Transcript ISACA Research Update
ISACA Research Update
Robert Foster
Research Director, ISACA Northern England Chapter
RECENTLY RELEASED RESEARCH
• 6 Deliver, Service and Support Audit/Assurance Programmes (Dec 2014) • Information Systems Auditing: Tools and Techniques (Feb 2015) • DevOps Overview White Paper (Jan 2015) • A Global Look at IT Audit Best Practices (Nov 2014) • Internet of Things: Risk & Value Considerations White Paper (Jan 2015) http://www.isaca.org/Knowledge-Center/Research/Pages/Research.aspx
A GLOBAL LOOK AT IT AUDIT BEST PRACTICES
• Key Findings: • Cybersecurity and privacy are primary concerns • Companies face significant IT audit staffing and resource challenges • Audit committees, as well as organisations in general, are becoming more engaged in IT audit • IT audit risk assessments are not being conducted, or updated, frequently enough • Room for growth in IT audit reports and reporting structures
INTERNET OF THINGS: RISK AND VALUE CONSIDERATIONS
• What is the Internet of Things or IoT • Maturity of adoption • Value proposition • Risk and risk mitigation • Business, Operational and Technical Risk • Questions to ask • What personal information is collected, stored or processed by the IoT device?
• With whom will the data be shared/disclosed?
• How will the device be used from a business perspective?
• What is the threat environment for the device?
CURRENT RESEARCH PROJECTS
• Security, Audit and Control Features SAP ERP 4 th Ed (Mar 2015) • A Practical Guide to PCI DSS (Apr 2015) • DevOps White Paper Series
(Looking for SMEs 1st and 2nd quarter 2015)
• Operational Risk Management/BASEL III Using COBIT 5
(Looking for SMEs - 2nd quarter 2015)
• Audit/Assurance Programmes http://www.isaca.org/Knowledge-Centre/Research/Pages/Current-Projects.aspx
FUTURE RESEARCH PROJECTS
• Privacy Framework – ISACA Privacy Principles
(Looking for SMEs - 2nd quarter 2015)
• Privacy Survey Results White Paper
(Looking for SMEs 1st quarter 2015)
• Internet of Things White Paper Series • Security, Audit and Control Features Oracle Database, 4 th
(Looking for SMEs - 2nd quarter 2015)
Edition http://www.isaca.org/Chapter-Leader-Portal/Building-Better-Leaders/Pages/Research_SME_Needs.aspx
CURRENT CSX PROJECTS
• Industrial Control Systems (ICS) (SME) • Forensics (SME) • Cyber Standard for Small to Medium Business (April 2015) • Global Cybersecurity Study • 2015 APT Study http://www.isaca.org/cyber/Pages/default.aspx
WHAT NEXT?