Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISACA OVERVIEW June 2015.

Similar presentations


Presentation on theme: "ISACA OVERVIEW June 2015."— Presentation transcript:

1 ISACA OVERVIEW June 2015

2 What does ISACA bring to the table INTOSAI / ISACA Opportunities
agenda Who is ISACA What does ISACA bring to the table INTOSAI / ISACA Opportunities

3 Background Who Are We? What Do We Do? How Do You Know Us?
Nonprofit IT Professional membership association founded in 1969 Over 140,000 professionals, 220 chapters in 180 countries What Do We Do? Assist IT leaders - trust in, & value from, information & information systems Provide knowledge, standards, networking, and career development for information systems audit, cyber security, risk and governance professionals. How Do You Know Us? CISA CRISC CISM CGEIT COBIT

4 ISACA - strong ties with notable global entities
As illustrative examples, ISACA has relationships with: ISO—ISACA holds the highest possible liaison status for three committees IFAC – Member and serve on Consultative Advisory Group ENISA and NIST—Joint programs and champion of Cybersecurity Month SFIA – Member of Advisory Council – IT Skills for Information Age CIONET—A partner on a governance study Speaking notes: *It is clear that we need cooperation to tackle the evolving needs of all of our members. *Cooperation is required among jurisdictions and among all professions.

5 ISACA - helping shape the future
Build engagement among all professions. Adapt as professions have growing dependencies. Become more agile and responsive to quick-changing market trends. Utilize market research and insights to ensure needs are being met.

6 ISACA’s multidisciplinary approach
Security Audit Governance Risk Offers tools for all related areas. Understands that Risk, Audit, Governance and Security rely on each other and must be interconnected. No profession stands by itself. *A unique benefit of our membership in ISACA is the holistic portfolio of offerings. There are tools for each profession, but also a fundamental recognition that each area must work with the other.

7 Key factors for all focus areas:
Governance Information and Cyber Security IT Audit/ Assurance IT Risk Remove silos. Develop a strong network of diverse professionals. IT transformation is the new normal. This teamwork is critical to: address challenges in a holistic manner and avoid overlaps and misalignments with the goals of each organization. *Can you imagine a cybersecurity strategy without an IT governance component that ensures alignment with business goals? *Can you imagine an audit program that doesn’t address risk management and cybersecurity practices?

8 professionals in all focus areas.
Speaking notes: *Focus areas include Information and Cybersecurity; IT governance; IT audit/assurance; and IT risk. *ISACA’s areas of focus—including cybersecurity, governance, audit and risk—all rely on each other for successful outcomes.

9 Focus area: IT audit/assurance
Global requirements are fueling the need for more IT audit/assurance guidance and tools. Areas of growth include mandatory audits of an organization’s privacy and cybersecurity policies. Analytics are increasingly viewed as a key enabler of the execution of audit strategy. We can look at this from the other direction and create value by taking regulations and governance activities and using them as a foundation for best practices that are adopted and used throughout the enterprise.

10 ISACA Offer: IT audit/assurance
Increase engagement with leaders in the field. Use data insights to generate new tools for professionals and Audit Committees. Recognize that technology is changing the way auditors plan and execute audits. *Planning to hold another IT Audit Director Forum. *Much of ISACA’s guidance focuses on help IT audit/assurance professionals develop a coordinated approach that integrates with other areas. *Cybersecurity was listed as a primary IT audit concern in the ISACA/Protiviti survey. *Published A Global Look at IT Audit Best Practices and Information Systems Auditing: Tools and Techniques based on the survey results

11 Future trends: IT audit/assurance
Cyber security and privacy are rated as top technology challenges of IT auditors.* Enterprises face significant IT audit staffing and resource challenges.* Audit/IG committees are becoming more engaged in IT audit.* IT audit risk assessments will need to be conducted more frequently.* IT audit reporting structures and audit reports will be improved.* *Concern about cybersecurity may be driving trends such as increased involvement of audit committees in IT audit activities. *Staffing challenges is an undercurrent in many of the survey’s findings. *Over the past 3 years, the percentage of IT audit leaders that regularly attend audit committee meetings has doubled. *It’s surprising, but some companies still do not conduct IT audit risk assessments. This should be done at least on a quarterly basis, but ideally more often. *IT Audit Benchmarking Survey, ISACA and Protiviti, 2014

12 Focus area: IT governance
Cloud IT Governance Big Data Cyber Mobile Increased use of IT has allowed the opportunity for enterprises to be more efficient – also has shown the large need for IT governance. Speaking notes: Many standards-based enterprises are moving toward principles-based reporting, resulting in a greater need for framework guidance.

13 Future trends: IT governance
There is a greater need for managing staff “technology information” gaps. IT governance will increasingly need to address risk management and cybersecurity. Accounting standards will continue to converge. Organizations will increasingly establish data governance policies and practices. *”Trillions of assets are still managed on outdated legacy systems,” according to a SimCorp report. IT governance will need to be used as organizations worldwide struggle to adapt to new IT-related demands.

14 ISACA Offer: IT governance
Further guide enterprises on: Increasing transparency Improving the agility of IT governance Expanding utility of IT governance Creating robust value-creation plans Developing results-focused milestones Ensuring disciplined internal controls Cultivate and support COBIT training and usage globally. *Increased requirements and demands for transparency are providing IT governance a leading platform and global voice. *COBIT 5 online offers a searchable platform with COBIT content and curated news; more than 475,000 page views from more than 88,000 unique users; enterprise; new Goals & RACI Planner and Self-Assessment Tool *Enterprise license program rolled out in March 2015. *First-ever COBIT 5 Conference held in March 2015; next one is in November in Denmark *Future planned publications cover benefits realization and value assessment.

15 The Cobit 5 framework Helps enterprises to create optimal value from IT by maintaining a balance between realising benefits and optimising risk levels and resource use Enables information and related technology to be governed and managed in a holistic manner for the whole enterprise, taking in the full end-to-end business and functional areas of responsibility, considering the IT-related interests of internal and external stakeholders Principles and enablers are generic and useful for enterprises of all sizes, whether commercial, not-for -profit or in the public sector *Increased requirements and demands for transparency are providing IT governance a leading platform and global voice. *COBIT 5 online offers a searchable platform with COBIT content and curated news; more than 475,000 page views from more than 88,000 unique users; enterprise; new Goals & RACI Planner and Self-Assessment Tool *Enterprise license program rolled out in March 2015. *First-ever COBIT 5 Conference held in March 2015; next one is in November in Denmark *Future planned publications cover benefits realization and value assessment.

16 Cobit 5 Principles

17 Cobit 5 Enablers

18 Governance and management
Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed direction and objectives [EDM] Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives [PBRM]

19 Enterprise benefits Enterprises and their executives strive to: Maintain quality information to support business decisions Generate business value from IT-enabled investments, i.e. achieve strategic goals and realise business benefits through effective and innovative use of IT Achieve operational excellence through reliable and efficient application of technology Maintain IT-related risk at an acceptable level Optimise the cost of IT services and technology

20 Focus area: Information and cyber security
Digital technologies are: The backbone of the world economy Key enablers of innovation, freedom and prosperity -and- Trust is the foundation of the digital market— it is now a matter of public safety. *Cyberthreats don’t take holidays. They have no time or border limitations, and they are fueled by smart and motivated people. *Cybersecurity is everyone’s responsibility.

21 Future trends: information and Cyber security
Cyberattacks will increase, and will become even more profitable. There will be a continued gap in skilled professionals. Cybersecurity will become exponentially complex. Regulatory and policy bodies must coalesce. Investments in cybersecurity will increase. (But will it actually help?) Effective cybersecurity will be viewed as a competitive edge. *Based on observations and experience, these are the trends I see for cybersecurity. *Increase in cyberattacks partly due to the fact that attackers often have 1 objective, while a security team has to protect against many diverse adversaries using a variety of threat vectors. *[Example of growing complexity] In the 1990s it was possible to read all log files and have a single choke point to enforce a defined perimeter. Now some companies generate terabytes of log data—Facebook, for example, generates 7 TB of logs every 2 minutes.

22 ISACA offer: Cyber security
Generate insights into innovative programs and guidance that are needed and not yet available. Increase collaboration with public and private entities. Develop deeper engagement with potential cybersecurity professionals (students, women, career-changers) Speaking notes: What we need to do: *ISACA is collaborating with industry and governments to address the cyber skills gap, but this needs to be elevated and accelerated. *ISACA’s market research program needs to continue to mature and provide impactful learnings. Highlights of what we have already done: *Cybersecurity Nexus (CSX) launch is helping shape the future of cybersecurity through thought leadership, knowledge, tools and guidance. It offers tools for every stage of a professional’s career. *CSX is the first to combine skills-based cybersecurity training with performance-based certifications: CSX Practitioner, CSX Specialist (Identify, Detect, Protect, Respond and Recover), CSX Expert *New CSX web site launching in June 2015.

23 csx – a paradigm shift Skills-Based Training and Performance-Based Certifications Designed to help build, test and showcase skills in critical areas of cybersecurity – prove individuals have the ability to do the job from day one. Unlike other certifications available today which test for knowledge in a question and answer format, CSX training and exams are conducted in a live, virtual “cyber lab” environment — providing validation of actual technical skill, ability and performance. Training will be available through leading global training partners, to help professionals build skills needed at each certification level Speaking notes: What we need to do: *ISACA is collaborating with industry and governments to address the cyber skills gap, but this needs to be elevated and accelerated. *ISACA’s market research program needs to continue to mature and provide impactful learnings. Highlights of what we have already done: *Cybersecurity Nexus (CSX) launch is helping shape the future of cybersecurity through thought leadership, knowledge, tools and guidance. It offers tools for every stage of a professional’s career. *CSX is the first to combine skills-based cybersecurity training with performance-based certifications: CSX Practitioner, CSX Specialist (Identify, Detect, Protect, Respond and Recover), CSX Expert *New CSX web site launching in June 2015.

24 Global Event in North America
Global event sponsored by ISACA for the cybersecurity community and those seeking current knowledge of cybersecurity threats and defenses and to build or enhance technical cyber skills and capabilities SAVE THE DATE: October 17 – 21 Register at:

25 Focus area: IT risk Public and private sector environment continues to evolve quickly. Heads of State and Agency leads as well boards of directors and executive management teams cannot afford to manage risks casually on a reactive basis, especially with the rapid pace of disruptive innovation and technological development. *Resistance to change may make it more difficult for organizations to transform, and this needs to be addressed, along with the risk itself. *Entities in virtually every industry and country are reminded, all too frequently, that they operate in a risky world, where complex enterprise-wide threaten reputation and brand.

26 Need to increase the risk qualifications of most senior members.
Future trends: IT risk Need to increase the risk qualifications of most senior members. Staff will be encouraged to proactively identify and mitigate risk. Operations will need to evolve to address performance and go-to-market risk. Emerging technologies will address global problems and create new capabilities, but also present hard-to-foresee risk. *Enterprises are facing increased risk from many areas, including increased competition, cyberattacks, need to continually innovate, economic conditions and the need to attract and retain skilled workers. *Emerging tech, such as synthetic biology and artificial intelligence, offer tremendous potential, but also introduce new risk.

27 Increase practical guidance on risk related to new technology.
ISACA Offer: IT risk Increase practical guidance on risk related to new technology. Improve understanding of business risk in addition to technical risk. Develop practical risk-related guidance on Basel III and operational risk. *ISACA is increasing its focus on the area of risk and how it is interwoven with other disciplines. *Published Risk Scenarios Using COBIT 5 for Risk

28 INTOSAi WGITA / Isaca Collaboration Support
Guidance for IT Audit handbooks and standards Cybersecurity developments – IT Audit IT Governance project Recognition of ISACA certifications, knowledge and frameworks Support for INTOSAI and ISACA journals

29 INTOSAi WGITA / Isaca Collaboration Support
Growth through local and regional Chapter events - support as CPE/CPD.  Dialogue opportunities with Chapters and regional GRA Committees Two way input and support via websites Training guides and certification areas - CPE/CPD

30 Questions and discussion
THANK YOU!


Download ppt "ISACA OVERVIEW June 2015."

Similar presentations


Ads by Google