ISACA OVERVIEW June 2015
30 Slides6.24 MB
ISACA OVERVIEW June 2015
AGENDA Who is ISACA What does ISACA bring to the table INTOSAI / ISACA Opportunities
BACKGROUND Who Are We? Nonprofit IT Professional membership association founded in 1969 Over 140,000 professionals, 220 chapters in 180 countries What Do We Do? Assist IT leaders - trust in, & value from, information & information systems Provide knowledge, standards, networking, and career development for information systems audit, cyber security, risk and governance professionals. How Do You Know Us? CISA CRISC CISM CGEIT COBIT
ISACA - STRONG TIES WITH NOTABLE GLOBAL ENTITIES As illustrative examples, ISACA has relationships with: ISO—ISACA holds the highest possible liaison status for three committees IFAC – Member and serve on Consultative Advisory Group ENISA and NIST—Joint programs and champion of Cybersecurity Month SFIA – Member of Advisory Council – IT Skills for Information Age CIONET—A partner on a governance study
ISACA - HELPING SHAPE THE FUTURE Build engagement among all professions. Adapt as professions have growing dependencies. Become more agile and responsive to quickchanging market trends. Utilize market research and insights to ensure needs are being met.
ISACA’S MULTIDISCIPLINARY APPROACH Offers tools for all related areas. Understands that Risk, Audit, Governance and Security rely on each other and must be interconnected. No profession stands by itself. Security Audi t Risk Governance
KEY FACTORS FOR ALL FOCUS AREAS: Remove silos. Develop a strong network of diverse professionals. IT transformation is the new normal. Governa nce
PROFESSIONALS IN ALL FOCUS AREAS.
FOCUS AREA: IT AUDIT/ASSURANCE Global requirements are fueling the need for more IT audit/assurance guidance and tools. Areas of growth include mandatory audits of an organization’s privacy and cybersecurity policies. Analytics are increasingly viewed as a key enabler of the execution of audit strategy.
ISACA OFFER: IT AUDIT/ASSURANCE Increase engagement with leaders in the field. Use data insights to generate new tools for professionals and Audit Committees. Recognize that technology is changing the way auditors plan and execute audits.
FUTURE TRENDS: IT AUDIT/ASSURANCE Cyber security and privacy are rated as top technology challenges of IT auditors.* Enterprises face significant IT audit staffing and resource challenges.* Audit/IG committees are becoming more engaged in IT audit.* IT audit risk assessments will need to be conducted more frequently.* IT audit reporting structures and audit reports will be improved.* *IT Audit Benchmarking Survey, ISACA and Protiviti, 2014
FOCUS AREA: IT GOVERNANCE Cloud Increased use of IT has allowed the opportunity for enterprises to be more efficient – also has shown the large need for IT governance. Mobile Cyber Big Data IT Governance
FUTURE TRENDS: IT GOVERNANCE There is a greater need for managing staff “technology information” gaps. IT governance will increasingly need to address risk management and cybersecurity. Accounting standards will continue to converge. Organizations will increasingly establish data governance policies and practices.
ISACA OFFER: IT GOVERNANCE Further guide enterprises on: Increasing transparency Improving the agility of IT governance Expanding utility of IT governance Creating robust value-creation plans Developing results-focused milestones Ensuring disciplined internal controls Cultivate and support COBIT training and usage globally.
THE COBIT 5 FRAMEWORK Helps enterprises to create optimal value from IT by maintaining a balance between realising benefits and optimising risk levels and resource use Enables information and related technology to be governed and managed in a holistic manner for the whole enterprise, taking in the full end-to-end business and functional areas of responsibility, considering the IT-related interests of internal and external stakeholders Principles and enablers are generic and useful for enterprises of all sizes, whether commercial, not-for -profit or in the public sector
COBIT 5 PRINCIPLES
COBIT 5 ENABLERS
GOVERNANCE AND MANAGEMENT Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed direction and objectives [EDM] Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives [PBRM]
ENTERPRISE BENEFITS Enterprises and their executives strive to: Maintain quality information to support business decisions Generate business value from IT-enabled investments, i.e. achieve strategic goals and realise business benefits through effective and innovative use of IT Achieve operational excellence through reliable and efficient application of technology Maintain IT-related risk at an acceptable level Optimise the cost of IT services and technology
FOCUS AREA: INFORMATION AND CYBER SECURITY Digital technologies are: The backbone of the world economy Key enablers of innovation, freedom and prosperity -and- Trust is the foundation of the digital market— it is now a matter of public safety.
FUTURE TRENDS: INFORMATION AND CYBER SECURITY Cyberattacks will increase, and will become even more profitable. There will be a continued gap in skilled professionals. Cybersecurity will become exponentially complex. Regulatory and policy bodies must coalesce. Investments in cybersecurity will increase. (But will it actually help?) Effective cybersecurity will be viewed as a competitive edge.
ISACA OFFER: CYBER SECURITY Generate insights into innovative programs and guidance that are needed and not yet available. Increase collaboration with public and private entities. Develop deeper engagement with potential cybersecurity professionals (students, women, career-changers)
CSX – A PARADIGM SHIFT Skills-Based Training and Performance-Based Certifications Designed to help build, test and showcase skills in critical areas of cybersecurity – prove individuals have the ability to do the job from day one. Unlike other certifications available today which test for knowledge in a question and answer format, CSX training and exams are conducted in a live, virtual “cyber lab” environment — providing validation of actual technical skill, ability and performance. Training will be available through leading global training partners, to help professionals build skills needed at each certification level
GLOBAL EVENT IN NORTH AMERICA Global event sponsored by ISACA for the cybersecurity community and those seeking current knowledge of cybersecurity threats and defenses and to build or enhance technical cyber skills and capabilities SAVE THE DATE: October 17 – 21 Register at: https://www.isaca.org/cyber-conference/register.html
FOCUS AREA: IT RISK Public and private sector environment continues to evolve quickly. Heads of State and Agency leads as well boards of directors and executive management teams cannot afford to manage risks casually on a reactive basis, especially with the rapid pace of disruptive innovation and technological development.
FUTURE TRENDS: IT RISK Need to increase the risk qualifications of most senior members. Staff will be encouraged to proactively identify and mitigate risk. Operations will need to evolve to address performance and go-to-market risk. Emerging technologies will address global problems and create new capabilities, but also present hard-to-foresee risk.
ISACA OFFER: IT RISK Increase practical guidance on risk related to new technology. Improve understanding of business risk in addition to technical risk. Develop practical risk-related guidance on Basel III and operational risk.
INTOSAI WGITA / ISACA COLLABORATION SUPPORT Guidance for IT Audit handbooks and standards Cybersecurity developments – IT Audit IT Governance project Recognition of ISACA certifications, knowledge and frameworks Support for INTOSAI and ISACA journals
INTOSAI WGITA / ISACA COLLABORATION SUPPORT Growth through local and regional Chapter events - support as CPE/CPD. Dialogue opportunities with Chapters and regional GRA Committees Two way input and support via websites Training guides and certification areas CPE/CPD
QUESTIONS AND DISCUSSION THANK YOU!