of 35/35
ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM [email protected]

ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM [email protected]

  • View
    218

  • Download
    1

Embed Size (px)

Text of ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM [email protected]

  • Slide 1
  • ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM [email protected]
  • Slide 2
  • 2 Practical & Pragmatic Guidance
  • Slide 3
  • 3 GPC The Guidance & Practices Committee (GPC) is responsible for developing practical and pragmatic guidance for ISACAs constituents related to ISACAs frameworks, emerging technologies and other issues that are relevant to members.
  • Slide 4
  • 4 GPC Deliverables Creating a Culture of Security Builds upon ISACAs Business Model for Information Security (BMIS) to examine how culture impacts information security Provides practical advice on how to influence an enterprise culture
  • Slide 5
  • 5 GPC Deliverables IT Control Objectives for Cloud Computing Explores security, risk and assurance issues in Cloud Provides mapping to Cloud Computing to COBIT 4.1
  • Slide 6
  • 6 GPC Whitepapers Cloud Computing: Business Benefits with Security, Assurance and Governance Perspectives Available at www.isaca.orgwww.isaca.org Also available is a webcast focusing on the whitepaper
  • Slide 7
  • 7 White Papers Issued in 2011-2012 1.Electronic Discovery 2.Sustainability 3.Leveraging XBRL for Value 4.Data Analytics A Practical Approach 5.Geolocation: Risk, Issues and Strategies 6.Mobile Payments: Risk, Security & Assurance Issues 7.Guiding Principles for Cloud Computing Adoption and Use 8.Incident Management and Response 9.Virtualized Desktop Infrastructure (VDI) 10.Calculating Cloud ROI Currently there are 19 white papers available at www.isaca.org/research www.isaca.org/research
  • Slide 8
  • 8 Guidance and Practices Cloud Projects IT Control Objectives for Cloud Computing Issued July 2011 Guiding Principles for Cloud Computing Issued March 2012 Governance of IT for Cloud Computing in development Cloud Vision Series Security in the Cloud September 11, 2012 ROI in the Cloud July 2012 Vendor Management in the Cloud Q2 2013
  • Slide 9
  • 9 Audit Programs The GPC is responsible for creating audit programs. There are over 30 audit programs which are free for members. Some topics include: IPv6 Security Audit / Assurance Audit Program VOIP Audit / Assurance Program Microsoft Exchange Server 2010 Audit / Assurance Program Microsoft SharePoint 2010 Audit / Assurance Program VMware Server Virtualization Audit / Assurance Program Social Media Audit / Assurance Program
  • Slide 10
  • 10 Security, Audit & Control Features Series Security, Audit and Control Features PeopleSoft, 3rd Edition focuses on the attributes and incremental functionality in the most recent version of PeopleSoft Audit / assurance program and internal control questionnaire available as a download to members www.isaca.org/research www.isaca.org/research Others in series include: Oracle Database 3 rd Edition SAP ERP 3 rd Edition Oracle E-Business Suite 3 rd Edition
  • Slide 11
  • 11 Guidance and Practices Future Projects
  • Slide 12
  • Questions For You What topics would be on your list? Can you/your staff/your chapter provide resources (SMEs) to help? Do you know about the Chapter Research Directors? What other questions do you have? 12
  • Slide 13
  • 2012 Europe/Africa Leadership Conference, Munich, Germany, 8-9 September Successful Delivery of the Basic Membership Benefits Sue Milton, President, London Chapter
  • Slide 14
  • Objective: to engage with the wider ISACA London Chapter membership through benefit provision, thereby encouraging greater membership retention. 2012/13 Benefits Strategy
  • Slide 15
  • 4 th September 2012 (8 th ): Membership total: 2641 (2661) CISA: 1391 (1401) CISM: 484 (488) CGEIT: 80 (81) CRISC: 320 (323) Events attract 100 120. Exam revision: 6 -12 people at each session. Demographics
  • Slide 16
  • Stream 1: Monthly Thursday events. Longer sessions for 1.5 CPEs so minimum requirement of 20 CPEs more easily achievable. Stream 2: introduce a series of events at Canary Wharf, Londons 2 nd financial centre now employing more staff than the City. Proposal for 2012/13 Events
  • Slide 17
  • Introduction to the GRA SC Government Regulatory Advocacy Sub-Committee
  • Slide 18
  • What is ISACA? Vision and Mission Trust in, and value from, information and information systems ISACAs vision (to aspire to as an organization) For professionals and organizations be the leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance ISACAs mission (to guide decision making and investments)
  • Slide 19
  • 10,000+ CRISCs certified since inception in 2010 4,000+ CGEITs certified since inception in 2007 12,000+ CISMs certified since inception in 2003 70,000+ CISAs certified since inception in 1978 What does ISACA do? Respected Professional Credentials
  • Slide 20
  • ISACA Member Benefits Connecting you with a global community of nearly 100,000 Community & Leadership Professional Development Opening the door to thought leadership, research and knowledge Journal (free CPE) Research publications (many free to members!) COBIT 4.1 Val IT Risk IT ITAF BMIS COBIT mappings COBIT Security Baseline 2nd Ed. Interactive Web site Audit programs and ICQs Research and Knowledge E-Library E-Symposia and Virtual Trade Shows (VTS) (free CPE quizzes) and Webcasts Career Centre CISA, CISM, CGEIT, CRISC discounts Mentoring (free CPE) Reduced certification maintenance fees Conference/training discounts Bookstore discounts Networking Leadership opportunities at local and global level Enhanced online communities via new ISACA web site Local Chapters Low-cost education In person training Exam preparation Business and social events Engage with people who understand your professional needs Increasing your value advancing your career Providing a local network of professionals
  • Slide 21
  • What does the GRA do? Key Responsibilities Increase ISACAs visibility by promoting ISACA members credibility and capability, value of ISACAs certifications, and robustness of COBIT and all knowledge products, including professional development On behalf of ISACA, monitor, coordinate and potentially respond to regulatory and/or legislative issues that may impact ISACA members and certification holders professionally. 2012 Focus National Audit Bodies Reserve banks and financial services regulators Agencies focused on Cyber Security, Privacy and Forensics National Workforce and IT Skill Development Communicate Subcommittee activities and opportunities for regulatory and legislative advocacy to ISACA Chapter leaders and members
  • Slide 22
  • IT Audit Regulation in Turkey Kaya Kazmirci, CISA, CISM Chapter President Assoc. Prof. Dr. zzet Gkhan zbilgin, CRISC Government Relations Director Leadership Conference Munich, 8.9.2012
  • Slide 23
  • IT Audit Regulation Banking Regulatory and Supervision Agency Capital Markets Board of Turkey Turkish Court of Accounts Information Technology and Communication Agency Republic of Turkey Prime Ministry Undersecretariat of Treasury
  • Slide 24
  • Banking Regulatory and Supervision Agency www.bddk.org.tr Regulation on IS Audit to be made in banks by independent audit institutions (published in the Offical Gazette dated December 5, 2006) Comminique on the report format of IS Audit Mandates statutory CobiT compliance for banks (1st in Europe, maybe in the world)
  • Slide 25
  • Banking Regulatory and Supervision Agency Article 19 says each control object realized in the scope of articles written in regulation is evaluated in compliance with the methods in the framework of CobiT
  • Slide 26
  • Capital Markets Board of Turkey www.spk.gov.tr Regulations based on CobiT, ISO 27001. IT Audit is implemented periodically in organizations regulated by CMB (i.e. stanbul Stock Exchange, Central Registry Agancy) Regulation on IS Audit for the brokerage houses implementing foreign exchange
  • Slide 27
  • Other institutions Turkish Court of Accounts www.sayistay.gov.tr Information Technology and Communication Agency www.btk.gov.tr Republic of Turkey Prime Ministry Undersecretariat of Treasury www.treasury.gov.tr
  • Slide 28
  • Communities Committee and Knowledge Center Overview 2012 Europe/Africa Leadership Conference Miroslaw Kalinski, CC member, ISACA Warsaw chapter
  • Slide 29
  • Communities Committee Analyze community characteristics of all visitors to the web site to identify community interests or opportunities to develop communities based on characteristics such as language, geography, etc. Identify online communities outside website and determine response. Analyze community characteristics of all visitors to the web site to identify community interests or opportunities to develop communities based on characteristics such as language, geography, etc. Identify online communities outside website and determine response. Assist boards, committees and task forces to identify communities that may support project or program initiatives. Develop programs to create and support communities. Develop criteria to evaluate Communities Committee program activities and report progress to the Relations Board. Assist boards, committees and task forces to identify communities that may support project or program initiatives. Develop programs to create and support communities. Develop criteria to evaluate Communities Committee program activities and report progress to the Relations Board. Charge: Identify and support activities to encourage the development of ISACA communities.
  • Slide 30
  • The Objective is Participation. the Goal is Community The Knowledge Center I need an audit program How do you secure the cloud?
  • Slide 31
  • 31 2012 ISACA. All rights reserved - Confidential Total and Unique Members As of 1 September 2012
  • Slide 32
  • Resources and Collaboration The Knowledge Center houses all of ISACAs research deliverables as well as topic-based communities.
  • Slide 33
  • Knowledge Center Topics
  • Slide 34
  • 34 2012 ISACA. All rights reserved - Confidential
  • Slide 35
  • THANK YOU!!!!!