The PRWIRE Press Releases https:// 2021-05-23T23:17:54Z IT professionals in ANZ resist implementing emerging tech due to cost and lack of business objectives 2021-05-23T23:17:54Z it-professionals-in-anz-resist-implementing-emerging-tech-due-to-cost-and-lack-of-business-objectives Emerging technologies bring the potential for increased efficiencies, cost savings and improved security for enterprises but complexities in adoption have been revealed in a new global survey report from ISACA, The Pulse: Emerging Technology 2021. Businesses in Australia and New Zealand (ANZ) are being hampered when it comes to implementing emerging technology, with 72% of IT professionals citing cost of implementation as a top reason for resistance, followed by 49% who indicate unclear business objectives as holding them back from implementation and 46% who cite cybersecurity risk.“When business objectives are clear and risk is appropriately assessed and managed, emerging technologies can bring transformative benefits to an organisation,” says Dustin Brewer, ISACA senior director, emerging technology and innovation.This inaugural survey, which gathered responses from 4,541 professionals around the world, first assessed how respondents define emerging technology. The top three characteristics classifying a technology as emerging, per global respondents, are technologies with significant disruptive capabilities, technologies with significant problem-solving capacity, and technologies that are recent discoveries.In ANZ, the top emerging technologies in use at enterprises are Cloud 55%, AI 21% and the Internet of Things (IoT) 18%. The main motivation for adopting these and other emerging technologies include: Anticipated cost savings 78% New revenue stream 54% Improved cybersecurity 53% The ability to reach new customers 51% To meet regulatory requirements 47% Increased agility 46% Leadership Support and Key MotivationsThe survey findings also revealed that senior leadership generally supports emerging technology adoption, with 78% of respondents in ANZ indicating that their leadership provides moderate to very receptive support.“As the survey findings show, there are varying levels of adoption depending on the technology, but signs are that leadership is keeping a close eye on technologies, including IoT and blockchain, to consider for future use if not already implemented,” adds Brewer.Training is Important but LackingGlobally, 91% of respondents agree that training and continuous education are essential for technology professionals, with 81% indicating they would like to specifically pursue more training on cloud technologies, and 69% expressing moderate-to-high interest in training for AI. While 60% of respondents in ANZ are optimistic about the impact of technological advancements on their career, half report their organisation is not investing in people skills to successfully navigate the changing tech landscape. The global findings indicate that leadership is aware of this issue, as 48% of the respondents identifying as executive leadership agree that investment in training is insufficient. “Prioritising people and investing in emerging technology training is key to not only achieving success with technology implementation but also ensuring the workforce has the cutting-edge skills needed in today’s evolving tech landscape,” says David Samuelson, ISACA CEO. The new report offers further insights into how global IT and business professionals view the benefits, risks, adoption barriers, knowledge gaps, and leadership’s willingness to adopt new tech. To read more, access a complimentary copy of The Pulse: Emerging Technology 2021, insights from industry leaders and related resources at www.isaca.org/emerging-tech-2021. ISACA offers additional emerging technology resources, trainings and credentials, including the new Certified in Emerging Technology (CET) stackable certification, at www.isaca.org/resources/emerging-technology-resources. ###About ISACAFor more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation that supports IT education and career pathways for under-resourced, under-represented populations. Twitter: www.twitter.com/ISACANewsLinkedIn: www.linkedin.com/company/isacaFacebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews New COBIT Resource from ISACA Offers Guidance for Governance and Management of Information Security 2020-07-30T22:37:38Z new-cobit-resource-from-isaca-offers-guidance-for-governance-and-management-of-information-security SYDNEY, AUSTRALIA (31 July 2020) – Effective governance and management of information security is necessary for achieving enterprise objectives. It can help enterprises build resilience and minimise the occurrence and impact of security breaches that can cause reputational damage, legal and regulatory risk, or even threaten their very survival. COBIT Focus Area: Information Security is the highly anticipated first focus area publication to launch under the COBIT 2019 umbrella, fulfilling its promise to make its guidance more flexible and practical to use. COBIT Focus Area: Information Security serves to extend the COBIT portfolio by building upon best practices shared for the governance and management of information and technology aimed at the whole enterprise through the lens of information security, and details additional metrics and activities that should be considered when implementing or assessing COBIT in the context of information security. The major drivers for the development of this publication include: Clarifying the roles of governance and management and showing how they relate to each otherProviding a clear end-to-end view into distinction within the enterprise and during all process steps between information security governance and information security management practicesProviding a comprehensive and holistic guidance on information security – not only to processes but to all components in an enterprise, including organisation structure, skills, policies, etc.Stakeholders throughout the enterprise who interact with information security, whether a board director, CISO or business manager will benefit from guidance on:Reduced complexity and increased cost-effectiveness due to improved and easier integration and alignment of information security standards, good practices and/or sector-specific guidelinesIncreased stakeholder satisfaction with information security arrangements and outcomesImproved integration of information security in the enterpriseInformed risk decisions and risk awarenessImproved prevention, detection and recoveryReduced (impact and probability of) information security incidentsEnhanced support for innovation and competitivenessImproved management and optimisation of costs related to information security Better understanding of information security by stakeholders“COBIT is an open-ended and flexible framework, which allows for easy customization to an organisation’s needs,” said Winston Hayden, CISA, CISM, CGEIT, CRISC, Executive Governance and Information Security Advisor, and a developer of the publication. “COBIT Focus Area: Information Security cohesively outlines the benefits of applying good governance techniques in the context of information security, particularly at a time when the significance of information and technology is increasing and the need to mitigate information risk and protect I&T assets is constantly intensifying.” This focus area publication is comprehensive, providing an overview and description of COBIT roles and organisational structures, COBIT terminology and key concepts including the components of a governance system and COBIT governance and management objectives.“This new guidance makes COBIT more practical than ever, giving clear guidance on how to govern and manage information security in your organisation,” said Nader Qaimari, chief learning officer at ISACA. “Studies show that bad actors have taken advantage of COVID-19 and ramped up attacks on organisations. This guidance will enhance your readiness and resiliency, while at the same time optimising your budget, in the face of a challenging threat landscape.”COBIT Focus Area: Information Security is available to ISACA members in a digital format for USD$50 and in print for USD$60. For non-members, the digital format is available for USD$90 and the print version is USD$100. ###About ISACAFor more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide. Twitter: www.twitter.com/ISACANewsLinkedIn: www.linkedin.com/company/isacaFacebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact:Julie Fenwick, jfenwick@daylightagency.com.auKaren Keech, kkeech@daylightagency.com.au ISACA Launches One In Tech Foundation to Help Build a Diverse and Inclusive Workforce 2020-07-23T00:32:15Z isaca-launches-one-in-tech-foundation-to-help-build-a-diverse-and-inclusive-workforce Sydney, Australia (23 July 2020)—Technology has the potential to level the most uneven playing fields and better the world. To achieve this, however, tech must be accessible to all—regardless of gender, race or age. Global technology association ISACA has launched a philanthropic foundation, One In Tech, to address inequity in IT through responsive, relevant programs designed to support under-resourced, under-represented populations. Supported by ISACA but operating independently, the One In Tech foundation will work to build a healthy digital world that is safe, secure and equal. Its leading priorities include preparing the next generation to be healthy digital citizens, building avenues to achieve a workforce free of gender bias, and creating pathways for a racially and culturally diverse workforce. “ISACA is committed to serving not only our members around the world, but also to being a force for positive change within the greater global tech community,” said ISACA CEO David Samuelson. “As part of that commitment, One In Tech and ISACA will work to expand access to technology resources and career opportunities. ISACA's purpose is to help individuals and enterprises realize the positive potential of technology, and through the work of One In Tech, we will make that potential more equitable and achievable.” With the objective of advancing diversity and equality in technology, One In Tech will focus on three key programs: Young Leaders in Tech will offer programming for young people in primary and high school years. Through this program, One In Tech will educate underserved and underrepresented students about the use of technology and the security required to ensure safety and privacy. The program will also introduce and provide guidance on career exploration to encourage students to pursue the cybersecurity field. This program is being piloted in the US with the aim of expanding it to Australia and New Zealand. SheLeadsTech, the Foundation’s current core program, focuses on building gender diversity in the cybersecurity field. Women are historically and currently underrepresented in the field, often to the detriment of corporate advances and revenue growth. SheLeadsTech provides resources, networking, mentorships, advocacy, educational events and other services to support and empower women to participate and lead in cybersecurity careers. WeLeadTech focuses on minority populations who are often marginalised and face barriers entering and advancing within the cybersecurity career pipeline. Through resources and programs, many of which collaborate with ISACA’s certification programs and top companies around the world, the Foundation will open opportunities and provide support for entering and advancing into these careers. To advance these initiatives, One In Tech will engage in partnerships with various organisations, including community groups, schools and after-school programs, colleges and universities, corporations, and other collaborators who share the vision of diversity and equality in technology. “It is so important to increase visibility around these issues of inequity in tech and to take real action to expand access and opportunities,” said One In Tech Board Chair Gail Coury. “Together with private and public partners around the world, One in Tech will help drive meaningful progress for those who are underrepresented.” One In Tech has a board of directors to drive the vision and strategy for the foundation, from companies including Ernst & Young and Oracle. On 5 August and 13 August, One In Tech will host free virtual launch parties introducing the foundation’s work and outlining opportunities for interested individuals to join the movement. The events will feature a Q&A session and allow for participant feedback. To learn more, visit www.oneintech.org. For more information about One In Tech, including how to apply for a grant, make a donation or get involved, visit: www.oneintech.org. About ISACAFor more than 50 years, ISACA® (www.isaca.org) has equipped individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enabled enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide. Twitter: www.twitter.com/ISACANewsLinkedIn: www.linkedin.com/company/isacaFacebook: www.facebook.com/ISACAGlobal Contact:Julie Fenwick, jfenwick@daylightagency.com.au 0468 901 655Karen Keech, kkeech@daylightagency.com.au 0411 052 408 ISACA’s Risk IT Framework Offers a Structured Methodology for Enterprises to Manage Information and Technology Risk 2020-06-29T03:10:41Z isacas-risk-it-framework-offers-a-structured-methodology-for-enterprises-to-manage-information-and-technology-risk SYDNEY, AUSTRALIA 29 June 2020 – Managing risk and opportunity, including information and technology (I&T) risk, is a key strategic activity for enterprise success—which is even more relevant today during this time of disruption. ISACA has released new editions of risk IT resources to help guide enterprises – Risk IT Framework, 2nd Edition and Risk IT Practitioner Guide, 2nd Edition. The updated Risk IT Framework offers guidelines and practices that optimise risk, opportunity, security and business value, and helps practitioners build consensus regarding risk IT decisions at all enterprise levels. Its companion guide, the Risk IT Practitioner Guide, 2nd Edition, gives practical guidance on how to accomplish the activities described in the Risk IT Framework, 2nd Edition. Both publications were updated to reflect new regulations, methods, and technology that have been introduced since the original editions were published. The second editions include a stronger focus on cybersecurity and align with the latest version of COBIT. Risk IT offers a structured, systematic methodology that helps enterprises:Identify current and emerging risk throughout the extended enterpriseDevelop appropriate operational capabilities to ensure that business processes continue operating through adverse eventsLeverage investments in compliance or internal control systems already in place to optimise I&T-related riskFrame I&T-related risk within a business context to understand aggregate exposure in terms of enterprise valueBoth Risk IT Framework, 2nd Edition and Risk IT Practitioner Guide, 2nd Edition were created to assist in developing, implementing or enhancing the practice of risk management by:Connecting the business context with I&T assets.Shifting the focus to activities over which the enterprise has significant control, such as actively directing and managing risk, while minimising the focus on the conditions over which an enterprise has little control (threat actors).Increasing the focus on using a common risk language that correctly labels the items that must be managed well to create value. “Risk management works best when integrated with the regular workflow of the staff and management rather than as an add-on activity,” says Lisa Young, CISA, CISM, VP of Cyber Risk Engineering at Axio, and the lead developer for both publications. “As Risk IT shows, effective I&T risk management provides many benefits, including reduced or minimised losses, better oversight of organisational assets and increased ability (or capability) to manage risk in alignment with enterprise strategy.” The Risk IT Framework, 2nd Edition is offered in the digital format for free to members and costs US$75 for non-members. The Risk IT Practitioner Guide, 2nd Edition costs US$75 for members and $100 for non-members. To download the framework, visit www.isaca.org/bookstore/bookstore-risk-digital/ritf2. To download the practitioner guide, visit www.isaca.org/bookstore/bookstore-risk-digital/ritpg2. Find additional ISACA resources at www.isaca.org/resources. ###About ISACAFor more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide. Twitter: www.twitter.com/ISACANewsLinkedIn: www.linkedin.com/company/isacaFacebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact:Julie Fenwick, jfenwick@daylightagency.com.au, 0468 901 655Karen Keech, kkeech@daylightagency.com.au, 0411 052 408 MEDIA ALERT: AUSTRALIAN BUSINESSES ILL PREPARED FOR CYBER ATTACKS 2020-06-22T00:27:17Z media-alert-australian-businesses-ill-prepared-for-cyber-attacks Sydney, Australia (22 June 2020) – Following Prime Minister Scott Morrison’s address on 19 June regarding the state-based cyber attack, please find the following cybersecurity research results from global, IT professional association, ISACA. Only 40% of technology professionals and leaders in Australia were highly confident that their cybersecurity teams were ready to detect and respond to the rising cybersecurity attacks occurring during COVID-19.89% of respondents say the rapid transition to remote work has increased data protection and privacy risk.Prior to COVID-19, 64% of respondents in Australia believe their organisation’s cybersecurity teams are understaffed and 58% say they currently have unfilled cybersecurity positions on their team.26% of respondents reported an increase in the number of attacks relative to a year ago69% of professionals believe that enterprises are failing to report cybercrimes, even in situations where they have a legal or contractual obligation to do so. “In the wake of what is probably Australia’s biggest cyber attack, ISACA’s research has found the risk has never been higher for a cyber attack, given the recent economic crises our country has endured,” states Jo Stewart-Rattray, former ISACA Board Director and Director of Information Security & IT Assurance, BRM Advisory. “As businesses and the Government prepares for the new normal, they must understand the risks and their cybermaturity in order to protect their data, assets and personal information.”-ENDS- For commentary from cybersecurity expert, Jo Stewart-Rattray, please contact:Julie Fenwick, jfenwick@daylightagency.com.au, +61 468 901 655Karen Keech, kkeech@daylightagency.com.au, +61 411 052 408 A regular on TV and radio interviews, Jo can discuss:the benefits of strong multi-factor authentication and patchingwhat can be done to protect Australians and organisations from cyber attacksthe issues organisations face, including the cyber skills gap in Australia, budget constraints and more awareness among the C-Suite About ISACA’s COVID-19 Research:ISACA surveyed more than 3,700 IT audit, risk, governance and cybersecurity professionals from 123 countries in mid-April to assess the impact of COVID-19 on their organisations and their own jobs. Over 100 professionals from Australia participated. For more information on ISACA’s COVID-19 study, visit www.isaca.org/covid19study About the State of Cybersecurity StudyMore than 2,000 cybersecurity professionals in 17 industries who hold ISACA’s Certified Information Security Manager (CISM) credential or have information security job titles participated in the online survey, of which just over 100 were from Australia. For a free download of the reports and resources, visit: www.isaca.org/state-of-cybersecurity-2020. About ISACAISACA® (www.isaca.org) is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It was formed over 50 years ago and has a presence in 188 countries, including chapters throughout Australia. ISACA Welcomes 2020-2021 Board of Directors 2020-06-11T00:48:06Z isaca-welcomes-2020-2021-board-of-directors Sydney, Australia (11 June 2020) – Global technology association ISACA installed its 2020-2021 Board of Directors at its virtual Annual General Meeting today, featuring a strong combination of executive expertise and association and chapter leadership experience. The new board also represents seven countries and more than 10 industries, and 92% have C-level experience, including new Board Chair Tracey Dedrick. “This mix of ISACA Global and chapter leadership expertise plus the leadership and industry expertise of our new Board Directors will bring valuable and diverse perspectives that will make us better and benefit our members,” said ISACA CEO David Samuelson. “The diversity of the incoming board—from gender and geography to professional experience—will help ensure our success well into our exciting future, and Tracey’s incredible leadership experience, business results and focus on ISACA’s members make her a tremendous asset to the association.” Tracey Dedrick is a senior executive experienced in risk, compliance, treasury and investor relations. She previously was EVP and Head of Enterprise Risk Management for Santander Holdings US, where she was responsible for enterprise, operational and market risk for the Americas. Prior to this role, she was executive vice president, chief risk officer and a member of the executive team for Hudson City Bancorp, where she built regulatory compliant risk, compliance and information security functions. Before that, Dedrick spent nine years at MetLife, where she successively built the capital markets function for the newly demutualised company as assistant treasurer, reinvented the investor relations function, helping to double the share prices as head of investor relations, and installed a market-consistent economic capital model as head of market risk, leading to the eventual disposition of the annuity business. Additionally, Dedrick serves on the boards of First Bank Puerto Rico and Fieldpoint Private. “It is an honour to be able to drive greater impact for the ISACA community through this role,” said Dedrick, who began serving on the ISACA board in 2018. “We are at an exciting juncture in ISACA’s journey. One of my top priorities as board chair is to get the data we need to best serve our professional community, innovate and transform to help ISACA professionals meet the evolving demands of the marketplace.” Continuing in the vice chair role on ISACA’s board is Rolf von Roessing, CISA, CISM, CGEIT, CDPSE, partner and CEO at Forfa Consulting AG. He brings more than 25 years of experience in governance, risk management and compliance; security and business continuity; and crisis management, including in his time as chairman of Forfa Holding AG since 2008, and in previous senior roles at KPMG and Ernst & Young. Additionally, von Roessing has served on various committees at ISACA since joining the association in 1997 and was an ISACA international vice president from 2009-2011. In total, 13 leaders were installed on the 2020-2021 ISACA Board of Directors during the meeting: Chair Tracey Dedrick, senior executive experienced in risk, compliance, treasury and investor relationsVice Chair Rolf von Roessing, CISA, CISM, CGEIT, CDPSE, CISSP, FBCI, partner and CEO, Forfa Consulting AGDirector Pamela Nigro, CISA, CRISC, CGEIT, CRMA; Vice President Information Technology/Security Officer, Home Access Health CorporationDirector Gregory Touhill, CISM, CISSP, Brigadier General (ret); President of AppGate Federal GroupDirector Asaf Weisberg, CISA, CRISC, CISM, CGEIT, CSX-P, Founder and CEO, introSight Director Gabriela Hernández-Cardoso, former CEO of GE Mexico; former Undersecretary for Communications, Mexican governmentDirector Maureen O’Connell, former EVP and CFO, Scholastic CorpDirector Gerrard Schmid, M.A.Sc. Eng, ICD.D; President and CEO Diebold Nixdorf Director Anna Yip, DPhil; CEO SmarTone Telecommunications Director David Samuelson, ISACA Chief Executive Officer Past chairs on the ISACA Board of Directors include: 2019-2020 Board Chair Brennan P. Baybeck, CISA, CRISC, CISM, CISSP; Vice President and CISO, Customer Services, Oracle Corporation2018-2019 ISACA Board Chair Rob Clyde, CISM, Independent Board Director, Titus and Executive Board Chair, White Cloud Security2015-2017 ISACA Board Chair Chris Dimitriadis, Ph.D., CISA, CISM, CRISC, Group CEO, INTRALOT To read a blog post about the new ISACA Board, click here, and see board member bios at www.isaca.org/board. ### About ISACAFor more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide. Contact:Julie Fenwick, jfenwick@daylightagency.com.au, +61 468 901 655Karen Keech, kkeech@daylightagency.com.au, +61 411 052 408 ISACA research explores how AI security solutions are being deployed to address the cybersecurity skills gap 2020-06-10T00:22:04Z isaca-research-explores-how-ai-security-solutions-are-being-deployed-to-address-the-cybersecurity-skills-gap Sydney, Australia (10 June 2020) – Thirty per cent of survey respondents are using artificial intelligence (AI) and machine learning tools in their security operations to combat cybercrime, according to ISACA’s State of Cybersecurity 2020 Survey Part 2 report. While adoption is still relatively low, despite the numerous products now available in the marketplace, early indications suggest these solutions provide increased visibility, with respondents better able to quantify attack rates. Additionally, the use of AI is one of the top four ways in which organisations are tackling the cybersecurity skills gap, ranking just behind performance-based training of cybersecurity staff. “As senior leadership and crisis management teams plan for the new normal, cybersecurity is a key discussion point. Though the use of AI in mitigating the cybersecurity skills gap is still not yet widely adopted, we expect implementation of AI security solutions to increase, as these strategies are increasingly proven beneficial across various industries,” says Ed Moyle, founding partner, Security Curve, and lead writer of the report. The ISACA report also highlights the increased use of cloud-based software and how the threat landscape may change as a result. Enterprises continue to embrace software-as-a-service (SaaS) applications for critical business activities and continue to look to platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) solutions to bolster or replace internally hosted resources. “As resources continue to move externally, a shift in the number of attacks from end-user computing environments to cloud services providers is probable,” says Jo Stewart-Rattray former ISACA board director and Director of Information Security & IT Assurance, BRM Advisory. “This may also lead to a decrease in an enterprises’ visibility into the type and number of cyberattacks, as attacks are counted and managed by the cloud provider’s security operations team.” Cybercrime still underreported This year’s report found the top attack types as social engineering (15%), advanced persistent threat (10%) and ransomware and unpatched systems (9% each). Yet, respondents believe that cybercrime remains underreported, with 62% of professionals believing that enterprises are failing to report cybercrimes, even in situations where they have a legal or contractual obligation to do so. This trend, highlighted in last year’s report, continues unabated. Worryingly, as some regulations carry a penalty for failure to report, this data suggests many organisations are knowingly or unknowingly taking on regulatory risk. Additionally, as 53% of respondents report that the board of directors has adequately prioritised cybersecurity, it would be expected that the security function would therefore be integrated into enterprise governance. The fact that the perception of underreporting continues given strong coordination with other departments and implicit oversight implies a systemic failure to report. “These findings also reveal some hard truths our profession needs to face around the need for greater transparency and communication around these attacks, so that practitioners can fully understand and effectively respond to the current threat landscape they are facing,” adds Moyle. The survey, with responses from more than 2,000 respondents from over 17 industries and 102 countries, found cyberattacks are also continuing to increase, with 32% of respondents reporting an increase in the number of attacks relative to a year ago. To read the full report, expert insights and related resources, visit: www.isaca.org/state-of-cybersecurity-2020. More resources around cybersecurity can be found at www.isaca.org/training-and-events/cybersecurity. ### About ISACA For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide. Twitter: www.twitter.com/ISACANews LinkedIn: www.linkedin.com/company/isaca Facebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact: Julie Fenwick, jfenwick@daylightagency.com.au, +61 468 901 655 Karen Keech, kkeech@daylightagency.com.au, +61 411 052 408 ISACA Launches Early Adoption Program for New Technical Privacy Certification: Certified Data Privacy Solutions Engineer 2020-05-04T23:44:29Z isaca-launches-early-adoption-program-for-new-technical-privacy-certification-certified-data-privacy-solutions-engineer Sydney, Australia (5 May 2020) – Headline-grabbing events and regulations have made it clear to organisations just how essential it is to prioritize data privacy. However, new research from ISACA indicates that many organisations are struggling in this space. More than one-quarter of organisations say it is difficult to understand all their privacy requirements, and 40 percent say they lack competent resources to implement a successful privacy program, which requires expertise in technical implementation that goes beyond awareness of regulatory requirements. Given the high stakes for organisations and the great need for qualified professionals to create privacy solutions that are aligned with organisational goals and risk appetite, ISACA is launching its new Certified Data Privacy Solutions Engineer (CDPSE) certification. The first experience-based, technical certification of its kind, CDPSE assesses a technology professional’s ability to implement privacy by design to enable organisations to enhance privacy technology platforms and products that provide benefits to consumers, build trust and advance data privacy. Professionals can begin to apply for the CDPSE certification starting today as part of a limited early-adoption opportunity in which those who have the necessary experience can become certified. This includes those who have five years of work experience performing the work described within the exam content outline, with this experience earned in at least two of the CDPSE exam content outline domains. For those holding a CISA, CISM, CGEIT, CRISC or CSX-P certification, the work experience requirement decreases to three years. “Many technology professionals have a basic understanding of the legal requirements involved in new privacy laws and regulations, but they are missing the in-depth ability to implement them into their existing and future systems, networks and applications,” says Nader Qaimari, ISACA Chief Learning Officer. “Up until now, certifications have primarily focused on the legal aspect with limited technical coverage. ISACA’s CDPSE certification fills a gap and allows privacy technologists to demonstrate they understand the technical aspects of creating and managing privacy programs and solutions to ensure compliance and mitigate risk.” CDPSE offers a natural progression for IT professionals who are tasked with designing, implementing and managing the technology that stores, collects and transports PII, as well as ensuring that privacy is considered in the design. As privacy requires complex collaboration across multiple functions in an organisation, CDPSE is also designed to validate privacy technologists’ ability to work cross-functionally with the legal team, policy department, engineers, software developers, database administrators, and back-end and front-end experts, while playing a key role throughout the planning, development and delivery of IT privacy solutions. “If an organisation is storing data about people, implementing a comprehensive privacy solution is incredibly important. Building this solution entails bridging the gap between the legal and IT sides of data privacy, setting best practices aligned with organisational goals,” says David Bowden, CISM, CIPT, CIPM, PMP, CSM; Vice President, Information Security, Data Privacy, Compliance & Information Technology, Zwift, Inc., and member of ISACA’s privacy advisory group. “The privacy technologists who have the experience and credentials to validate this knowledge will not only be able to play an integral part in driving these privacy solutions, but also play a major role in earning and retaining customer trust and providing organisations with a competitive advantage.” More information on the early-adoption phase of the CDPSE certification, as well as additional privacy resources and guidance, can be found at www.isaca.org/cdpse. ### About ISACAFor more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide. Twitter: www.twitter.com/ISACANewsLinkedIn: www.linkedin.com/company/isacaFacebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact:Julie Fenwick, jfenwick@daylightagency.com.au +1 61 468 901 655Karen Keech, kkeech@daylightagency.com.au + 61 411 052 408 ISACA Survey: Cybersecurity Attacks Are Rising During COVID-19, But Only Half of Organisations Say Their Security Teams Are Prepared for Them 2020-05-03T23:30:32Z isaca-survey-cybersecurity-attacks-are-rising-during-covid-19-but-only-half-of-organisations-say-their-security-teams-are-prepared-for-them Sydney, Australia (4 May 2020) – Only 51 per cent of technology professionals and leaders are highly confident that their cybersecurity teams are ready to detect and respond to the rising cybersecurity attacks during COVID-19, according to new research by global association ISACA. Additionally, only 59 per cent say their cybersecurity team has the necessary tools and resources at home to perform their job effectively. This presents a problem, as 58 per cent of respondents say threat actors are taking advantage of the pandemic to disrupt organisations, and 92 per cent say cyberattacks on individuals are increasing. Cybersecurity professionals have seen a spike in COVID-19 phishing schemes promising government stimulus handouts, and even a financial relief package from the World Health Organization. While 80 per cent of organisations shared cyber risk best practices for working at home as self-isolation measures began, 87 per cent of respondents still say the rapid transition to remote work has increased data protection and privacy risk. “Organisations are rapidly and aggressively moving toward new ways of doing business during this time, which is a very positive thing, but it can also lead to making compromises that can leave them vulnerable to threats,” says ISACA CEO David Samuelson. “A surge in the number of remote workers means there is a greater attack surface. Remote work is critically important right now, so security has to be at the forefront along with employee education. ISACA professionals have an especially critical role to play in protecting their enterprises, customers and stakeholders during this pandemic.” Upskilling & Reskilling during COVID-19 ISACA is also seeing an uptake in professionals utilising this time to increase learnings and focus on career development to pivot into cybersecurity roles. In response to COVID-19, ISACA has expanded its online certification offerings, including exam-taking from home via remote proctoring, to ensure learning and certification opportunities are maximised during this time. According to the State of Cybersecurity 2020 report, prior to COVID-19, 62 per cent of respondents believe their organisation’s cybersecurity teams are understaffed and many organisations struggle to find the right candidates with the right skills and experience to meet the demands of those roles.Job opportunities in cybersecurity are predicted to increase, as people continue to embrace new technologies and evolve remote working options, which can leave organisations more vulnerable to cyberattacks. Hence, making certifications available online assists professionals to upskill and reskill during this time. Outlook for Employment Post-COVID-19 Looking toward the economic and personal effects, the COVID-19 research shows most of the professionals surveyed believe their jobs are safe. Ten per cent think a job loss is likely and 1 per cent has been asked to take leave without pay. However, while their own positions are stable, respondents are still extremely concerned about these wider impacts of the novel coronavirus:Economic impact on my national economy (49 per cent)Health of family and friends (44 per cent)Personal health (30 per cent)Economic impact on my organisation (24 per cent) COVID-19 Impact on Business Operations While respondents report being highly satisfied with their organisation’s internal communications, business continuity plans and executive leadership related to COVID-19, their organisations have not been able to avoid the negative effects, including:Decreased revenues/sales (46 per cent)Reduced overall productivity (37 per cent—more executives than practitioners think this is the case)Reduced budgets (32 per cent)Supply chain problems (22 per cent)Closed business operations (19 per cent)The majority of respondents expect normal business operations to resume by Q3 2020.“It’s hard to predict what ‘normal’ will look like in the short term,” said ISACA CTO Simona Rollinson. “What we do know is that tech professionals, including the IT audit, risk, governance and security professionals in our community, are more necessary than ever to their enterprises, and they are well-positioned to adapt and even thrive, regardless of what changes may be in store.” ISACA surveyed more than 3,700 IT audit, risk, governance and cybersecurity professionals from 123 countries in mid-April to assess the impact of COVID-19 on their organisations and their own jobs. For more information on ISACA’s COVID-19 study, visit www.isaca.org/covid19study. ISACA’s COVID-19 resource centre, which contains resources on business continuity, secure remote work and virtual learning, is available here. More details about ISACA’s globally recognised certifications, with exams that can be conducted at home with live remote proctoring, is provided here. About ISACAFor more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation with 145,000 members who work in information security, governance, assurance, risk and privacy. It has a presence in 188 countries, including more than 220 chapters worldwide. Twitter: www.twitter.com/ISACANewsLinkedIn: www.linkedin.com/company/isacaFacebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact:Julie Fenwick, jfenwick@daylightagency.com.au +1 61 468 901 655Karen Keech, kkeech@daylightagency.com.au, + 61 411 052 408 ISACA Updates Exam Content Outline for the CGEIT Certification 2020-04-30T23:59:47Z isaca-updates-exam-content-outline-for-the-cgeit-certification SYDNEY, AUSTRALIA (1 May 2020) – As governance, risk and compliance professionals know well, IT increasingly runs through every aspect of an organisation—making governance more important than ever to achieve digital transformation and drive business value. During the current pandemic, it has become even clearer that organisations with corporate and IT governance policies and processes in place are better able to adapt quickly to the changing situation and maintain productivity. With the governance landscape evolving at a rapid pace, ISACA is updating the content outline for its Certified in the Governance of Enterprise IT (CGEIT) certification exam to reflect the evolving technology envirnoment, as well as the knowledge and skills tha professionals need to strengthen governance at their organisations. The updated CGEIT exam content outline—or the certification job practice areas that outline the domains, knowledge areas and tasks—offers revised content areas that are more concise and address new trends, emerging technologies and changing business needs, accounting for the latest governance industry practices. The CGEIT update also includes a focus on information governance and big data, while re-aligning job practice areas based on current role requirements. As part of this updated exam content outline, the exam domains have been consolidated from five to four, and include the governance of enterprise IT, IT resources, benefits realisation, and risk optimisation. To view the outlines of these domains, as well as the full list of task statements for the exam, visit www.isaca.org/credentialing/cgeit/cgeit-exam-content-outline. “Unlike other certifications that focus on technical skills in specific domains, CGEIT focuses on the big picture,” says Nader Qaimari, ISACA Chief Learning Officer. “This certification helps IT professionals understand overarching business goals, proactively plan and optimise resources, and adjust to new regulations and mandates with minimal interruption in operations, providing great value to the C-suite, including during times of crisis like we are experiencing now.” ISACA’s CGEIT certification is designed to elevate the governance professional’s expertise in aligning IT initiatives with overall organisational goals. It is also the only governance certification that is framework-agnostic, which allows CGEIT certification-holders to think strategically, assess the organisation’s policies and processes, and craft a framework tailored specifically for the organisation, maximising business value through effective IT governance. “This holistic, updated CGEIT reflects new trends and changing business needs to enable certification-holders to propel their careers even further and drive stronger business impact,” adds Mark Thomas, CGEIT, CRISC, Certified COBIT Assessor, president, Escoute Consulting. Practitioners will be able to take the CGEIT exam with the current content outline until 28 June. The new exam will take effect 2 July. The CGEIT exam costs US$575 for ISACA members and US$760 for non-members. For additional information about CGEIT, please visit www.isaca.org/credentialing/cgeit or access CGEIT FAQs here. Learn more about ISACA's other credentials, including CISA, CISM, CRISC, CSX-P and CDPSE at www.isaca.org/certification. About ISACA For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation with 145,000 members who work in information security, governance, assurance, risk and privacy. It has a presence in 188 countries, including more than 220 chapters worldwide. Twitter: www.twitter.com/ISACANews LinkedIn: www.linkedin.com/company/isaca Facebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact: Julie Fenwick, jfenwick@daylightagency.com.au Karen Keech, kkeech@daylightagency.com.au New ISACA Resource Offers Key Tactics Organisations Can Use to Ensure Data Security and Compliance 2020-04-29T02:31:17Z new-isaca-resource-offers-key-tactics-organisations-can-use-to-ensure-data-security-and-compliance SYDNEY, AUSTRALIA (29 April 2020) – Expanding regulatory demands for information protection and user security call for having processes and technology solutions to achieve data security and compliance without compromising user productivity. These are highlighted in a new paper from ISACA sponsored by Microsoft, “Achieving Data Security and Compliance: How to Safeguard Identity, Protect Information, Reduce Risk and Create Value.” The paper identifies steps enterprises can take to achieve compliance and data security without experiencing a separation between information security controls and data security requirements, including: Make the connection between the user’s data and the user’s identity. This will safeguard data and secure the enterprise from attacks that depend on social engineering. Embrace an identity-centric approach. In the past, security architectures placed data or digital assets at the core of their diagrams, with identity on the outer tiers. An identity-centric approach acknowledges the fundamental importance of the human element for the entire enterprise. Implement deep data classification. The user can be an effective force in security; by allowing his or her participation, the user can have an incredible impact on the enterprise’s security and compliance. “People play a critical role in the success of an enterprise’s security and compliance program,” said Richard Bird, Chief Customer Information Officer for Ping Identity, and lead developer for the white paper. “An identity-centric approach enforces the notion that protecting people’s identities is as vitally important as protecting their data. Resources like this can help guide organisations in effectively weaving in the human element throughout their data security and compliance initiatives.” The paper also includes a list of key elements that a data security and compliance program must embrace, including: Discovering the purpose, use and location of data inside and outside of the enterprise. Identifying the sensitivity and criticality of the data. Deploying technology solutions which enable continuous monitoring of the data management processes and user identity to ensure that data security and compliance is being achieved. “In the challenging environment we face today, there’s never been a more important time to ensure your data is protected,” said Alym Rayani, Senior Director, Microsoft 365 Compliance. “Implementing data protection and identity-focused strategies are key to keeping people secure and productive, especially in remote work environments.” To access the complimentary white paper, visit www.isaca.org/bookstore/bookstore-wht_papers-digital/whpdsc. Gain access to additional educational resources from ISACA at www.isaca.org/resources. About Microsoft Microsoft® (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organisation on the planet to achieve more. About ISACA For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. Twitter: www.twitter.com/ISACANews LinkedIn: www.linkedin.com/company/isaca Facebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact: Julie Fenwick, jfenwick@daylightagency.com.au Karen Keech, kkeech@daylightagency.com.au ISACA to Introduce Live Remote Proctoring for All Certifications to Ensure Uninterrupted Access for Learners 2020-04-01T00:04:02Z isaca-to-introduce-live-remote-proctoring-for-all-certifications-to-ensure-uninterrupted-access-for-learners SYDNEY, AUSTRALIA (1 April 2020) – ISACA certification candidates will be able to take certification exams remotely by the end of April, providing test-takers flexibility and convenience at a time when public health concerns related to the COVID-19 global pandemic have impeded traditional testing methods. Many have needed to shift to new ways of living and working amidst the COVID-19 pandemic. ISACA is innovating its test-taking procedures to ensure continuity in its globally respected certification program, including offering live remote proctoring for its Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), and Certified in Risk and Information Systems Control (CRISC) certification exams, which will be made available to test-takers by the end of April. Candidates can register for the exam now and choose the live remote proctoring option as soon as it becomes available. The security and integrity of these tests continues to be a priority. Remote proctoring of the exams allows for monitoring of the testing area via video and for each remote proctor to monitor a few candidates at one time. Internet access during the test is prohibited. This new exam delivery option—offered through ISACA’s exam vendor PSI—ensures that those who have already begun to pursue an ISACA certification, or are in the process of exploring new remote learning opportunities, can continue to advance their learning and career goals during this time while also protecting their health. “It is vital to ISACA as a global learning organisation to continuously evolve to meet our professional community where they are—not only by developing educational offerings they need, but also by delivering these learning options when and where they need them and in ways that are safe and secure,” said Nader Qaimari, ISACA chief learning officer. “As we stay nimble to meet these changing needs in our community, adding live remote proctoring for ISACA’s certification exams ensures that professionals can continue undeterred in their learning and career advancement journeys.” Those registering for certification exams can indicate their interest in the live remote proctoring option. If an exam-taker lives in an area in which testing centres remain open, they still have the option to take the exam in person. Learn more about ISACA’s certifications at www.isaca.org/credentialing/certifications. To access ISACA updates and resources related to COVID-19, visit www.isaca.org/go/covid19. About ISACA For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation with 145,000 members who work in information security, governance, assurance, risk and privacy. It has a presence in 188 countries, including more than 220 chapters worldwide. Twitter: www.twitter.com/ISACANews LinkedIn: www.linkedin.com/company/isaca Facebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact: Julie Fenwick, jfenwick@daylightagency.com.au Karen Keech, kkeech@daylightagency.com.au ISACA Launches New Audit Program for Security Incident Management 2020-03-16T01:46:59Z isaca-launches-new-audit-program-for-security-incident-management-1 Sydney, Australia (16 March 2020) – Security incidents are only growing in number—according to ISACA’s 2019 State of Cybersecurity survey report, part 2, 46 per cent of respondents believe that their enterprises are experiencing an increase in attacks relative to last year. In light of this, incident management programs are more important than ever, and with ISACA’s newly launched Security Incident Management Audit Program, audit professionals now have the tools to more effectively evaluate incident management programs and achieve greater assurance. The audit program covers process areas of security incident management programs and clearly outlines process sub-areas —like detection and analysis, forensics, and change management during program implementation as well as control objectives, controls and testing steps in a customisable spreadsheet. The audit program examines assurance across areas such as: Program design and implementation—Exploring processes including risk analysis; awareness and training; detection and analysis; and containment, eradication and recovery Tools and technologies—Covering areas such as software, vulnerability assessments, and configurations of workstations and servers Reporting best practices—Including reports and escalation documents, as well as a formal process for root cause analysis Lessons learned—Factoring in steps such as a protocol for post-incident reflection “Security incidents not only result in added expenses, but can damage a company’s reputation—so enterprises need to ensure that security incident management programs are effective,” said Beverly Thomas, CISA, expert reviewer for the audit program, and Senior Manager, Internal Audit, UMWA Health & Retirement Funds. “Having an organised audit program to assess these programs is an important part of driving their success.” The Security Incident Management Audit Program is AUD $40.65 for ISACA members and AUD $79.65 for non-members. To access, visit www.isaca.org/bookstore/audit-control-and-security-essentials/wapim2. To explore additional audit programs and other resources, visit www.isaca.org/resources. About ISACA For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members. Contact: Julie Fenwick, jfenwick@daylightagency.com.au +61 468 901 655 Lauren Graham, lgraham@daylightagency.com.au +61 432 614 401 ISACA Launches New Audit Program for Security Incident Management 2020-03-03T23:54:53Z isaca-launches-new-audit-program-for-security-incident-management Sydney, Australia (4 March 2020) – Security incidents are only growing in number—according to ISACA’s 2019 State of Cybersecurity survey report, part 2, 46 per cent of respondents believe that their enterprises are experiencing an increase in attacks relative to last year. In light of this, incident management programs are more important than ever, and with ISACA’s newly launched Security Incident Management Audit Program, audit professionals now have the tools to more effectively evaluate incident management programs and achieve greater assurance. The audit program covers process areas of security incident management programs and clearly outlines process sub-areas —like detection and analysis, forensics, and change management during program implementation as well as control objectives, controls and testing steps in a customisable spreadsheet. The audit program examines assurance across areas such as: Program design and implementation—Exploring processes including risk analysis; awareness and training; detection and analysis; and containment, eradication and recovery Tools and technologies—Covering areas such as software, vulnerability assessments, and configurations of workstations and servers Reporting best practices—Including reports and escalation documents, as well as a formal process for root cause analysis Lessons learned—Factoring in steps such as a protocol for post-incident reflection “Security incidents not only result in added expenses, but can damage a company’s reputation—so enterprises need to ensure that security incident management programs are effective,” said Beverly Thomas, CISA, expert reviewer for the audit program, and Senior Manager, Internal Audit, UMWA Health & Retirement Funds. “Having an organised audit program to assess these programs is an important part of driving their success.” The Security Incident Management Audit Program is US $25 for ISACA members and US $49 for non-members. To access, visit www.isaca.org/bookstore/audit-control-and-security-essentials/wapim2. To explore additional audit programs and other resources, visit www.isaca.org/resources. About ISACA For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members. Contact: Julie Fenwick, jfenwick@daylightagency.com.au, 0468 901 655 Lauren Graham, lgraham@daylightagency.com.au, 0432 614 401 New ISACA Resource Guides Organisations in Overcoming Challenges to Build Effective Data Governance Program 2020-02-19T23:27:37Z new-isaca-resource-guides-organisations-in-overcoming-challenges-to-build-effective-data-governance-program Sydney, Australia (20 February 2020) – Effectively harnessing data can bring new value to businesses through better strategic planning and decision-making. Starting a data governance program or improving an existing program, however, comes with challenges. Enterprises can find best practices for overcoming these barriers and creating effective programs in a new paper from ISACA, “Rethinking Data Governance and Management: A Practical Approach for Data-Driven Enterprises.” Some of the key challenges in data governance that enterprises need to address include: Enterprises often cannot easily perceive the value of data governance because the benefits are difficult to quantify, resulting in a lack of management commitment. Data ownership is often not clearly defined due to the misconception that data management is technical work, and therefore, the IT department’s responsibility. Siloed department and organisational structures result in disaggregated datasets and data analytics challenges. As a solution to these challenges, organisations can employ a phased, five-stage approach to data management. The paper details the process, which starts with establishing a data governance foundation and concludes with a focus on data analytics. “Having an effective data governance program in place is valuable for gaining meaningful insights from data,” says Mais Barouqa, CISA, CGEIT, CRISC, IT Risk & Assurance Manager, Deloitte & Touche, and an expert reviewer for the white paper. “The five-stage approach will provide enterprises with a clear and structured path for building a program that will ultimately create value for their stakeholders while minimising risk.” “Rethinking Data Governance and Management” also offers guidance on building a foundation for data governance, as well as insights into data architecture, data quality and cleansing, data democratisation and data analytics. Professionals can gain practical insight in assessing their own data governance approaches by following a detailed hypothetical case study about a consumer product company looking to make better use of its data. To access the complimentary white paper, visit www.isaca.org/bookstore/bookstore-wht_papers-digital/whprdg. Gain access to additional educational resources from ISACA at www.isaca.org/resources. About ISACA For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. Twitter: www.twitter.com/ISACANews LinkedIn: www.linkedin.com/company/isaca Facebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact: Julie Fenwick, jfenwick@daylightagency.com.au +61 468 901 655 Lauren Graham, lgraham@daylightagency.com.au +61 432 614 401