Spring Education Conference. Securing the Organization (Ensuring Trustworthy Systems)

Similar documents
Report of the Nominating Committee

ISACA International Perspective

A Global Look at IT Audit Best Practices

Report of the Nominating Committee

BRING EXPERT TRAINING TO YOUR WORKPLACE.

We would like to announce to you a number of upcoming changes to the Certified Internal Auditor Exam:

BECOME TOMORROW S LEADER, TODAY. SEE WHAT S NEXT, NOW

MY CERTIFICATION HELPED ME GET HERE. MY MEMBERSHIP HELPS KEEP ME HERE.

The Role of Public Sector Audit and Risk Committees in Cybersecurity & Digital Transformation. ISACA All Rights Reserved.

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Table of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers

The Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA

IS Audit and Assurance Guideline 2002 Organisational Independence

ROI for Your Enterprise Through ISACA A global IS association helping members achieve organisational success.

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

ISACA. Certification Details for Certified in the Governance of Enterprise IT (CGEIT )

WELCOME TO ISACA Claudio CILLI, CISA, CISM, CRISC, CGEIT

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

COURSE BROCHURE. COBIT5 FOUNDATION Training & Certification

Administrative Directive No. 4: 2011 Continuing Professional Education Requirements for All Certification Programs

building for my Future 2013 Certification

IS Audit and Assurance Guideline 2001 Audit Charter

IT Strategic Planning: Making Your IT Organization Efficient and Effective

Cybersecurity and the Board of Directors

COPYRIGHTED MATERIAL. Index

Securing Your Digital Transformation

CSF to Support SOC 2 Repor(ng

2018 CALENDAR OF ACTIVITIES

Strategies for Deriving Maximum Benefit From Audit. Allan Boardman CyberAdvisor.London

COURSE BROCHURE CISA TRAINING

Turning Risk into Advantage

Invest in. ISACA-certified professionals, see the. rewards.

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

Securing Digital Transformation

Memphis Chapter. President s Message. This annual event is designed to provide students with a

Exploring Emerging Cyber Attest Requirements

ISACA MADRID DECEMBER Robert E Stroud CEGIT CRISC International President December 2014

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

Risk Advisory Academy Training Brochure

Risk Based IT Auditing Master Class. Unlocking your World to a Sea of Opportunities

Privacy hacking & Data Theft

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

INTELLIGENCE DRIVEN GRC FOR SECURITY

Article II - Standards Section V - Continuing Education Requirements

Drive Your Career Forward IIA Certifications and Qualifications

Drive Your Career Forward IIA Certifications and Qualifications

COBIT 5 With COSO 2013

Information Governance: What s all the Hype? Raymond K. Cunningham, Jr. CRM, CA, CDIA+, CIP, CIPM University of Illinois Foundation

BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE

Application for Certification

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

Next Generation Policy & Compliance

Mobile Security / Mobile Payments

Data Management and Security in the GDPR Era

Cybersecurity & Privacy Enhancements

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

Les joies et les peines de la transformation numérique

What is ISO ISMS? Business Beam

NERC Staff Organization Chart Budget 2019

The Black Box Institute

Government IT Modernization and the Adoption of Hybrid Cloud

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

Accelerate Your Enterprise Private Cloud Initiative

I D C T E C H N O L O G Y S P O T L I G H T

THE POWER OF TECH-SAVVY BOARDS:

Moving to computing are auditors ready for the security challenges? Albert Otete CPA CISA ISACA Uganda Workshop

ISACA Enterprise. Solutions and Resources

Top Business/Technology Issues Survey 2011

Opportunities to Integrate Technology Into the Classroom. Presented by:

IT Audit Process. Prof. Mike Romeu. January 30, IT Audit Process. Prof. Mike Romeu

Angela McKay Director, Government Security Policy and Strategy Microsoft

NERC Staff Organization Chart Budget 2019

Business Context: Key for Successful Risk Management

Survey Report Industry Survey. Data Governance, Technology & Analytics Trends Q1 2014

DATA PRIVACY & PROTECTION POLICY POLICY INFORMATION WE COLLECT AND RECEIVE. Quality Management System

Implementation PREVIEW VERSION

The CIA Challenge Exam. August 2018

ROLE DESCRIPTION IT SPECIALIST

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

Rethinking Information Security Risk Management CRM002

Private sector s engagement in the implementation of the Sendai Framework

GOVERNMENT IT: FOCUSING ON 5 TECHNOLOGY PRIORITIES

Dell helps you simplify IT

WHITE PAPER. Title. Managed Services for SAS Technology

No IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP

ISACA Certifications Overview

STRATEGIC PLAN

Volume 2014, Number 4. Volunteers Needed!

As an IIA certified professional, the member is responsible for ensuring that the CPD information reported is accurate.

2017 RIMS CYBER SURVEY

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

Certified Information Security Manager (CISM) Course Overview

THE LIFE AND TIMES OF CYBERSECURITY PROFESSIONALS

Northeast Ohio Chapter Annual General Meeting

IT risks and controls

Security and Privacy Governance Program Guidelines

Transcription:

Spring Education Conference Securing the Organization (Ensuring Trustworthy Systems) Ken Vander Wal, CISA, CPA Past President, ISACA vandeke@gmail.com 1

2012-2013 Board of Directors International President Greg Grocholski Member at Large Past International President Kenneth Vander Wal Chicago Chapter Past International President Emil D Angelo NY Metropolitan Chapter Vice Presidents Allan Boardman London Chapter Juan Luis Carselle Mexico City Chapter Christos Dimitriadis Athens Chapter Ramses Gallego Barcelona Chapter Tony Hayes Brisbane Chapter Jeff Spivey Charlotte Chapter Marc Vael Belgium Chapter Appointed directors: John Ho Chi, Singapore Chapter; Krysten McCabe, Atlanta Chapter; Jo Stewart-Rattray, Adelaide

Agenda IT Changing Landscape IT Value, Trust and Assurance Impact on Assurance Profession Questions and Discussion 3

Pace of Change of Digital Infrastructure Digital power = Computing x Communication x Storage x Content Moore s law Fiber law Disk law Community law Doubles every 18 months Doubles every 9 months Doubles every 12 months x x x 2 n, where n is number of people Source: John Seely Brown 4

Worldwide IT Spending Forecast (Billions of US Dollars) 5

Other Gartner Predictions Technology spend outside IT will become almost 90% by end of the decade 4.4M IT jobs globally will be created to support Big Data, 1.9 M in the US $34B of IT spending in 2013 In 2016 > 1.6B smart mobile devices purchases globally Security investments to increase by 56% in five years Driver: Regulatory compliance 6

Trends Sure to Impact CIOs in 2013 1. The increasing importance of smartphones 2. Tablets will make inroads 3. The Cloud is here to stay 4. BYOD (or is it IBMOD) 5. Big Data 6. The increasing role of Windows 8 7. Social networking security 8. Small, lighter hardware 9. Increasing employee knowledge 10. Apple love Source: CIO Insight 7

Speaking of Big Data We no longer speak using terms like bytes or kilobyte (KB) or gigabytes (GB) How many bytes in a Terabyte (TB)? 10 12 (or 2 40 ) Equivalent to roughly 1,610 CDs worth of data Anyone heard of a Petabyte? Or an Exabyte? 1 Petabyte (PB) is 1,024TB 1 Exabyte (EB) is 1,024PB 1 Zettabyte (ZB) is 1,024EB 1 Yottabyte (YB) is 1,024ZB 8

2012 ISACA. Used by permission. 9

What Does It mean? Information systems environments are continuing to increase in complexity and impact, bringing unprecedented value opportunities along with significant risk. This requires: active governance and management of information advanced auditing practices 10

What is the Impact on the Audit Profession? Need to provide more value to the stakeholders of an organization by focusing more on business and information. Silos being removed: business, IT internal audit, finance internal audit, fraud investigators, security, governance, external audit, SLA managers. Era of diverse framework integration and central management. New technologies introduce new skill requirements for auditors not solely technical ones. 11

Example Securing and Auditing the Cloud requires good understanding of: Technologies (web services, virtualization) Related control frameworks Business requirements (linking IT with the business) Legal requirements (data transfer, retention, protection) Contractual agreements (e.g. impeding factors from moving to other providers) ISACA Cloud Computing Management Audit/Assurance Program 12

IT Value Factors Alignment IT and business processes Organization structure Organization strategy which responds to Business Requirements drive the investment in Integration Enterprise architecture Business architecture Process design Organization design Performance metrics Enterprise Information to deliver IT Processes IT Resources that are used by 13

Value Defined (Val IT) IT is not an end to itself but a means of enabling business outcomes. IT is not about implementing technology. It is about unlocking value through IT-enabled organizational change. Value is the total life-cycle benefits net of related costs, adjusted for risk and (in the case of financial value) for the time value of money. The concept of value relies on the relationship between meeting the expectations of stakeholders and the resources used to do so. 14

Trust Defined Definition 1: Trust is the ability to predict what a system will do in various situations. Definition 2: Trust is using an information system without having full knowledge about it. Definition 3: Trust is giving something now (credit card) with an expectation of some future return or benefit (on line purchase). Trust that: Private and sensitive information will remain confidential Process integrity is maintained Essential business processes are available or recoverable Definition 4: Trust is being vulnerable (entering private and sensitive information) while expecting that the vulnerabilities will not be exploited (identity theft). 15

Trust in an Information Society Systems should give minimum and, as much as possible, measurable guarantees and information on related risks concerning quality of service, security and resilience, transparency of actions and the protection of users data and users privacy, in accordance with predefined, acknowledged policies. Systems should provide tools and mechanisms (or allow third-party service providers to do so) that enable the user to assess the risks and audit the qualities it is claimed to possess. A bona fide trustworthy system must also entail quantifiable and auditable technical and organizational aspects of delivery (policies, architectures, service level agreements, etc.), as well as the user s perceptions on its operation. 16

Trustworthy Computing Security Privacy Reliability Integrity Investment in expertise & technology Responsible leadership and partnering Guidance and engagement through best practices & education Design, development and testing Standards and policies User sense of control over personal information Resilient continues in the face of internal or external disruption Recoverable restorable to a previously known state Controlled accurate and timely service Undisruptable changes and upgrades do not disrupt service Production ready minimal bugs or fixes Predictable - works as expected or promised Acceptance or responsibility for problems and takes action to correct them 17

Trust and Value Relationship T R U S T ASSURANCE V A L U E Trust creates the opportunity for Value Value is based on an expectation of Trust Assurance binds Trust and Value together 18

Governance Information systems are integral enablers that: Achieve an organization s strategy and business objectives Provide the confidentiality, integrity, availability and reliability of information assets Ensure compliance with applicable laws and regulations Info Security Their criticality brings to the enterprise unprecedented potential for both value creation and risk (creating the need for trust). Audit/Assurance Risk Management 19

What does all this mean for ISACA and IIA members? Learn Faster Share Knowledge Engage 20

LEARN FASTER White papers IT audit/assurance programs Survey results Other research Journal articles 21

Examples of Resources ISACA Information Technology Assurance Framework Audit programs (downloadable) IT Risk/Reward Barometer Survey elibrary White papers COBIT IIA International Professional Practices Framework Global Technology Audit Guides GAIN annual benchmarking study Chief audit executive resources 22

COBIT 5 Principles 2012 ISACA. Used by permission. 23

COBIT 5 Enablers 2012 ISACA. Used by permission. 24

COBIT 5 Enabling Processes 2012 ISACA. Used by permission. 25

SHARE KNOWLEDGE Networking at chapter, regional and international levels Use of knowledge centers and collaboration Communicate 26

ENGAGE Volunteer Share knowledge Attend Get a certification Comment on exposure drafts 27

Certifications ISACA IIA CISA CISM CGEIT CRISC CIA CGAP CFSA CCSA CRMA 28

THANK YOU 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback