Vous êtes ici :   Accueil » RSS - Isaca.org
Prévisualiser...  Imprimer...  Imprimer la page...
Base de connaissances

 1662951 visiteurs

 1 visiteur en ligne


Notre site



Neuchâtel, Suisse

Mes coordonées

Crée votre Code

RSS - Isaca.org

ISACA Now: Posts


RSS feed for the Posts list.

A Seat at the Table: Internal Auditors as Operational Partners and Organizational Strategists  Voir?


Robin LyonsIT auditors new to the profession may hear references to a time when the internal audit function was viewed as the “police.” Years ago, it was not uncommon for organizations to perceive internal audit’s responsibilities of assessment and evaluation as being similar to that of a policing function. Operational errors or deficiencies identified and reported were analogous to crimes in the world of law enforcement. To be fair, there were some personality types within the internal audit profession who didn’t object to that characterization. If the characterization were true, however, most auditors did not favor that characterization and probably all of the IT function and management wished for it to go away. So, auditors worked to counter that perception and management continued to provide feedback on what it wanted from internal auditors. One big ask from management was “If internal audit surfaces issues that are either already known or that could be easily corrected, what value does internal audit provide?”

The answer to that question was delivered when auditors created opportunities through compliance initiatives, business process documentation and other operational areas to work with the IT function outside of the audit process. More frequent involvement between auditors and the IT function offered the benefit of a better working relationship than when the auditors were perceived as the police. But, in reality, whether internal audit is adding value is a dynamic perception. As organizations are characterized as engaging in disruptive innovation, continuous development, or digitalization, the audit function must complement its operational partnership with a strategic partnership to keep pace with the organization and to add value. (Just to be clear, the auditors are not creating strategy; rather, they are mindful of strategic impacts in all of their work and they communicate those impacts with senior management and the board).

The path to strategic partnership may be more easily stated than achieved, though. In the 2019 Global IT Audit Benchmarking Study from ISACA and Protiviti, 81 percent of respondents from Africa indicate that IT audit directors (or equivalent) regularly attend audit committee meetings, but respondents from other regions provided less encouraging results, with that data point ranging between 46 and 64 percent. A Chief Audit Executive (CAE) may attend audit committee meetings in place of an IT audit director; however, of the two positions, the IT audit director generally has more comprehensive involvement with IT audit assessments and evaluations. Without being part of the these and other meetings where strategic discussions take place, it is a challenge for the audit profession to assume the role of strategists.

To earn a seat at the table where strategic discussions are taking place, IT audit directors and their teams should embrace the role of strategist by emphasizing their work through the lens of the organization. For example, once the organizational impact of a risk has been identified, a strategist will extend the discussion to what the organizational impact means for the overall strategy and mission of the organization. Framing this communication in financial terms is often appreciated by senior management and is fairly easy to do. On the more challenging end of the spectrum for the strategist (and most valuable to the organization) are communications that are forward-thinking. Without being clairvoyant, the internal audit strategist can share with senior management and the board what trends their industry is experiencing or solutions for known concerns before those concerns turn into problems. This is much more valuable than an after-the-fact summary of where things went wrong.

In self-assessing how much value they are creating, internal auditors should evaluate the state of their strategic partnerships and acknowledge the interdependency of operational and strategic partnerships, but focus on the forward-looking benefits that being strategic offers. When the transition to organizational strategist has been socialized and accepted by the organization, perhaps the coveted seat at the table will be earned.

Category: Audit-Assurance
Published: 10/15/2019 7:59 AM

... / ... Lire la suite

(14/10/2019 @ 17:44)

ISACA’s SheLeadsTech™ Second Day of Advocacy in DC: Paving Pathways for More Women and Girls in Tech  Voir?


More than 60 women and men gathered on Capitol Hill in Washington, DC, on 7 October for the SheLeadsTech program’s second annual Day of Advocacy. Featuring presentations on issues facing the tech workforce and women in the field, plus congressional visits, the Day of Advocacy allowed SheLeadsTech professionals to connect their own experiences with policy and expand their networks. ISACA also launched its “Tech Workforce 2020: The Age and Gender Perception Gap” study at the event.

The mission of SheLeadsTech is to increase the representation of women in technology leadership roles and the tech workforce through raising awareness, preparing to lead, and building global alliances. In addition to visiting 19 congressional offices representing nine states and the District of Columbia, SheLeadsTech professionals met with staff from the House Committee on Science, Space and Technology (Subcommittee on Science and Technology) and the Senate Committee on Commerce, Science and Transportation (Subcommittee on Communications, Technology, Innovation and Internet). The SheLeadsTech delegates were able to share their experiences with members of Congress to bring to life the issues that women face in the technology workforce as well as discuss three proposed pieces of legislation: the Building Blocks of STEM Act, the 21st Century STEM for Girls and Underrepresented Minorities Act and the Cyber Ready Workforce Act.

  • The Building Blocks of STEM Act (S. 737, H.R. 1665) would create and expand upon science, technology, engineering, and mathematics (STEM) education initiatives at the National Science Foundation (NSF) for young children, including new research grants to increase the participation of girls in computer science.
  • The 21st Century STEM for Girls and Underrepresented Minorities Act (H.R. 1591, S. 1299) would empower school districts to better engage girls, young women and minority students in the STEM fields. It would also provide funding for local school districts to create the necessary infrastructure for enhanced STEM learning early in a student’s academic career.
  • The Cyber Ready Workforce Act (S. 1466, H.R. 2721) would establish a grant program within the Department of Labor where grants will be awarded on a competitive basis to workforce intermediaries to support the creation, implementation and expansion of registered apprenticeship programs in cybersecurity.

Staff from the House Committee on Science, Space and Technology noted that constituents sending letters of support for legislation is critical for Congress to understand the grassroots interests and individual perspectives from professionals in the tech field. 

ISACA released its “Tech Workforce 2020: The Age and Gender Perception Gap” research in conjunction with the SheLeadsTech Day of Advocacy. The study found that women professionals in IT often feel stuck in their current positions and are unsure of what steps can be taken to advance their careers; they believe that more women in the tech workforce will allow for more role models and mentors. Additionally, the report found that 49 percent of women say their employers have no programs that focus on recruiting more women into tech roles.

One SheLeadsTech delegate from the Washington, DC, area, noted that she is the highest-level woman in her company “and shouldn’t be,” as she has been in the field for a decade and is in middle-management. “No one ahead of me is tackling diversity and inclusion.”

ISACA CEO David Samuelson visited US Sen. Dick Durbin’s office as well as the House Committee on Science, Space and Technology, and joined delegates from Washington, DC, as they visited their representative. He explained that the SheLeadsTech program has been a grassroots movement from ISACA’s global membership and is leading the drive for more leaders in the technology workforce. “The cybersecurity battlefield needs diversity of thought to actually win,” he said. “It requires differing skill sets, amplified skill sets. We won’t win without women.”

Visiting the Hill, attending the morning keynote and panel sessions, and being able to network with other SheLeadsTech participants allowed for women and men to engage with policy and personal career goals. “This was such a unique experience,” said attendee Jeanette Snook, cybersecurity analyst for Visa, Inc. “I’ve lived [in the DC area] for years and have never visited my members of Congress to discuss issues. I want to make a difference and take it back with me to my role and for others.”

Category: ISACA
Published: 10/14/2019 9:39 AM

... / ... Lire la suite

(14/10/2019 @ 15:42)

Big Data Analytics Powering Progress in Animal Agriculture  Voir?


There has been significant progress in technologies that can be utilized in the livestock industry. These technologies will help farmers, breeders associations and other industry stakeholders in continuously monitoring and collecting animal-level and farm-level data using less labor-intensive approaches.

Specifically, we are seeing the use of fully automated data recording based on digital images, sounds, sensors, unmanned systems and real-time uninterrupted computer vision. These technologies can help farmers tremendously and have the potential to enhance product quality, well-being, management practice, sustainable development and animal health, and ultimately contribute to better human health.

These technologies, when implemented with rich molecular information such as transcriptomics, genomics, and microbiota from animals, can help achieve the long-lasting dream of implementing precision animal agriculture. What this means is, with the help technology, we will be able to better monitor and manage an individual animal with tailored information.

However, the complexity of data generated and its growing volume, by the fully automated data recording or phenotyping platforms mentioned above, leads to several hindrances in the successful implementation of precision animal agriculture.

How Machine Learning and Data Mining Helps
The growing areas of machine learning and data mining are expected to help meet the challenges faced in global agriculture.

When combined with big data, machine learning models can be used as a framework for biology. However, as mentioned above, models of highly complex data usually suffer from overfitting, when we train it with a lot of data. Overfitting is the biggest problem in the failure of naive applications with complex models.

The primary reasons for applying machine learning techniques to animal science are:

  1. To build prior knowledge for regularization with continued efforts
  2. To continuously gather data sets and integrate data sets with different modalities to increase the size of the collected samples that can be utilized for training

After collecting the data, one has to keep in mind the computational load that is required to analyze the chunks of integrated data sets. Whenever possible, one should also consider the compatibility of the model with parallel computing.

For example, GPU cloud computing services offered by Amazon AWS and Microsoft Azure might prove useful. They also provide infrastructures to secure, host and share big data. With the guidance of machine learning and data methods, one can reach the next phase of growth in big data to reconsider all characteristics of management decisions in the animal sciences.

In conclusion, precision animal agriculture is bound to rise in the livestock enterprise in the domains of production, management, welfare, health surveillance, sustainability and environmental footprint. Significant progress has been made in the utilization of tools to regularly monitor and collect information from farms and animals in a less tedious manner than before.

With these methods, the animal sciences have embarked on a journey to improve animal agriculture with information technology-driven discoveries. The problem of overfitting can be dealt with by utilizing popular cloud platforms like AWS and Azure.

About the author: Harsh Arora is a proud father of four rescued dogs and a leopard gecko. Besides being a full-time dog father, he is a freelance content writer/blogger and a massage expert who is skilled in using the best massage gun to deliver the best results.

Category: Cloud Computing
Published: 10/11/2019 3:06 PM

... / ... Lire la suite

(10/10/2019 @ 20:31)

ISACA Well-Positioned to Advance Learners’ Journeys  Voir?


Nader QaimariI am the product of a liberal arts education. On the surface, what I learned in school has very little relevance to my day to day right now, yet, when you dig deeper, the communication and critical thinking skills that education instilled in me helped in ways beyond measure. To be fair, though, I am not protecting an organization against a cybersecurity attack, writing the next AI algorithm, or planning security measures for my organization’s network. Those skills would likely have to come from different places.

In 2019’s Inside Higher Ed survey of chief academic officers at public and private colleges and universities, the percentage of provosts rating their institutions as very effective in preparing students for the world of work ranged from 41 to 45 percent, with community colleges giving themselves the highest marks. This is down significantly from 2014, when the number of those strongly agreeing hovered around 56 percent. Is academia beginning to realize what hiring managers already know? In fact, many of us are surprised that the number is even that high. At this point, companies are hiring for fit more than anything else, accepting the fact that most skills have to be taught on the job.

Having spent the past 21 years working for businesses that support educational institutions with products and services, I have a first-hand account of the challenges these institutions face as they try to adjust to meet the needs of the changing job market. Some of them are making great strides, adjusting their curriculum by infusing courses and degrees that are aligned with market needs. In fact, my children’s elementary school recently became the first in the nation to implement an AI curriculum. On the other end, however, the majority continue to run as they always have, complacent with the fact that after high school, kids will need to relearn things in college, and after college, young adults will need to learn things on the job.

This presents an opportunity. Having started recently as ISACA’s Chief Learning Officer, I am tasked to help determine which solutions and services we can provide to help address this skills gap in areas where it is most pronounced, such as cybersecurity, risk, privacy, artificial intelligence, and many other terms that are not even yet mainstream. As an association with leading certificates and certifications in a number of these areas, I am confident we can play a role to bridge schooling to work in a way that has not been done before. We have the ability to connect students and institutions to jobs and opportunities through our vast, global chapter and member network, in areas with the highest worker demand, unlike anyone else. We also can help these students as they embark on their careers, supporting them all the way to retirement, with professional learning opportunities that meet them right where they are.

To do this, we are embarking on a global project to study and document a learner’s journey – from middle school to retirement, in a number of key areas that fall within ISACA’s domain. This will help us determine ways that ISACA can support these pathways – from a CISA looking to expand his or her expertise to learn the intricacies of blockchain, to the high schooler who may bypass college altogether to earn a cybersecurity practitioner certification. It will also help inform how jobs may be changing – how does the work of an auditor change in an AI-driven world? What are the ethical implications of all these technological advances and what training and controls need to exist to keep it all in check? Further, it will help inform the types of products we develop. Because today’s students consume content differently in school than previous generations, how will this affect how they want to learn when on the job in the future? Do we need to create more bite-size learning content? Should we be assessing performance through real-life scenarios as opposed to simply knowledge of subject matter?

Stronger collaboration between the academic and corporate worlds is long overdue. Associations such as ISACA, which operates in one of the fastest-growing and most exciting domains, can facilitate and expedite this collaboration. We can also do good in the process. Underrepresented communities can be lifted with the right training. We can connect high-demand jobs with candidates all over the world, presenting them with opportunities they never even knew existed. We can provide skills-based training, coupled with core, general education, and aligned to specific company demands – no shiny objects, no technology frills. This is the future of learning.

Category: ISACA
Published: 10/10/2019 10:00 AM

... / ... Lire la suite

(08/10/2019 @ 23:08)

Regulatory Landscape Provides Added Incentive for Enterprises to Explore Blockchain  Voir?


Chris K. DimitriadisThe increasing emphasis on data privacy gained widespread attention last year with the enforcement deadline of the General Data Protection Regulation (GDPR). Regardless of your perspective on GDPR and its impact on enterprises, the need for organizations to provide more robust solutions to protecting customers’ data is only going to escalate as data sources continue to proliferate and the regulatory environment continues to evolve. While many organizations remain in the early stages of determining if and how blockchain fits into their digital transformation plans, the role blockchain can play in driving toward improved data privacy in addressing regulatory requirements such as GDPR could serve as an additional factor in their considerations.

Blockchain is among the most disruptive of the high-profile technologies that are being used today to help enterprises transform, and it is certainly one of the technologies with the most intriguing outlook for enterprise security leaders. Blockchain brings a range of data integrity-enhancing capabilities that should be appealing to most information security professionals, such as the ability to manage the identify of users, leverage tokens to build trust among all parties and make it impossible for hackers to access a trove of information in a single repository due to the decentralizing recordkeeping. Respondents to ISACA’s Digital Transformation Barometer identify artificial intelligence and big data as the technologies with the most transformational potential, but the considerable amount of hype blockchain has receives is good with good reason – there is real potential for blockchain to revamp business models and create unprecedented business efficiencies. These capabilities, though, can only come to fruition if the proper governance, risk and compliance considerations are accounted for, and if the implications of blockchain deployment are workable within the context of the evolving regulatory landscape, most notably including GDPR.

Private and Permissioned Blockchains Particularly Promising for GDPR Compliance
On that front, a recent report by the European Parliamentary Research Service provided some interesting context. As the report notes, “blockchain technologies are a data governance tool that could support alternative forms of data management and distribution and provide benefits compared with other contemporary solutions. Blockchains can be designed to enable data-sharing without the need for a central trusted intermediary, they offer transparency as to who has accessed data, and blockchain-based smart contracts can moreover automate the sharing of data, hence also reducing transaction costs. Furthermore, blockchains’ crypto-economic incentive structures might have the potential to influence the current economics behind data-sharing.” Despite the considerable upside, there are certainly challenges and nuanced use cases to work through. The report makes it clear, for example, that private and permissioned blockchains are better suited to comply with GDPR than permission-less blockchains. And more generally, there is not a single, clear-cut verdict on whether blockchains as a whole are GDPR-friendly, meaning individual use cases must be investigated and vetted on their individual merits.

Blockchain Brings the Potential for Automation, Clarity and Integrity
But while many open questions remain in terms of how blockchain fits into the modern regulatory landscape, it is clear that blockchain presents new opportunities to strengthen enterprises’ approach to data governance and data privacy. Addressing a variety of GDPR challenges, such as data subject consent management, can be managed through the introduction of blockchain, similarly to the contract management case. There are several other use cases to consider, such as the serving of data subject rights in environments in which many organizations and individual stakeholders are involved (from controllers to processors and subprocessors). In these instances, blockchain is capable of providing the automation, clarity and integrity required.

In the bigger picture, information security professionals need to embrace a future-minded approach, recognizing that the security programs of the past decade, in many cases, will not be sufficient to position their enterprises for success going forward. This mindset should not only apply to improving business results, but must also extend to the growing challenge of keeping pace with the increasing demands of the regulatory environment. Similar regulations to GDPR are being enacted around the globe, as the need for robust data privacy knows no geographic bounds. These evolving requirements provide all the more incentive for enterprises to explore what blockchain and other emerging technologies can do to strengthen their security programs and better position their organizations to meet current compliance requirements as well as prepare for the compliance challenges of the future.

Editor’s note: This blog post originally published in CSO.

Category: Government-Regulatory
Published: 10/9/2019 3:04 PM

... / ... Lire la suite

(08/10/2019 @ 23:30)

Dernière mise à jour : 15/10/2019 @ 22:11