: Tommie Singleton
IS Audit Basics: What Every IT Auditor Should Know About Computer-generated Reports
ISACA Journal Article

IS Audit Basics: What Every IT Auditor Should Know About Computer-generated Reports

So many times, auditors of all types use a computer-generated report to perform some aspect of assurance. For example, financial auditors may pull a computer-generated list of accounts receivable ...

Author: Tommie Singleton
Key Considerations in Protecting Sensitive Data Leakage Using Data Loss Prevention Tools
ISACA Journal Article

Key Considerations in Protecting Sensitive Data Leakage Using Data Loss Prevention Tools

Protecting digital assets and intellectual property (IP) is becoming increasingly challenging for organizations. Looming patent challenges and court battles to claim ownership of IP illustrate the...

Author: Nageswaran Kumaresan
Importance of Forensic Readiness
ISACA Journal Article

Importance of Forensic Readiness

Almost all organizations are now dependent, one way or another, on information technology. This has led to a great deal of development as well as associated risk.

Author: Dauda Sule
Writing good risk statements
ISACA Journal Article

Writing good risk statements

A fundamental part of an information systems (IS) audit and control professional’s job is to identify and analyse risk. Furthermore, risk factors need to be stated clearly and concisely to support effective management of risk.

Author: Benjamin Power
Manage What Is Known and What Is Not Known: A Road Map to Managing Enterprise Fraud Risk
ISACA Journal Article

Manage What Is Known and What Is Not Known: A Road Map to Managing Enterprise Fraud Risk

Organizations should establish and implement an organization wide fraud risk management framework that integrates counter fraud capabilities through organization and governance.

Authors: Zhiwei Fu, John W. Lainhart IV and Alan Stubbs
Privacy Audit—Methodology and Related Considerations
ISACA Journal Article

Privacy Audit—Methodology and Related Considerations

Auditors should consider key risk and control points when performing privacy audits. The following methodology draws heavily on concepts presented in ISO 31000:2009 Risk management—Principles and guidelines.

Author: Muzamil Riffat
Selecting the Right Cloud Operating Model: Privacy and Data Security in the Cloud
ISACA Journal Article

Selecting the Right Cloud Operating Model: Privacy and Data Security in the Cloud

Cloud-based services are on the rise. According to recent publications, the cloud is the future for the provision of a wide range of IT services.

Authors: Thomas Schaefer, Michael Hofmann, Peter Loos and Peter Fettke
Risk Management in 4G LTE
ISACA Journal Article

Risk Management in 4G LTE

Fourth-generation Long Term Evolution (4G LTE) is a broadband wireless data technology designed to offer users access to technology-agnostic across carriers and geographic regions.

Author: Daksha Bhasker
SCADA Cybersecurity Framework
ISACA Journal Article

SCADA Cybersecurity Framework

Supervisory control and data acquisition (SCADA) systems are rapidly changing from traditional proprietary protocols to Internet Protocol (IP)-based systems.

Author: Samir Malaviya
risk
ISACA Journal Article

Seven Mistakes Being Made in SIEM and How to Fix Them

Seven Mistakes Being Made in SIEM and How to Fix Them. A foundation for evaluating and implementing essential security control solutions against cyberattacks.

Author: Flint Brenton
Communicating IT Governance—Does It Matter?
ISACA Journal Article

Communicating IT Governance—Does It Matter?

IT governance is an area in which IT and non-IT executives need to communicate at least with a basic understanding of each other’s positions.

Author: Giuliano Pozza