Home / Resources / ISACA Journal / Past Issues / 2010

Domain:

More Filters
Card List
Achieving Data Warehouse Nirvana
ISACA Journal Article

Achieving Data Warehouse Nirvana

Successful organizations expand the scope of information controls beyond the scope of the data warehouse by developing a companywide program for ensuring the enterprise information quality.
Cloud Computing
ISACA Journal Article

IT Audits of Cloud and SaaS

Auditing cloud computing in one sense is like auditing any new IT—understand the IT, identify the risks, evaluate mitigating controls and audit the risky objects.
privacy
ISACA Journal Article

Top 10 Security and Privacy Topics for IT Auditors

IT auditors are reviewing their audit scope to ensure that the key risks facing the organization are being addressed. The following 10 topics should be on every IT auditor’s list for 2010-2011.
IT Risk Management
ISACA Journal Article

Use of the Balanced Scorecard for IT Risk Management

Risk management, in its essence, is subjective. Though it is a structured approach to determine whether to accept, mitigate, transfer or avoid a risk, it is based on a subjective assessment of the business impact of the exercise on organizational vulnerability.
Risk Assessment
ISACA Journal Article

An Approach Toward Sarbanes-Oxley ITGC Risk Assessment

The US Sarbanes-Oxley Act is an old bandwagon for most of the publicly listed companies, as they have been riding on it since its inception in 2002. But, most companies face newer challenges every day with the birth of newer technology, rapidly changing business conditions, and/or mergers and acquisitions.
Digital Records Management
ISACA Journal Article

An Introduction to Digital Records Management

The main objective of this article is to introduce the field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records in an electronic environment, based on international standards ISO 15489.
Governance
ISACA Journal Article

Availability Risk Assessment—A Quantitative Approach

Increased corporate governance requirements are causing enterprises to examine their internal control structures closely to ensure that controls are in place and operating effectively.
audit and assurance
ISACA Journal Article

Business Skills for the IT Audit and Assurance Professional

IT audit and assurance professionals bring valuable skills to audit, assurance and advisory assignments providing a perspective of technical issues, concerns, problems and solutions.
Governance
ISACA Journal Article

Criteria and Methodology for GRC Platform Selection

GRC platforms provide a single, federated framework that integrates organizational processes and tools, supporting those processes for the purpose of defining, maintaining and monitoring GRC.
Data Governance for Privacy
ISACA Journal Article

Data Governance for Privacy, Confidentiality and Compliance: A Holistic Approach

It is important to point out that the proposed approach to data governance for security, privacy, confidentiality and compliance does not call for modifying or replacing the organization’s existing information security management systems or IT governance processes.

Risk Management
ISACA Journal Article

Developing an Information Security and Risk Management Strategy

Developing an Information Security and Risk Management (ISRM) strategy is a critical element in the maturation of information security capabilities. Learn more today!
Multivendor Outsourced IT Environment
ISACA Journal Article

Environment JOnline: Service Integration in a Multivendor Outsourced IT Environment

The combination of the guardian role and the CSPs applies the principle of having a single point of accountability for any activity, ensuring accountability and responsibility.
Giving Sustainability to COBIT P09
ISACA Journal Article

Giving Sustainability to COBIT PO9

This example shows one of the benefits that COBIT’s management guidelines bring when a decision has to be made about the scope of applicability of a particular process—in this case, PO9.
Application Security
ISACA Journal Article

JOnline: Application Security Using the Role-based Access Control Model

Proper RBAC model implementation provides adequate controls that will minimize the risk of continuous occurrence of security breaches and privacy violations from the inside.
Using Microsoft Office in Analyzing SAP SoD and Beyond
ISACA Journal Article

JOnline: Using Microsoft Office in Analyzing SAP SoD and Beyond

Evaluating SoD in a business application system is important when evaluating SoD in interrelated processes. Learn how to use Microsoft Office in analyzing SAP SoD.
IT Risk
ISACA Journal Article

Mitigating IT Risks for Logical Access

Unauthorized access can lead to devastating effects. Entities can become victims of malicious activities such as identity theft, financial fraud, theft of data and attacks on systems, which can be especially harmful for online businesses.
Test Accounting Data
ISACA Journal Article

Using Spreadsheets and Benford’s Law to Test Accounting Data

Accounting systems are popular targets of financial frauds because, in the words of bank-robber Willie Sutton, “that’s where the money is.”

Synthesizing SAS 70 Audits
ISACA Journal Article

Synthesizing SAS 70 Audits and PMI’s Project Management Process Groups

All projects at some point will come under fire, and in an uncertain economy, increased pressures to derive optimal value emphasize the need to deliver project success.
Performing a Security Risk Assessment
ISACA Journal Article

Performing a Security Risk Assessment

The enterprise risk assessment methodology has become an established approach to identifying and managing systemic risk for an organization.