![Page 2: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/2.jpg)
2
Practical & Pragmatic Guidance
![Page 3: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/3.jpg)
3
GPC
The Guidance & Practices Committee (GPC) is responsible for developing practical and pragmatic guidance for ISACA’s constituents related to ISACA’s frameworks, emerging technologies and other issues that are relevant to members.
![Page 4: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/4.jpg)
4
GPC Deliverables
• Creating a Culture of Security– Builds upon ISACA’s
Business Model for Information Security (BMIS) to examine how culture impacts information security
– Provides practical advice on how to influence an enterprise culture
![Page 5: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/5.jpg)
5
GPC Deliverables
• IT Control Objectives for Cloud Computing– Explores security, risk
and assurance issues in Cloud
– Provides mapping to Cloud Computing to COBIT 4.1
![Page 6: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/6.jpg)
6
GPC Whitepapers
• Cloud Computing: Business Benefits with Security, Assurance and Governance Perspectives– Available at www.isaca.org– Also available is a webcast
focusing on the whitepaper
![Page 7: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/7.jpg)
7
White Papers Issued in 2011-2012
1. Electronic Discovery2. Sustainability3. Leveraging XBRL for Value4. Data Analytics – A Practical Approach5. Geolocation: Risk, Issues and Strategies6. Mobile Payments: Risk, Security & Assurance Issues7. Guiding Principles for Cloud Computing Adoption and
Use8. Incident Management and Response9. Virtualized Desktop Infrastructure (VDI)10. Calculating Cloud ROI
Currently there are 19 white papers available at www.isaca.org/research
![Page 8: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/8.jpg)
8
Guidance and Practices Cloud Projects
IT Control Objectives for Cloud Computing – Issued July 2011
Guiding Principles for Cloud Computing – Issued March 2012
Governance of IT for Cloud Computing – in development
Cloud Vision Series Security in the Cloud – September 11, 2012 ROI in the Cloud –July 2012 Vendor Management in the Cloud Q2 2013
![Page 9: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/9.jpg)
9
Audit ProgramsThe GPC is responsible for creating audit programs. There are over 30 audit programs which are free for members. Some topics include:
–IPv6 Security Audit / Assurance Audit Program–VOIP Audit / Assurance Program–Microsoft Exchange Server 2010 Audit / Assurance Program–Microsoft SharePoint 2010 Audit / Assurance Program–VMware Server Virtualization Audit / Assurance Program–Social Media Audit / Assurance Program
![Page 10: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/10.jpg)
10
Security, Audit & Control Features Series
Security, Audit and Control Features PeopleSoft, 3rd Edition focuses on the attributes and incremental
functionality in the most recent version of PeopleSoft Audit / assurance program and internal control
questionnaire available as a download to members www.isaca.org/research
Others in series include: Oracle Database 3rd Edition SAP ERP 3rd Edition Oracle E-Business Suite 3rd Edition
![Page 11: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/11.jpg)
11
Guidance and PracticesFuture Projects
![Page 12: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/12.jpg)
Questions For You
• What topics would be on your list?• Can you/your staff/your chapter provide
resources (SMEs) to help?• Do you know about the Chapter Research
Directors?
What other questions do you have?
12
![Page 13: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/13.jpg)
2012 Europe/Africa Leadership Conference,Munich, Germany, 8-9 September
Successful Delivery of the Basic Membership Benefits
Sue Milton, President, London Chapter
![Page 14: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/14.jpg)
• Objective: to engage with the wider ISACA London Chapter membership through benefit provision, thereby encouraging greater membership retention.
2012/13 Benefits Strategy
![Page 15: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/15.jpg)
4th September 2012 (8th):• Membership total: 2641 (2661)• CISA: 1391 (1401)• CISM: 484 (488)• CGEIT: 80 (81)• CRISC: 320 (323)• Events attract 100 – 120.• Exam revision: 6 -12 people at each
session.
Demographics
![Page 16: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/16.jpg)
• Stream 1: Monthly Thursday events. Longer sessions for 1.5 CPEs so minimum requirement of 20 CPEs more easily achievable.
• Stream 2: introduce a series of events at Canary Wharf, London’s 2nd financial centre now employing more staff than the City.
Proposal for 2012/13 Events
![Page 17: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/17.jpg)
Introduction to the GRA – SC Government Regulatory Advocacy
Sub-Committee
![Page 18: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/18.jpg)
What is ISACA? Vision and Mission
“Trust in, and value from, information and information systems”
ISACA’s vision (to aspire to as an organization)
“For professionals and organizations
be the leading global provider of knowledge, certifications, community, advocacy and education
on information systems assurance and security,
enterprise governance of IT, and IT-related risk and compliance”
ISACA’s mission (to guide decision making and investments)
![Page 19: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/19.jpg)
10,000+ CRISCs certified since inception in 2010 4,000+ CGEITs certified since inception in 2007
12,000+ CISMs certified since inception in 2003 70,000+ CISAs certified since inception in 1978
What does ISACA do? Respected Professional Credentials
![Page 20: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/20.jpg)
ISACA Member Benefits
Connecting you witha global communityof nearly 100,000
Community & Leadership
Professional Development
Opening the door tothought leadership,research andknowledgeJournal (free CPE)Research publications (many free to members!)
COBIT 4.1Val ITRisk ITITAFBMISCOBIT mappingsCOBIT Security Baseline 2nd Ed.
Interactive Web siteAudit programs and ICQs
Research and Knowledge
• E-Library• E-Symposia and Virtual
Trade Shows (VTS) (free CPE quizzes) and Webcasts
• Career Centre• CISA, CISM, CGEIT,
CRISC discounts• Mentoring (free CPE)• Reduced certification
maintenance fees• Conference/training
discounts• Bookstore discounts
• Networking• Leadership
opportunities at local and global level
• Enhanced online communitiesvia new ISACA web site
Local Chapters
• Low-cost education• In person training• Exam preparation• Business and social
events• Engage with people
who understand your professional needs
Increasing your valueadvancing your career
Providing a localnetwork ofprofessionals
![Page 21: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/21.jpg)
What does the GRA do?
• Key Responsibilities Increase ISACA’s visibility by promoting ISACA member’s credibility and
capability, value of ISACA’s certifications, and robustness of COBIT and all knowledge products, including professional development
On behalf of ISACA, monitor, coordinate and potentially respond to regulatory and/or legislative issues that may impact ISACA members and certification holders professionally.
2012 Focus National Audit Bodies Reserve banks and financial services regulators Agencies focused on Cyber Security, Privacy and Forensics National Workforce and IT Skill Development
Communicate Subcommittee activities and opportunities for regulatory and legislative advocacy to ISACA Chapter leaders and members
![Page 22: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/22.jpg)
IT Audit Regulation in Turkey
Kaya Kazmirci, CISA, CISMChapter President
Assoc. Prof. Dr. İzzet Gökhan Özbilgin, CRISCGovernment Relations Director
Leadership ConferenceMunich, 8.9.2012
![Page 23: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/23.jpg)
IT Audit Regulation
• Banking Regulatory and Supervision Agency
• Capital Markets Board of Turkey
• Turkish Court of Accounts
• Information Technology and Communication Agency
• Republic of Turkey Prime Ministry Undersecretariat of
Treasury
![Page 24: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/24.jpg)
Banking Regulatory and Supervision Agency
• www.bddk.org.tr
• Regulation on IS Audit to be made in banks by
independent audit institutions (published in the Offical
Gazette dated December 5, 2006)
– Comminique on the report format of IS Audit
• Mandates statutory CobiT compliance for banks (1st in
Europe, maybe in the world)
![Page 25: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/25.jpg)
Banking Regulatory and Supervision Agency
• Article 19 says
¨each control object realized in the scope of articles
written in regulation is evaluated in compliance with
the methods in the framework of CobiT ¨
![Page 26: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/26.jpg)
Capital Markets Board of Turkey• www.spk.gov.tr
• Regulations based on CobiT, ISO 27001.
• IT Audit is implemented periodically in organizations
regulated by CMB (i.e. İstanbul Stock Exchange,
Central Registry Agancy)
• Regulation on IS Audit for the brokerage houses
implementing foreign exchange
![Page 27: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/27.jpg)
Other institutions
• Turkish Court of Accounts
– www.sayistay.gov.tr
• Information Technology and Communication Agency
– www.btk.gov.tr
• Republic of Turkey Prime Ministry Undersecretariat of
Treasury
– www.treasury.gov.tr
![Page 28: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/28.jpg)
Communities Committee and Knowledge Center
Overview
2012 Europe/Africa Leadership ConferenceMiroslaw Kalinski,
CC member, ISACA Warsaw chapter
![Page 29: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/29.jpg)
Communities Committee
• Analyze community characteristics of all visitors to the web site to identify community interests or opportunities to develop communities based on characteristics such as language, geography, etc.
• Identify online communities outside website and determine response.
• Analyze community characteristics of all visitors to the web site to identify community interests or opportunities to develop communities based on characteristics such as language, geography, etc.
• Identify online communities outside website and determine response.
• Assist boards, committees and task forces to identify communities that may support project or program initiatives.
• Develop programs to create and support communities.
• Develop criteria to evaluate Communities Committee program activities and report progress to the Relations Board.
• Assist boards, committees and task forces to identify communities that may support project or program initiatives.
• Develop programs to create and support communities.
• Develop criteria to evaluate Communities Committee program activities and report progress to the Relations Board.
Charge: Identify and support activities to encourage the development of ISACA communities.
![Page 30: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/30.jpg)
The Objective is Participation….
…the Goal is Community
The Knowledge Center
I need an audit program
How do you secure the cloud?
![Page 31: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/31.jpg)
31© 2012 ISACA. All rights reserved - Confidential
Total and Unique MembersAs of 1 September 2012
Septe
mbe
r
Octob
er
Novem
ber
Decem
ber
Janu
ary
Febru
ary
Mar
ch
April
May
June
July
Augus
t
Septe
mbe
r
0
5000
10000
15000
20000
25000
0 0 0 0
70417832 8108 8149 8557
7891
91319842 10106
1399014624 14941
1588216875
1820818941
2008920908 21383
2220222993 23448
Unique
Total
![Page 32: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/32.jpg)
Resources and Collaboration
The Knowledge Center houses all of ISACA’s research deliverables as well as topic-based communities.
![Page 33: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/33.jpg)
Knowledge Center Topics
![Page 34: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/34.jpg)
34© 2012 ISACA. All rights reserved - Confidential
Audit Tools
and T
echniq
ues
Risk
Man
agem
ent
COBIT-U
se it
Effe
ctiv
ely
COBIT Im
plem
enta
tion
Young Pro
fess
ional
s
Info
rmat
ion S
ecurit
y M
anag
emen
t
Cloud C
omputin
g
Cyber
Securit
y
ISO IE
C 270
00 S
erie
s
Govern
ance
of E
nterp
rise
IT
0
200
400
600
800
1000
1200
1400
1600
1800
2000
1746
14791401
1024
780 750 743 720 720638
Top 10 Communities As of 1 September 2012
![Page 35: ISACA Research Initiatives Presented by Shannon Donahue, PhD, CISM sdonahue@isaca.org](https://reader036.vdocuments.mx/reader036/viewer/2022062320/56649d225503460f949f7d79/html5/thumbnails/35.jpg)
THANK YOU!!!!!