Articles from ISACA

ISACA’s State of Cybersecurity survey report found that the two top factors for determining qualified candidates for jobs are prior hands-on experience (73 percent) and credentials held (38 percent). To help employers find qualified candidates and help cybersecurity professionals demonstrate their hands-on cybersecurity skills, ISACA has launched its Certified Cybersecurity Operations Analyst (CCOA) credential, which provides hands-on, performance-based labs that simulate real-world scenarios and leverage today’s technologies.

Despite progress made in privacy staffing and strategy alignment, privacy professionals are feeling increasingly stressed on the job within a complex compliance and risk landscape, according to new research from ISACA.

The Digital Trust Workforce Inclusion Program (DT-WIP), through a partnership between ISACA and the Fargo Moorhead West Fargo Chamber, is expanding this year’s reach to include North Dakota and Northwest/North Central Minnesota. This program opens new career pathways for underrepresented and underserved populations, offering training in IT, networks and infrastructure, cybersecurity fundamentals, software development, and data science.

The majority (87 percent) of IT professionals agree that there is a lack of gender diversity in the sector, yet less than half (41 percent) of businesses have programs in place to hire more women, according to new research from ISACA, the leading global professional association helping individuals advance their careers in digital trust fields.

Only 35 percent of cybersecurity professionals or teams are involved in the development of policy governing the use of AI technology in their enterprise, and nearly half (45 percent) report no involvement in the development, onboarding, or implementation of AI solutions, according to the recently released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology.

Sixty-six percent of cybersecurity professionals say their role is more stressful now than it was five years ago, according to the newly released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology.

Sixty percent of respondents to ISACA’s recent 2024 AI Pulse Poll believe AI will have a positive impact on audit/assurance in the next year—the highest number compared to other domains like risk, compliance, security, IT strategy/governance, and privacy. With AI holding significant potential for the IT audit profession, ISACA has launched an introductory course to AI for auditors, alongside other new online, self-paced AI courses on ethics and machine learning for business enablement, as part of its expanding AI education offerings.

At its Annual General Meeting today held in Schaumburg, Illinois, USA, and virtually, ISACA introduced its 2024-2025 Board of Directors. The incoming board slate comprises leading experts around the world from across the cybersecurity, IT audit, governance, privacy and risk professions, led by returning board chair John De Santis and new board vice chair Niel Harper, both former board directors and active members of the global association focused on advancing digital trust and serving members throughout their career journeys.

ISACA and The Institute of Internal Auditors (The IIA) will jointly present the 11th annual Governance, Risk, and Control (GRC) Conference on 12-14 August 2024, in Austin, TX, and virtually, focusing on core GRC and internal audit principles and featuring global leaders in governance, risk and control.

As organizations pursue digital transformation, they urgently need to prioritize digital trust to achieve their goals and prepare for future opportunities, legislation and regulatory compliance. ISACA’s State of Digital Trust 2024 report reveals new data and insights around the areas of familiarity, priority, confidence, maturity, obstacles, and responsibility related to digital trust from more than 5,800 global digital trust professionals.

According to an ISACA pulse poll of 3,270 digital trust professionals, only 15% of organizations have AI policies, and 40% of organizations offer no AI training at all.

To continue to deliver innovative training to those pursuing credentialing pathways for ISACA’s Capability Maturity Model Integration (CMMI®), ISACA has updated each of its CMMI certification-related policies and CMMI certification exams to align with the recent CMMI V3.0 release and reflect best practices in managing certification programs.

ISACA’s Certified Information Systems Auditor® (CISA®) certification is being updated to reflect the most current industry trends impacting the IT audit profession. The job practice update considers innovations and evolving technologies related to the current role of an IT audit professional. The updated exam will be available on 1 August 2024 and the new CISA exam preparation materials will be available starting 1 May 2024.

The ISACA 2024 North America Conference and the CMMI 2024 Conference are set to engage audiences in-person in Phoenix, AZ, from 8-10 May, as industry-leading experts converge to explore the latest trends in digital trust, IT audit, risk management, quality, organizational maturity, governance, cybersecurity, privacy, and emerging technologies.

Every organization should have enterprise policies in place to ensure required and prohibited activities are formally documented and communicated, but it can be difficult to know where to begin. ISACA’s new Policy Template Library Toolkit provides enterprises with a starting point to build and customize the necessary principles to meet the needs of their specific operational environments and compliance requirements.

According to upcoming ISACA research, more than half of organizations (55 percent) believe it is extremely/very important for an organization to have a digital trust framework. To meet this need, global IS/IT association ISACA has launched a new framework designed to help organizations focus on trust holistically by leveraging technology securely, increasing collaboration, reducing reaction times to unforeseen events, focusing on brand management and improving financial performance through enhanced trust.

ISACA, a global association serving business technology professionals, announced its annual event schedule, which includes the ISACA 2024 Virtual Conference, a new event offering expert-driven insights into digital trust, audit, governance, privacy, risk, cybersecurity, emerging technologies, and more.

The past year brought a historic level of artificial intelligence advancement with the introduction and meteoric rise of generative AI tools such as ChatGPT. As digital trust professionals anticipate further developments in this space, it is important to take steps to prepare for the risk, regulation, frameworks, data governance and workforce involved with AI, says ISACA expert Goh Ser Yoong.

Each year ISACA members and technology professionals worldwide serve their organizations, industries and communities with remarkable achievements and valuable contributions to advancing technology. ISACA is recognizing exceptional technology professionals in the areas of IT audit, risk, governance, privacy and cybersecurity with ISACA’s 2024 Global Achievement Awards and Hall of Fame induction for their accomplishments and contributions that advance the professional community and exemplify ISACA’s purpose: helping individuals and organizations realize the positive potential of technology and build a more trustworthy digital world.

The past year saw developments and updates to privacy regulations across the globe—from India’s Personal Data Protection Bill to Brazil’s General Data Protection Law. However, only 34 percent of organizations say they find it easy to understand their privacy obligations and only 43 percent are very or completely confident in their organization’s privacy team’s ability to ensure data privacy and achieve compliance with new privacy laws and regulations, according to ISACA’s Privacy in Practice 2024 survey report.

For organizations that adopt a Zero Trust approach for their cybersecurity program—adhering to the principles of “never trust, always verify”—it is important to periodically review, test and adjust their model to ensure that all users have the least amount of access to perform their jobs in order to better protect assets and systems. A new audit program from ISACA supports IT auditors in assessing these controls and processes to ensure their Zero Trust models are effective.

IT and emerging tech skills are in high demand, with more than 10 million related jobs open in the U.S., according to a new study ISACA conducted through Lightcast, a leading authority in labor market analytics.

Physical penetration testing is often overlooked when it comes to security, despite a 28 percent increase in physical security incidents in both 2021 and 2022. Security professionals can gain a deeper understanding in a new ISACA resource, Physical Penetration Testing: The Most Overlooked Aspect of Security, which shares an overview of physical penetration testing, the significance of physical security, and an exploration of the methodologies and tools employed by physical penetration testers.

A new poll of global digital trust professionals is revealing a high degree of uncertainty around generative artificial intelligence (AI), few company policies around its use, lack of training, and fears around its exploitation by bad actors, according to Generative AI 2023: An ISACA Pulse Poll.

New cybersecurity data hones in on where cybersecurity pros come up short, with soft skills, cloud computing, and security controls emerging as the biggest skills gaps in today’s cybersecurity professionals, according to ISACA’s annual research report, State of Cybersecurity 2023, Global Update on Workforce Efforts, Resources and Cyberoperations.

To support professionals as they embark on implementing performance improvement in their enterprises, ISACA has introduced a new credentialing pathway for the latest model of its Capability Maturity Model Integration, or CMMI, with a Building Organizational Capability (BOC) course and corresponding new Practitioner Exam.

The United States Food and Drug Administration (FDA) has announced its support of the Voluntary Improvement Program (VIP) through final Guidance published 14 September 2023. VIP, which transitioned from a pilot to a fully operational program in 2021 and then was formally recognized by the FDA last year, delivers improved organizational and product performance with the ultimate goal of increasing the pace and quantity of providing safe treatments to patients.

As excitement around the benefits of generative artificial intelligence applications like OpenAI’s ChatGPT and Google’s Bard has grown, so have the notes of caution from many in the industry, who point to a range of potential risks that could come with the tech. ISACA’s new resource, The Promise and Peril of the AI Revolution: Managing Risk, acknowledges the benefits of generative artificial intelligence (AI), but explores the rapidly evolving risk landscape and the steps that risk professionals should take to keep up with it.

Learners in Atlanta will be able to prepare for emerging tech careers through the Digital Trust-Workforce Inclusion Program (DT-WIP) from ISACA and its One In Tech Foundation, in partnership with Blacks in Technology.

The 10th annual Governance, Risk, and Control (GRC) Conference, 21-23 August 2023, in Las Vegas, NV, and virtually, jointly presented by ISACA and The Institute of Internal Auditors (IIA), will focus on leading-edge topics and competencies required of GRC and internal audit professionals today and in the near future. Generative AI, the metaverse, third party risk, DevSecOps, bias in AI, zero trust and other prominent topics will be featured during the hybrid event. Attendees will gain a deeper understanding of the impact these key issues will have on business and how GRC and internal audit practitioners play a central role in influencing that impact.

Global digital trust association ISACA introduced its 2023-2024 Board of Directors today. Bringing deep tech, finance and business expertise and a strong global perspective, the board—including three new directors and ISACA CEO Erik Prusch—will be helmed by new board chair John De Santis, past ISACA vice chair and a technology executive with more than three decades of experience in software, networking and information security.

As organizations continue to shift business operations to hybrid, single cloud or multi-cloud environments, it’s important for auditors to assess risk across different deployment models and platforms. ISACA’s new Google Cloud Platform Audit Program assists auditors in understanding the uniqueness of the Google Cloud Platform (GCP) while effectively assessing an enterprise cloud environment for adherence to organizational risk and compliance objectives.

The web of privacy regulations and laws around the world continues to grow, making compliance that much more complex for privacy professionals. With its new Privacy Regulatory Lookup Tool, ISACA is providing technical privacy practitioners with a single source for comparing privacy laws and regulations to better understand their compliance obligations.

Erik Prusch will join ISACA as its new CEO today. Based in Washington state, Prusch brings significant tech and leadership experience as a CEO and board director to the organization.

In today’s economic climate, enterprises are taking a hard look at how they can optimize their performance to set themselves apart and strengthen their position in the market. Those using ISACA’s Capability Maturity Model Integration (CMMI) to enhance their processes and drive greater business impact found significant improvements in key areas over the past couple years, according to the latest CMMI Technical Report: Performance Results and an upcoming webinar—with CMMI-appraised organizations seeing an 84.4 percent rate of success, a 3.1 percent increase from the previous year.

Digital trust can make or break an organization. With increased data breaches, ransomware and hacks, digital trust can be the difference between retaining reputations and loyalty after a major incident or suffering serious, time-consuming and expensive losses. Business leaders can see how their organization measures with ISACA’s State of Digital Trust 2023 report, which reveals insights from 8,100 global digital trust professionals on digital trust benefits, obstacles, priorities, responsibilities and budgets.

In a tightening economic market, addressing enterprise performance can help organizations better weather challenges by reducing costs, creating efficiencies, and coming in on schedule while improving overall quality. ISACA’s Capability Maturity Model Integration, or CMMI, has been doing just that for enterprises for more than three decades, and is now out with a major model update with three new model domains—Data Management, People Management, and Virtual Work—that allow organizations even more flexibility to customize their CMMI adoption to their unique needs.

The COVID-19 pandemic drove digital acceleration, and as a result, organizations are ramping up their use of Agile methodologies to deliver projects more quickly. With Agile comes different risk, however, and ISACA provides a primer on how organizations can manage this in new free white paper, Incorporating Risk Management in Agile Projects.

To ready the next generation of learners for digital trust careers, ISACA and its One In Tech Foundation are launching the Digital Trust-Workforce Inclusion Program (DT-WIP) in select cities across the United States, in partnership with the Caterpillar Foundation.

As enterprises and professionals increasingly identify digital trust to be of critical importance, ISACA is launching Digital Trust World, a new conference series for business IT professionals. Attendees will expand their knowledge and gain relevant insights into digital trust through practical guidance and dynamic content to drive trust at their organizations, connect with industry leaders and accelerate their career growth.

Each year ISACA members and digital trust professionals worldwide serve their organizations, industries and communities with exemplary achievements and noteworthy contributions to advancing technology. Outstanding professionals in the areas of IT audit, risk, governance, privacy and cybersecurity are being recognized with ISACA’s 2023 Global Achievement Awards and Hall of Fame induction for their accomplishments and contributions that advance the professional community and exemplify ISACA’s purpose: helping individuals and organizations realize the positive potential of technology and build a more trustworthy digital world.

Faced with a web of complex and ever-evolving global data privacy regulations—including new ones that took effect at the year’s start—enterprises must stay compliant and protect the privacy of their data subjects or lose trust and take a hit to their reputation. ISACA’s Privacy in Practice 2023 research report, released today ahead of Data Privacy Day on 28 January, finds that enterprises that consistently practice privacy by design reap rewards, but many face challenges getting there because of privacy budgets, staffing and skills gaps.

Professional mentoring relationships can be a great tool for skill development and new career opportunities, but they can also offer a deeper sense of community and provide cross-generational connections between individuals who otherwise may not have had the opportunity to learn from each other. Ahead of International Mentoring Day (17 January), ISACA has launched its new mentorship program worldwide. The program facilitates one-to-one connections for ISACA members at all stages of their careers for transformative professional development and support.

Looking ahead to a new year offers a valuable opportunity for digital trust professionals to not only reassess the practices within their own function or organization, but also to examine how they can continue to grow in their roles. From this vantage point, ISACA experts recently highlighted their 2023 insights and recommendations for the privacy, cybersecurity, audit and risk fields in a series of blog posts for the ISACA Now blog.

The rapid increase of remote access due to remote and hybrid work arrangements requires increased organizational risk management. At the same time, organizations must be prepared for ransomware attacks as threat actors focus on generating revenue streams by extorting users and organizations of all sizes. These drivers have led to ISACA creating two new audit programs on identity and access management (IAM) and ransomware readiness to better prepare audit professionals for the current landscape.

5G technology can transform the experience of its users – providing a faster network with greater capacity and less delay – but with its new capabilities come new privacy threats. ISACA’s white paper, 5G Privacy: Addressing Risk and Threats, reviews 5G technology from the privacy perspective, including user privacy-related elements, threats, and mechanisms and regulatory means to address threats and risk.

The first step to addressing the myriad types of risk that need to be managed in an organization is understanding risk appetite and tolerance. ISACA has released two new resources that offer guidance in both areas: the Using Risk Tolerance to Support Enterprise Strategy white paper and Risk Scenarios Toolkit.

The increased use of machine learning (ML) worldwide has created a greater need for IT auditors to understand the technology. ISACA's new white paper series, Audit Practitioner's Guide to Machine Learning, Part 1: Technology and Audit Practitioner's Guide to Machine Learning, Part 2: Compliance Risk, provides auditors with guidelines on the opportunities, risks and compliance requirements associated with the technology.

As part of its mission to equip digital trust professionals and advance digital trust in organizations worldwide, global professional association ISACA has established an advisory council of top industry leaders.

In recognition of Cybersecurity Awareness Month, ISACA recently released the results from its inaugural consumer cybersecurity research, which reveals a growing sense of hopelessness in consumers who think nothing can be done to protect them from cybercrime. The international study of more than 3,000 consumers across the UK, Australia, US and India, found that more than one in three consumers in these regions (37%) has had their personal information stolen by cyber criminals.

Cybersecurity and IT audit are among the fastest growing fields with the most opportunity, but there is a talent gap that continues to spread as needs increase. One In Tech, an ISACA Foundation, is addressing this by providing access and support to individuals who are currently underrepresented in the industry to pursue these career paths. The Foundation seeks to bridge the gap in diversity and build a talent pipeline through its scholarship program.

Recent workforce studies across the world highlight a considerable shift in employees’ attitudes toward work brought about by the COVID-19 pandemic—including the hotly debated “quiet quitting” trend. ISACA’s new white paper, The Great Resignation: Business Challenges and Sustainable Solutions, discusses the reasons for the Great Resignation, the difficulties it creates for enterprises, and recommendations for developing a sustainable, multipurpose workforce-management solution.

As enterprises worldwide race toward digital transformation, the State of Digital Trust 2022 survey report from ISACA shows significant gaps between what enterprises are doing now and what they should do to establish leadership and earn customer trust in the future digital ecosystem.

Those seeking a strong foundation in IT audit knowledge and hands-on experience to set themselves apart as they seek audit jobs can now earn the new ISACA IT Audit Fundamentals Certificate from ISACA, the global professional association for digital trust professionals.

With a mission to create an encouraging and supportive environment for professionals of all experience levels, the annual Governance, Risk, and Control (GRC) Conference, 22-24 August 2022, jointly presented by ISACA and The Institute of Internal Auditors (IIA), will be available for both in-person attendance in Orlando, FL, and as an inclusive, online experience for a global, virtual audience. GRC 2022 will unite leading minds in governance, risk, and control from all over the world to expand networks of professionals, sharpen attendee’s skillsets, navigate challenges, and explore solutions together.

One of the challenges for IT risk management is to identify important and relevant risk, and one of the best ways to do that is through a well-developed risk scenario providing a realistic and practical view of risk that may prevent an enterprise from achieving its business objectives, historical events, and emerging threats. ISACA has developed a Risk Scenarios Starter Pack and concise online course that will help break down each aspect of a risk scenario.

Over the last two years, supply chain challenges have rocked both enterprises and consumers alike, making it harder to access certain goods and maintain business continuity. Security threats have only heightened these concerns, and a new ISACA survey report illuminates IT professionals’ key concerns around security challenges and how their organizations are responding to them.

Global digital trust association ISACA installed its 2022-2023 Board of Directors during its virtual Annual General Meeting today. The new board includes members with diverse backgrounds and a range of expertise from across the globe, including new board chair Pamela Nigro.

China’s Personal Information Protection Law (PIPL) recently went into effect, with potential consequences for enterprises around the world. A new complimentary white paper from ISACA, Insights Into China’s Personal Information Protection Law, explains the key concepts of this new law, provides in-depth information on processing requirements, and explores the complex topic of cross-border data transfer protocols under the PIPL.

As enterprises have learned even more acutely over the past few years, managing risk is crucial to minimizing disruption and ensuring business continuity in the face of challenges. To aid enterprises in creating their own tailored risk management program, ISACA has released a Risk Starter Kit, which contains a wealth of tools and templates to facilitate risk assessment, risk appetite, risk maturity assessment, risk policy creation and other related tasks.

The Voluntary Improvement Program (VIP) has become the first Case for Quality program recognized by the United States Food and Drug Administration (FDA) through formal Draft Guidance published 6 May 2022. VIP leverages ISACA’s Medical Device Discovery Appraisal Program (MDDAP) and transitioned from a pilot to a fully operational program last year.

Strengthening the capabilities that keep their organizations safe and secure is a key concern for many enterprises, and ISACA’s Capability Maturity Model Integration (CMMI) has launched two new courses during the ISACA Conference North America this week—Building Security Excellence and Building Safety Excellence—to help them do just that.

While we may not always realize it, most of our interactions as consumers create a digital footprint—whether we are paying a friend through a mobile app or registering online for a doctor’s appointment. But can we always trust that our transactions and interactions in these digital ecosystems will be conducted with integrity? A new complimentary white paper from ISACA, Digital Trust: A Modern-Day Imperative, explores this increasingly important concept of digital trust, how it relates to both consumers and providers, and how it works in practice.

In a challenging landscape marked by the global pandemic and increased threats, many businesses and boards have learned the hard way the importance of risk management, governance, business continuity planning and resilience. The Certified Information Security Manager® (CISM®) certification from ISACA, celebrating its 20th anniversary this year, has updated its exam content to reflect the changing focus areas of information security practitioners.

ISACA will host its ISACA Conference North America 2022 hybrid event, 4-6 May 2022, in New Orleans, LA, and virtually. The ISACA Conference, hosted in six regions in 2022—Latin America, North America, Asia, Africa, Oceania and Europe—features sessions of varying lengths that will cover topics related to IT audit, risk, governance, information and cyber security, capability and maturity models, privacy, and emerging technologies.

Recent global events have underscored the heightened importance for enterprises to strengthen their efforts against cybersecurity threats. For those seeking to boost their defenses through a zero trust strategy, ISACA has released a new resource, Zero Trust: How to Beat Adversaries at Their Own Game, that provides a primer complete with tactics for thwarting hackers.

The Great Resignation is plaguing industries across the board—but it’s especially challenging within in-demand fields like cybersecurity. According to ISACA’s new survey report, State of Cybersecurity 2022: Global Update on Workforce Efforts, Resources and Cyberoperations, organizations are struggling more than ever with hiring and retaining qualified cybersecurity professionals and managing skills gaps.

Audit and related practitioners know that there are business risks associated with DevOps practices—including insufficient assurance and inadequate planning, deployment, continuous monitoring and management of DevOps processes. The new COBIT for DevOps Audit Program from ISACA leverages concepts and guidance that DevOps teams can adopt to help them realize the benefits of DevOps while mitigating its risks.

Today’s technology professionals know that in addition to strengthening their tech knowledge and skills, they need a solid understanding of their enterprises’ business. This includes the environmental, social and governance (ESG) practices embedded in the daily operations of an organization, which can also overlap with technology, as ISACA explains in its new free white paper, Governance Roundup: What Are You Doing About Environmental, Social and Governance Practices in Your Enterprise?

ISACA, a global association serving business technology professionals, announced its annual ISACA Conference series schedule for 2022, as well as additional training and learning opportunities focused on emerging technologies, innovation and best practices. To connect with more IT professionals across the globe, ISACA has lowered its pricing for the ISACA Conference series in each of the six regions that host an event: Asia, Africa, Europe, Latin America, North America and Oceania. The ISACA Conference, hosted as a hybrid event when in-person gathering is possible, is now up to more than 50% reduced from its previous price in certain regions.

Every year ISACA members and tech professionals worldwide serve their organizations and industries with exemplary achievements and noteworthy contributions to advancing technology. Outstanding IT audit, risk, governance, privacy and cybersecurity professionals are being recognized with ISACA’s 2022 Global Achievement Awards and Hall of Fame inclusion for their accomplishments and contributions that advance the professional community and exemplify ISACA’s purpose: helping individuals and organizations realize the positive potential of technology.

Ahead of Data Privacy Day on January 28, new research from ISACA explores the latest enterprise privacy trends—from privacy workforce and privacy by design to privacy challenges and the future of privacy—in its new Privacy in Practice 2022 survey report, sponsored by OneTrust.

As the year winds down, many audit professionals are shifting their focus to 2022 priorities—including developing dynamic new strategies such as agile auditing, revisiting established technologies from a remote or hybrid working environment perspective, and closing any gaps between compliance expectations and current practices—and how they can enhance their skills to meet the needs of the evolving audit landscape. To meet these needs, ISACA has released three new audit resources—its VPN Security Audit Program, Destination: Agile Auditing white paper, and a new edition of its IT Control Objectives for Sarbanes-Oxley publication.

Artificial intelligence (AI), machine learning (ML), and deep learning (DL) are often applied in cybersecurity, but their applications may not always work as intended. ISACA’s new publication, AI Uses in Blue Team Security, looks at AI, ML and DL applications in cybersecurity to determine what is working, what is not, what looks encouraging for the future and what may be more hype than substance.

The benefits of good governance systems are widely acknowledged, but often governance programs at smaller organizations are nonexistent or immature. Small and medium sized enterprises (SMEs) often deal with constraints such as limited IT resources and smaller budgets, and may have unique needs for their core business and priorities. A new guide from global technology association ISACA, COBIT® for Small and Medium Enterprises, provides guidance for SMEs on developing an enterprise governance system for information and technology (I&T) tailored especially to their unique needs.