ISACA Research Update

Download Report

Transcript ISACA Research Update

ISACA Research Update

Robert Foster

Research Director, ISACA Northern England Chapter

RECENTLY RELEASED RESEARCH

• 6 Deliver, Service and Support Audit/Assurance Programmes (Dec 2014) • Information Systems Auditing: Tools and Techniques (Feb 2015) • DevOps Overview White Paper (Jan 2015) • A Global Look at IT Audit Best Practices (Nov 2014) • Internet of Things: Risk & Value Considerations White Paper (Jan 2015) http://www.isaca.org/Knowledge-Center/Research/Pages/Research.aspx

A GLOBAL LOOK AT IT AUDIT BEST PRACTICES

• Key Findings: • Cybersecurity and privacy are primary concerns • Companies face significant IT audit staffing and resource challenges • Audit committees, as well as organisations in general, are becoming more engaged in IT audit • IT audit risk assessments are not being conducted, or updated, frequently enough • Room for growth in IT audit reports and reporting structures

INTERNET OF THINGS: RISK AND VALUE CONSIDERATIONS

• What is the Internet of Things or IoT • Maturity of adoption • Value proposition • Risk and risk mitigation • Business, Operational and Technical Risk • Questions to ask • What personal information is collected, stored or processed by the IoT device?

• With whom will the data be shared/disclosed?

• How will the device be used from a business perspective?

• What is the threat environment for the device?

CURRENT RESEARCH PROJECTS

• Security, Audit and Control Features SAP ERP 4 th Ed (Mar 2015) • A Practical Guide to PCI DSS (Apr 2015) • DevOps White Paper Series

(Looking for SMEs 1st and 2nd quarter 2015)

• Operational Risk Management/BASEL III Using COBIT 5

(Looking for SMEs - 2nd quarter 2015)

• Audit/Assurance Programmes http://www.isaca.org/Knowledge-Centre/Research/Pages/Current-Projects.aspx

FUTURE RESEARCH PROJECTS

• Privacy Framework – ISACA Privacy Principles

(Looking for SMEs - 2nd quarter 2015)

• Privacy Survey Results White Paper

(Looking for SMEs 1st quarter 2015)

• Internet of Things White Paper Series • Security, Audit and Control Features Oracle Database, 4 th

(Looking for SMEs - 2nd quarter 2015)

Edition http://www.isaca.org/Chapter-Leader-Portal/Building-Better-Leaders/Pages/Research_SME_Needs.aspx

CURRENT CSX PROJECTS

• Industrial Control Systems (ICS) (SME) • Forensics (SME) • Cyber Standard for Small to Medium Business (April 2015) • Global Cybersecurity Study • 2015 APT Study http://www.isaca.org/cyber/Pages/default.aspx

WHAT NEXT?

Thank you for listening Please use the feedback form Feedback to board members