ISACA Research Update

Robert FosterResearch Director, ISACA Northern England Chapter

RECENTLY RELEASED RESEARCH

• 6 Deliver, Service and Support Audit/Assurance Programmes (Dec 2014)

• Information Systems Auditing: Tools and Techniques  (Feb 2015)

• DevOps Overview White Paper (Jan 2015)

• A Global Look at IT Audit Best Practices (Nov 2014)

• Internet of Things: Risk & Value Considerations White Paper (Jan 2015)

http://www.isaca.org/Knowledge-Center/Research/Pages/Research.aspx

A GLOBAL LOOK AT IT AUDIT BESTPRACTICES

• Key Findings:• Cybersecurity and privacy are primary concerns

• Companies face significant IT audit staffing and resource challenges

• Audit committees, as well as organisations in general, are becoming more engaged in IT audit

• IT audit risk assessments are not being conducted, or updated, frequently enough

• Room for growth in IT audit reports and reporting structures

INTERNET OF THINGS: RISK AND VALUE CONSIDERATIONS

• What is the Internet of Things or IoT• Maturity of adoption• Value proposition• Risk and risk mitigation

• Business, Operational and Technical Risk

• Questions to ask• What personal information is collected, stored or processed by the IoT

device?• With whom will the data be shared/disclosed?• How will the device be used from a business perspective?• What is the threat environment for the device?

CURRENT RESEARCH PROJECTS

• Security, Audit and Control Features SAP ERP 4th Ed (Mar 2015)

• A Practical Guide to PCI DSS (Apr 2015)

• DevOps White Paper Series (Looking for SMEs 1st and 2nd quarter 2015)

• Operational Risk Management/BASEL III Using COBIT 5 (Looking for SMEs - 2nd quarter 2015)

• Audit/Assurance Programmes

http://www.isaca.org/Knowledge-Centre/Research/Pages/Current-Projects.aspx

FUTURE RESEARCH PROJECTS

• Privacy Framework – ISACA Privacy Principles (Looking for SMEs - 2nd quarter 2015)

• Privacy Survey Results White Paper (Looking for SMEs 1st quarter 2015)

• Internet of Things White Paper Series

• Security, Audit and Control Features Oracle Database, 4th Edition (Looking for SMEs - 2nd quarter 2015)

http://www.isaca.org/Chapter-Leader-Portal/Building-Better-Leaders/Pages/Research_SME_Needs.aspx

CURRENT CSX PROJECTS

• Industrial Control Systems (ICS) (SME)• Forensics (SME)• Cyber Standard for Small to Medium Business (April 2015)• Global Cybersecurity Study• 2015 APT Study

http://www.isaca.org/cyber/Pages/default.aspx

WHAT NEXT?

Thank you for listening

Please use the feedback formFeedback to board members