The PRWIRE Press Releases https:// 2020-06-29T03:10:41Z ISACA’s Risk IT Framework Offers a Structured Methodology for Enterprises to Manage Information and Technology Risk 2020-06-29T03:10:41Z isacas-risk-it-framework-offers-a-structured-methodology-for-enterprises-to-manage-information-and-technology-risk SYDNEY, AUSTRALIA 29 June 2020 – Managing risk and opportunity, including information and technology (I&T) risk, is a key strategic activity for enterprise success—which is even more relevant today during this time of disruption. ISACA has released new editions of risk IT resources to help guide enterprises – Risk IT Framework, 2nd Edition and Risk IT Practitioner Guide, 2nd Edition. The updated Risk IT Framework offers guidelines and practices that optimise risk, opportunity, security and business value, and helps practitioners build consensus regarding risk IT decisions at all enterprise levels. Its companion guide, the Risk IT Practitioner Guide, 2nd Edition, gives practical guidance on how to accomplish the activities described in the Risk IT Framework, 2nd Edition. Both publications were updated to reflect new regulations, methods, and technology that have been introduced since the original editions were published. The second editions include a stronger focus on cybersecurity and align with the latest version of COBIT. Risk IT offers a structured, systematic methodology that helps enterprises:Identify current and emerging risk throughout the extended enterpriseDevelop appropriate operational capabilities to ensure that business processes continue operating through adverse eventsLeverage investments in compliance or internal control systems already in place to optimise I&T-related riskFrame I&T-related risk within a business context to understand aggregate exposure in terms of enterprise valueBoth Risk IT Framework, 2nd Edition and Risk IT Practitioner Guide, 2nd Edition were created to assist in developing, implementing or enhancing the practice of risk management by:Connecting the business context with I&T assets.Shifting the focus to activities over which the enterprise has significant control, such as actively directing and managing risk, while minimising the focus on the conditions over which an enterprise has little control (threat actors).Increasing the focus on using a common risk language that correctly labels the items that must be managed well to create value. “Risk management works best when integrated with the regular workflow of the staff and management rather than as an add-on activity,” says Lisa Young, CISA, CISM, VP of Cyber Risk Engineering at Axio, and the lead developer for both publications. “As Risk IT shows, effective I&T risk management provides many benefits, including reduced or minimised losses, better oversight of organisational assets and increased ability (or capability) to manage risk in alignment with enterprise strategy.” The Risk IT Framework, 2nd Edition is offered in the digital format for free to members and costs US$75 for non-members. The Risk IT Practitioner Guide, 2nd Edition costs US$75 for members and $100 for non-members. To download the framework, visit www.isaca.org/bookstore/bookstore-risk-digital/ritf2. To download the practitioner guide, visit www.isaca.org/bookstore/bookstore-risk-digital/ritpg2. Find additional ISACA resources at www.isaca.org/resources. ###About ISACAFor more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide. Twitter: www.twitter.com/ISACANewsLinkedIn: www.linkedin.com/company/isacaFacebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact:Julie Fenwick, jfenwick@daylightagency.com.au, 0468 901 655Karen Keech, kkeech@daylightagency.com.au, 0411 052 408 MEDIA ALERT: AUSTRALIAN BUSINESSES ILL PREPARED FOR CYBER ATTACKS 2020-06-22T00:27:17Z media-alert-australian-businesses-ill-prepared-for-cyber-attacks Sydney, Australia (22 June 2020) – Following Prime Minister Scott Morrison’s address on 19 June regarding the state-based cyber attack, please find the following cybersecurity research results from global, IT professional association, ISACA. Only 40% of technology professionals and leaders in Australia were highly confident that their cybersecurity teams were ready to detect and respond to the rising cybersecurity attacks occurring during COVID-19.89% of respondents say the rapid transition to remote work has increased data protection and privacy risk.Prior to COVID-19, 64% of respondents in Australia believe their organisation’s cybersecurity teams are understaffed and 58% say they currently have unfilled cybersecurity positions on their team.26% of respondents reported an increase in the number of attacks relative to a year ago69% of professionals believe that enterprises are failing to report cybercrimes, even in situations where they have a legal or contractual obligation to do so. “In the wake of what is probably Australia’s biggest cyber attack, ISACA’s research has found the risk has never been higher for a cyber attack, given the recent economic crises our country has endured,” states Jo Stewart-Rattray, former ISACA Board Director and Director of Information Security & IT Assurance, BRM Advisory. “As businesses and the Government prepares for the new normal, they must understand the risks and their cybermaturity in order to protect their data, assets and personal information.”-ENDS- For commentary from cybersecurity expert, Jo Stewart-Rattray, please contact:Julie Fenwick, jfenwick@daylightagency.com.au, +61 468 901 655Karen Keech, kkeech@daylightagency.com.au, +61 411 052 408 A regular on TV and radio interviews, Jo can discuss:the benefits of strong multi-factor authentication and patchingwhat can be done to protect Australians and organisations from cyber attacksthe issues organisations face, including the cyber skills gap in Australia, budget constraints and more awareness among the C-Suite About ISACA’s COVID-19 Research:ISACA surveyed more than 3,700 IT audit, risk, governance and cybersecurity professionals from 123 countries in mid-April to assess the impact of COVID-19 on their organisations and their own jobs. Over 100 professionals from Australia participated. For more information on ISACA’s COVID-19 study, visit www.isaca.org/covid19study About the State of Cybersecurity StudyMore than 2,000 cybersecurity professionals in 17 industries who hold ISACA’s Certified Information Security Manager (CISM) credential or have information security job titles participated in the online survey, of which just over 100 were from Australia. For a free download of the reports and resources, visit: www.isaca.org/state-of-cybersecurity-2020. About ISACAISACA® (www.isaca.org) is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It was formed over 50 years ago and has a presence in 188 countries, including chapters throughout Australia. ISACA Welcomes 2020-2021 Board of Directors 2020-06-11T00:48:06Z isaca-welcomes-2020-2021-board-of-directors Sydney, Australia (11 June 2020) – Global technology association ISACA installed its 2020-2021 Board of Directors at its virtual Annual General Meeting today, featuring a strong combination of executive expertise and association and chapter leadership experience. The new board also represents seven countries and more than 10 industries, and 92% have C-level experience, including new Board Chair Tracey Dedrick. “This mix of ISACA Global and chapter leadership expertise plus the leadership and industry expertise of our new Board Directors will bring valuable and diverse perspectives that will make us better and benefit our members,” said ISACA CEO David Samuelson. “The diversity of the incoming board—from gender and geography to professional experience—will help ensure our success well into our exciting future, and Tracey’s incredible leadership experience, business results and focus on ISACA’s members make her a tremendous asset to the association.” Tracey Dedrick is a senior executive experienced in risk, compliance, treasury and investor relations. She previously was EVP and Head of Enterprise Risk Management for Santander Holdings US, where she was responsible for enterprise, operational and market risk for the Americas. Prior to this role, she was executive vice president, chief risk officer and a member of the executive team for Hudson City Bancorp, where she built regulatory compliant risk, compliance and information security functions. Before that, Dedrick spent nine years at MetLife, where she successively built the capital markets function for the newly demutualised company as assistant treasurer, reinvented the investor relations function, helping to double the share prices as head of investor relations, and installed a market-consistent economic capital model as head of market risk, leading to the eventual disposition of the annuity business. Additionally, Dedrick serves on the boards of First Bank Puerto Rico and Fieldpoint Private. “It is an honour to be able to drive greater impact for the ISACA community through this role,” said Dedrick, who began serving on the ISACA board in 2018. “We are at an exciting juncture in ISACA’s journey. One of my top priorities as board chair is to get the data we need to best serve our professional community, innovate and transform to help ISACA professionals meet the evolving demands of the marketplace.” Continuing in the vice chair role on ISACA’s board is Rolf von Roessing, CISA, CISM, CGEIT, CDPSE, partner and CEO at Forfa Consulting AG. He brings more than 25 years of experience in governance, risk management and compliance; security and business continuity; and crisis management, including in his time as chairman of Forfa Holding AG since 2008, and in previous senior roles at KPMG and Ernst & Young. Additionally, von Roessing has served on various committees at ISACA since joining the association in 1997 and was an ISACA international vice president from 2009-2011. In total, 13 leaders were installed on the 2020-2021 ISACA Board of Directors during the meeting: Chair Tracey Dedrick, senior executive experienced in risk, compliance, treasury and investor relationsVice Chair Rolf von Roessing, CISA, CISM, CGEIT, CDPSE, CISSP, FBCI, partner and CEO, Forfa Consulting AGDirector Pamela Nigro, CISA, CRISC, CGEIT, CRMA; Vice President Information Technology/Security Officer, Home Access Health CorporationDirector Gregory Touhill, CISM, CISSP, Brigadier General (ret); President of AppGate Federal GroupDirector Asaf Weisberg, CISA, CRISC, CISM, CGEIT, CSX-P, Founder and CEO, introSight Director Gabriela Hernández-Cardoso, former CEO of GE Mexico; former Undersecretary for Communications, Mexican governmentDirector Maureen O’Connell, former EVP and CFO, Scholastic CorpDirector Gerrard Schmid, M.A.Sc. Eng, ICD.D; President and CEO Diebold Nixdorf Director Anna Yip, DPhil; CEO SmarTone Telecommunications Director David Samuelson, ISACA Chief Executive Officer Past chairs on the ISACA Board of Directors include: 2019-2020 Board Chair Brennan P. Baybeck, CISA, CRISC, CISM, CISSP; Vice President and CISO, Customer Services, Oracle Corporation2018-2019 ISACA Board Chair Rob Clyde, CISM, Independent Board Director, Titus and Executive Board Chair, White Cloud Security2015-2017 ISACA Board Chair Chris Dimitriadis, Ph.D., CISA, CISM, CRISC, Group CEO, INTRALOT To read a blog post about the new ISACA Board, click here, and see board member bios at www.isaca.org/board. ### About ISACAFor more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide. Contact:Julie Fenwick, jfenwick@daylightagency.com.au, +61 468 901 655Karen Keech, kkeech@daylightagency.com.au, +61 411 052 408 ISACA research explores how AI security solutions are being deployed to address the cybersecurity skills gap 2020-06-10T00:22:04Z isaca-research-explores-how-ai-security-solutions-are-being-deployed-to-address-the-cybersecurity-skills-gap Sydney, Australia (10 June 2020) – Thirty per cent of survey respondents are using artificial intelligence (AI) and machine learning tools in their security operations to combat cybercrime, according to ISACA’s State of Cybersecurity 2020 Survey Part 2 report. While adoption is still relatively low, despite the numerous products now available in the marketplace, early indications suggest these solutions provide increased visibility, with respondents better able to quantify attack rates. Additionally, the use of AI is one of the top four ways in which organisations are tackling the cybersecurity skills gap, ranking just behind performance-based training of cybersecurity staff. “As senior leadership and crisis management teams plan for the new normal, cybersecurity is a key discussion point. Though the use of AI in mitigating the cybersecurity skills gap is still not yet widely adopted, we expect implementation of AI security solutions to increase, as these strategies are increasingly proven beneficial across various industries,” says Ed Moyle, founding partner, Security Curve, and lead writer of the report. The ISACA report also highlights the increased use of cloud-based software and how the threat landscape may change as a result. Enterprises continue to embrace software-as-a-service (SaaS) applications for critical business activities and continue to look to platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) solutions to bolster or replace internally hosted resources. “As resources continue to move externally, a shift in the number of attacks from end-user computing environments to cloud services providers is probable,” says Jo Stewart-Rattray former ISACA board director and Director of Information Security & IT Assurance, BRM Advisory. “This may also lead to a decrease in an enterprises’ visibility into the type and number of cyberattacks, as attacks are counted and managed by the cloud provider’s security operations team.” Cybercrime still underreported This year’s report found the top attack types as social engineering (15%), advanced persistent threat (10%) and ransomware and unpatched systems (9% each). Yet, respondents believe that cybercrime remains underreported, with 62% of professionals believing that enterprises are failing to report cybercrimes, even in situations where they have a legal or contractual obligation to do so. This trend, highlighted in last year’s report, continues unabated. Worryingly, as some regulations carry a penalty for failure to report, this data suggests many organisations are knowingly or unknowingly taking on regulatory risk. Additionally, as 53% of respondents report that the board of directors has adequately prioritised cybersecurity, it would be expected that the security function would therefore be integrated into enterprise governance. The fact that the perception of underreporting continues given strong coordination with other departments and implicit oversight implies a systemic failure to report. “These findings also reveal some hard truths our profession needs to face around the need for greater transparency and communication around these attacks, so that practitioners can fully understand and effectively respond to the current threat landscape they are facing,” adds Moyle. The survey, with responses from more than 2,000 respondents from over 17 industries and 102 countries, found cyberattacks are also continuing to increase, with 32% of respondents reporting an increase in the number of attacks relative to a year ago. To read the full report, expert insights and related resources, visit: www.isaca.org/state-of-cybersecurity-2020. More resources around cybersecurity can be found at www.isaca.org/training-and-events/cybersecurity. ### About ISACA For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide. Twitter: www.twitter.com/ISACANews LinkedIn: www.linkedin.com/company/isaca Facebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact: Julie Fenwick, jfenwick@daylightagency.com.au, +61 468 901 655 Karen Keech, kkeech@daylightagency.com.au, +61 411 052 408 ISACA Launches Early Adoption Program for New Technical Privacy Certification: Certified Data Privacy Solutions Engineer 2020-05-04T23:44:29Z isaca-launches-early-adoption-program-for-new-technical-privacy-certification-certified-data-privacy-solutions-engineer Sydney, Australia (5 May 2020) – Headline-grabbing events and regulations have made it clear to organisations just how essential it is to prioritize data privacy. However, new research from ISACA indicates that many organisations are struggling in this space. More than one-quarter of organisations say it is difficult to understand all their privacy requirements, and 40 percent say they lack competent resources to implement a successful privacy program, which requires expertise in technical implementation that goes beyond awareness of regulatory requirements. Given the high stakes for organisations and the great need for qualified professionals to create privacy solutions that are aligned with organisational goals and risk appetite, ISACA is launching its new Certified Data Privacy Solutions Engineer (CDPSE) certification. The first experience-based, technical certification of its kind, CDPSE assesses a technology professional’s ability to implement privacy by design to enable organisations to enhance privacy technology platforms and products that provide benefits to consumers, build trust and advance data privacy. Professionals can begin to apply for the CDPSE certification starting today as part of a limited early-adoption opportunity in which those who have the necessary experience can become certified. This includes those who have five years of work experience performing the work described within the exam content outline, with this experience earned in at least two of the CDPSE exam content outline domains. For those holding a CISA, CISM, CGEIT, CRISC or CSX-P certification, the work experience requirement decreases to three years. “Many technology professionals have a basic understanding of the legal requirements involved in new privacy laws and regulations, but they are missing the in-depth ability to implement them into their existing and future systems, networks and applications,” says Nader Qaimari, ISACA Chief Learning Officer. “Up until now, certifications have primarily focused on the legal aspect with limited technical coverage. ISACA’s CDPSE certification fills a gap and allows privacy technologists to demonstrate they understand the technical aspects of creating and managing privacy programs and solutions to ensure compliance and mitigate risk.” CDPSE offers a natural progression for IT professionals who are tasked with designing, implementing and managing the technology that stores, collects and transports PII, as well as ensuring that privacy is considered in the design. As privacy requires complex collaboration across multiple functions in an organisation, CDPSE is also designed to validate privacy technologists’ ability to work cross-functionally with the legal team, policy department, engineers, software developers, database administrators, and back-end and front-end experts, while playing a key role throughout the planning, development and delivery of IT privacy solutions. “If an organisation is storing data about people, implementing a comprehensive privacy solution is incredibly important. Building this solution entails bridging the gap between the legal and IT sides of data privacy, setting best practices aligned with organisational goals,” says David Bowden, CISM, CIPT, CIPM, PMP, CSM; Vice President, Information Security, Data Privacy, Compliance & Information Technology, Zwift, Inc., and member of ISACA’s privacy advisory group. “The privacy technologists who have the experience and credentials to validate this knowledge will not only be able to play an integral part in driving these privacy solutions, but also play a major role in earning and retaining customer trust and providing organisations with a competitive advantage.” More information on the early-adoption phase of the CDPSE certification, as well as additional privacy resources and guidance, can be found at www.isaca.org/cdpse. ### About ISACAFor more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide. Twitter: www.twitter.com/ISACANewsLinkedIn: www.linkedin.com/company/isacaFacebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact:Julie Fenwick, jfenwick@daylightagency.com.au +1 61 468 901 655Karen Keech, kkeech@daylightagency.com.au + 61 411 052 408 ISACA Survey: Cybersecurity Attacks Are Rising During COVID-19, But Only Half of Organisations Say Their Security Teams Are Prepared for Them 2020-05-03T23:30:32Z isaca-survey-cybersecurity-attacks-are-rising-during-covid-19-but-only-half-of-organisations-say-their-security-teams-are-prepared-for-them Sydney, Australia (4 May 2020) – Only 51 per cent of technology professionals and leaders are highly confident that their cybersecurity teams are ready to detect and respond to the rising cybersecurity attacks during COVID-19, according to new research by global association ISACA. Additionally, only 59 per cent say their cybersecurity team has the necessary tools and resources at home to perform their job effectively. This presents a problem, as 58 per cent of respondents say threat actors are taking advantage of the pandemic to disrupt organisations, and 92 per cent say cyberattacks on individuals are increasing. Cybersecurity professionals have seen a spike in COVID-19 phishing schemes promising government stimulus handouts, and even a financial relief package from the World Health Organization. While 80 per cent of organisations shared cyber risk best practices for working at home as self-isolation measures began, 87 per cent of respondents still say the rapid transition to remote work has increased data protection and privacy risk. “Organisations are rapidly and aggressively moving toward new ways of doing business during this time, which is a very positive thing, but it can also lead to making compromises that can leave them vulnerable to threats,” says ISACA CEO David Samuelson. “A surge in the number of remote workers means there is a greater attack surface. Remote work is critically important right now, so security has to be at the forefront along with employee education. ISACA professionals have an especially critical role to play in protecting their enterprises, customers and stakeholders during this pandemic.” Upskilling & Reskilling during COVID-19 ISACA is also seeing an uptake in professionals utilising this time to increase learnings and focus on career development to pivot into cybersecurity roles. In response to COVID-19, ISACA has expanded its online certification offerings, including exam-taking from home via remote proctoring, to ensure learning and certification opportunities are maximised during this time. According to the State of Cybersecurity 2020 report, prior to COVID-19, 62 per cent of respondents believe their organisation’s cybersecurity teams are understaffed and many organisations struggle to find the right candidates with the right skills and experience to meet the demands of those roles.Job opportunities in cybersecurity are predicted to increase, as people continue to embrace new technologies and evolve remote working options, which can leave organisations more vulnerable to cyberattacks. Hence, making certifications available online assists professionals to upskill and reskill during this time. Outlook for Employment Post-COVID-19 Looking toward the economic and personal effects, the COVID-19 research shows most of the professionals surveyed believe their jobs are safe. Ten per cent think a job loss is likely and 1 per cent has been asked to take leave without pay. However, while their own positions are stable, respondents are still extremely concerned about these wider impacts of the novel coronavirus:Economic impact on my national economy (49 per cent)Health of family and friends (44 per cent)Personal health (30 per cent)Economic impact on my organisation (24 per cent) COVID-19 Impact on Business Operations While respondents report being highly satisfied with their organisation’s internal communications, business continuity plans and executive leadership related to COVID-19, their organisations have not been able to avoid the negative effects, including:Decreased revenues/sales (46 per cent)Reduced overall productivity (37 per cent—more executives than practitioners think this is the case)Reduced budgets (32 per cent)Supply chain problems (22 per cent)Closed business operations (19 per cent)The majority of respondents expect normal business operations to resume by Q3 2020.“It’s hard to predict what ‘normal’ will look like in the short term,” said ISACA CTO Simona Rollinson. “What we do know is that tech professionals, including the IT audit, risk, governance and security professionals in our community, are more necessary than ever to their enterprises, and they are well-positioned to adapt and even thrive, regardless of what changes may be in store.” ISACA surveyed more than 3,700 IT audit, risk, governance and cybersecurity professionals from 123 countries in mid-April to assess the impact of COVID-19 on their organisations and their own jobs. For more information on ISACA’s COVID-19 study, visit www.isaca.org/covid19study. ISACA’s COVID-19 resource centre, which contains resources on business continuity, secure remote work and virtual learning, is available here. More details about ISACA’s globally recognised certifications, with exams that can be conducted at home with live remote proctoring, is provided here. About ISACAFor more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation with 145,000 members who work in information security, governance, assurance, risk and privacy. It has a presence in 188 countries, including more than 220 chapters worldwide. Twitter: www.twitter.com/ISACANewsLinkedIn: www.linkedin.com/company/isacaFacebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact:Julie Fenwick, jfenwick@daylightagency.com.au +1 61 468 901 655Karen Keech, kkeech@daylightagency.com.au, + 61 411 052 408 ISACA Updates Exam Content Outline for the CGEIT Certification 2020-04-30T23:59:47Z isaca-updates-exam-content-outline-for-the-cgeit-certification SYDNEY, AUSTRALIA (1 May 2020) – As governance, risk and compliance professionals know well, IT increasingly runs through every aspect of an organisation—making governance more important than ever to achieve digital transformation and drive business value. During the current pandemic, it has become even clearer that organisations with corporate and IT governance policies and processes in place are better able to adapt quickly to the changing situation and maintain productivity. With the governance landscape evolving at a rapid pace, ISACA is updating the content outline for its Certified in the Governance of Enterprise IT (CGEIT) certification exam to reflect the evolving technology envirnoment, as well as the knowledge and skills tha professionals need to strengthen governance at their organisations. The updated CGEIT exam content outline—or the certification job practice areas that outline the domains, knowledge areas and tasks—offers revised content areas that are more concise and address new trends, emerging technologies and changing business needs, accounting for the latest governance industry practices. The CGEIT update also includes a focus on information governance and big data, while re-aligning job practice areas based on current role requirements. As part of this updated exam content outline, the exam domains have been consolidated from five to four, and include the governance of enterprise IT, IT resources, benefits realisation, and risk optimisation. To view the outlines of these domains, as well as the full list of task statements for the exam, visit www.isaca.org/credentialing/cgeit/cgeit-exam-content-outline. “Unlike other certifications that focus on technical skills in specific domains, CGEIT focuses on the big picture,” says Nader Qaimari, ISACA Chief Learning Officer. “This certification helps IT professionals understand overarching business goals, proactively plan and optimise resources, and adjust to new regulations and mandates with minimal interruption in operations, providing great value to the C-suite, including during times of crisis like we are experiencing now.” ISACA’s CGEIT certification is designed to elevate the governance professional’s expertise in aligning IT initiatives with overall organisational goals. It is also the only governance certification that is framework-agnostic, which allows CGEIT certification-holders to think strategically, assess the organisation’s policies and processes, and craft a framework tailored specifically for the organisation, maximising business value through effective IT governance. “This holistic, updated CGEIT reflects new trends and changing business needs to enable certification-holders to propel their careers even further and drive stronger business impact,” adds Mark Thomas, CGEIT, CRISC, Certified COBIT Assessor, president, Escoute Consulting. Practitioners will be able to take the CGEIT exam with the current content outline until 28 June. The new exam will take effect 2 July. The CGEIT exam costs US$575 for ISACA members and US$760 for non-members. For additional information about CGEIT, please visit www.isaca.org/credentialing/cgeit or access CGEIT FAQs here. Learn more about ISACA's other credentials, including CISA, CISM, CRISC, CSX-P and CDPSE at www.isaca.org/certification. About ISACA For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation with 145,000 members who work in information security, governance, assurance, risk and privacy. It has a presence in 188 countries, including more than 220 chapters worldwide. Twitter: www.twitter.com/ISACANews LinkedIn: www.linkedin.com/company/isaca Facebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact: Julie Fenwick, jfenwick@daylightagency.com.au Karen Keech, kkeech@daylightagency.com.au New ISACA Resource Offers Key Tactics Organisations Can Use to Ensure Data Security and Compliance 2020-04-29T02:31:17Z new-isaca-resource-offers-key-tactics-organisations-can-use-to-ensure-data-security-and-compliance SYDNEY, AUSTRALIA (29 April 2020) – Expanding regulatory demands for information protection and user security call for having processes and technology solutions to achieve data security and compliance without compromising user productivity. These are highlighted in a new paper from ISACA sponsored by Microsoft, “Achieving Data Security and Compliance: How to Safeguard Identity, Protect Information, Reduce Risk and Create Value.” The paper identifies steps enterprises can take to achieve compliance and data security without experiencing a separation between information security controls and data security requirements, including: Make the connection between the user’s data and the user’s identity. This will safeguard data and secure the enterprise from attacks that depend on social engineering. Embrace an identity-centric approach. In the past, security architectures placed data or digital assets at the core of their diagrams, with identity on the outer tiers. An identity-centric approach acknowledges the fundamental importance of the human element for the entire enterprise. Implement deep data classification. The user can be an effective force in security; by allowing his or her participation, the user can have an incredible impact on the enterprise’s security and compliance. “People play a critical role in the success of an enterprise’s security and compliance program,” said Richard Bird, Chief Customer Information Officer for Ping Identity, and lead developer for the white paper. “An identity-centric approach enforces the notion that protecting people’s identities is as vitally important as protecting their data. Resources like this can help guide organisations in effectively weaving in the human element throughout their data security and compliance initiatives.” The paper also includes a list of key elements that a data security and compliance program must embrace, including: Discovering the purpose, use and location of data inside and outside of the enterprise. Identifying the sensitivity and criticality of the data. Deploying technology solutions which enable continuous monitoring of the data management processes and user identity to ensure that data security and compliance is being achieved. “In the challenging environment we face today, there’s never been a more important time to ensure your data is protected,” said Alym Rayani, Senior Director, Microsoft 365 Compliance. “Implementing data protection and identity-focused strategies are key to keeping people secure and productive, especially in remote work environments.” To access the complimentary white paper, visit www.isaca.org/bookstore/bookstore-wht_papers-digital/whpdsc. Gain access to additional educational resources from ISACA at www.isaca.org/resources. About Microsoft Microsoft® (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organisation on the planet to achieve more. About ISACA For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. Twitter: www.twitter.com/ISACANews LinkedIn: www.linkedin.com/company/isaca Facebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact: Julie Fenwick, jfenwick@daylightagency.com.au Karen Keech, kkeech@daylightagency.com.au ISACA to Introduce Live Remote Proctoring for All Certifications to Ensure Uninterrupted Access for Learners 2020-04-01T00:04:02Z isaca-to-introduce-live-remote-proctoring-for-all-certifications-to-ensure-uninterrupted-access-for-learners SYDNEY, AUSTRALIA (1 April 2020) – ISACA certification candidates will be able to take certification exams remotely by the end of April, providing test-takers flexibility and convenience at a time when public health concerns related to the COVID-19 global pandemic have impeded traditional testing methods. Many have needed to shift to new ways of living and working amidst the COVID-19 pandemic. ISACA is innovating its test-taking procedures to ensure continuity in its globally respected certification program, including offering live remote proctoring for its Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), and Certified in Risk and Information Systems Control (CRISC) certification exams, which will be made available to test-takers by the end of April. Candidates can register for the exam now and choose the live remote proctoring option as soon as it becomes available. The security and integrity of these tests continues to be a priority. Remote proctoring of the exams allows for monitoring of the testing area via video and for each remote proctor to monitor a few candidates at one time. Internet access during the test is prohibited. This new exam delivery option—offered through ISACA’s exam vendor PSI—ensures that those who have already begun to pursue an ISACA certification, or are in the process of exploring new remote learning opportunities, can continue to advance their learning and career goals during this time while also protecting their health. “It is vital to ISACA as a global learning organisation to continuously evolve to meet our professional community where they are—not only by developing educational offerings they need, but also by delivering these learning options when and where they need them and in ways that are safe and secure,” said Nader Qaimari, ISACA chief learning officer. “As we stay nimble to meet these changing needs in our community, adding live remote proctoring for ISACA’s certification exams ensures that professionals can continue undeterred in their learning and career advancement journeys.” Those registering for certification exams can indicate their interest in the live remote proctoring option. If an exam-taker lives in an area in which testing centres remain open, they still have the option to take the exam in person. Learn more about ISACA’s certifications at www.isaca.org/credentialing/certifications. To access ISACA updates and resources related to COVID-19, visit www.isaca.org/go/covid19. About ISACA For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation with 145,000 members who work in information security, governance, assurance, risk and privacy. It has a presence in 188 countries, including more than 220 chapters worldwide. Twitter: www.twitter.com/ISACANews LinkedIn: www.linkedin.com/company/isaca Facebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact: Julie Fenwick, jfenwick@daylightagency.com.au Karen Keech, kkeech@daylightagency.com.au ISACA Launches New Audit Program for Security Incident Management 2020-03-16T01:46:59Z isaca-launches-new-audit-program-for-security-incident-management-1 Sydney, Australia (16 March 2020) – Security incidents are only growing in number—according to ISACA’s 2019 State of Cybersecurity survey report, part 2, 46 per cent of respondents believe that their enterprises are experiencing an increase in attacks relative to last year. In light of this, incident management programs are more important than ever, and with ISACA’s newly launched Security Incident Management Audit Program, audit professionals now have the tools to more effectively evaluate incident management programs and achieve greater assurance. The audit program covers process areas of security incident management programs and clearly outlines process sub-areas —like detection and analysis, forensics, and change management during program implementation as well as control objectives, controls and testing steps in a customisable spreadsheet. The audit program examines assurance across areas such as: Program design and implementation—Exploring processes including risk analysis; awareness and training; detection and analysis; and containment, eradication and recovery Tools and technologies—Covering areas such as software, vulnerability assessments, and configurations of workstations and servers Reporting best practices—Including reports and escalation documents, as well as a formal process for root cause analysis Lessons learned—Factoring in steps such as a protocol for post-incident reflection “Security incidents not only result in added expenses, but can damage a company’s reputation—so enterprises need to ensure that security incident management programs are effective,” said Beverly Thomas, CISA, expert reviewer for the audit program, and Senior Manager, Internal Audit, UMWA Health & Retirement Funds. “Having an organised audit program to assess these programs is an important part of driving their success.” The Security Incident Management Audit Program is AUD $40.65 for ISACA members and AUD $79.65 for non-members. To access, visit www.isaca.org/bookstore/audit-control-and-security-essentials/wapim2. To explore additional audit programs and other resources, visit www.isaca.org/resources. About ISACA For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members. Contact: Julie Fenwick, jfenwick@daylightagency.com.au +61 468 901 655 Lauren Graham, lgraham@daylightagency.com.au +61 432 614 401 ISACA Launches New Audit Program for Security Incident Management 2020-03-03T23:54:53Z isaca-launches-new-audit-program-for-security-incident-management Sydney, Australia (4 March 2020) – Security incidents are only growing in number—according to ISACA’s 2019 State of Cybersecurity survey report, part 2, 46 per cent of respondents believe that their enterprises are experiencing an increase in attacks relative to last year. In light of this, incident management programs are more important than ever, and with ISACA’s newly launched Security Incident Management Audit Program, audit professionals now have the tools to more effectively evaluate incident management programs and achieve greater assurance. The audit program covers process areas of security incident management programs and clearly outlines process sub-areas —like detection and analysis, forensics, and change management during program implementation as well as control objectives, controls and testing steps in a customisable spreadsheet. The audit program examines assurance across areas such as: Program design and implementation—Exploring processes including risk analysis; awareness and training; detection and analysis; and containment, eradication and recovery Tools and technologies—Covering areas such as software, vulnerability assessments, and configurations of workstations and servers Reporting best practices—Including reports and escalation documents, as well as a formal process for root cause analysis Lessons learned—Factoring in steps such as a protocol for post-incident reflection “Security incidents not only result in added expenses, but can damage a company’s reputation—so enterprises need to ensure that security incident management programs are effective,” said Beverly Thomas, CISA, expert reviewer for the audit program, and Senior Manager, Internal Audit, UMWA Health & Retirement Funds. “Having an organised audit program to assess these programs is an important part of driving their success.” The Security Incident Management Audit Program is US $25 for ISACA members and US $49 for non-members. To access, visit www.isaca.org/bookstore/audit-control-and-security-essentials/wapim2. To explore additional audit programs and other resources, visit www.isaca.org/resources. About ISACA For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members. Contact: Julie Fenwick, jfenwick@daylightagency.com.au, 0468 901 655 Lauren Graham, lgraham@daylightagency.com.au, 0432 614 401 New ISACA Resource Guides Organisations in Overcoming Challenges to Build Effective Data Governance Program 2020-02-19T23:27:37Z new-isaca-resource-guides-organisations-in-overcoming-challenges-to-build-effective-data-governance-program Sydney, Australia (20 February 2020) – Effectively harnessing data can bring new value to businesses through better strategic planning and decision-making. Starting a data governance program or improving an existing program, however, comes with challenges. Enterprises can find best practices for overcoming these barriers and creating effective programs in a new paper from ISACA, “Rethinking Data Governance and Management: A Practical Approach for Data-Driven Enterprises.” Some of the key challenges in data governance that enterprises need to address include: Enterprises often cannot easily perceive the value of data governance because the benefits are difficult to quantify, resulting in a lack of management commitment. Data ownership is often not clearly defined due to the misconception that data management is technical work, and therefore, the IT department’s responsibility. Siloed department and organisational structures result in disaggregated datasets and data analytics challenges. As a solution to these challenges, organisations can employ a phased, five-stage approach to data management. The paper details the process, which starts with establishing a data governance foundation and concludes with a focus on data analytics. “Having an effective data governance program in place is valuable for gaining meaningful insights from data,” says Mais Barouqa, CISA, CGEIT, CRISC, IT Risk & Assurance Manager, Deloitte & Touche, and an expert reviewer for the white paper. “The five-stage approach will provide enterprises with a clear and structured path for building a program that will ultimately create value for their stakeholders while minimising risk.” “Rethinking Data Governance and Management” also offers guidance on building a foundation for data governance, as well as insights into data architecture, data quality and cleansing, data democratisation and data analytics. Professionals can gain practical insight in assessing their own data governance approaches by following a detailed hypothetical case study about a consumer product company looking to make better use of its data. To access the complimentary white paper, visit www.isaca.org/bookstore/bookstore-wht_papers-digital/whprdg. Gain access to additional educational resources from ISACA at www.isaca.org/resources. About ISACA For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. Twitter: www.twitter.com/ISACANews LinkedIn: www.linkedin.com/company/isaca Facebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact: Julie Fenwick, jfenwick@daylightagency.com.au +61 468 901 655 Lauren Graham, lgraham@daylightagency.com.au +61 432 614 401 ISACA Embraces New Decade with a New Look and New Web Site Experience 2020-02-04T22:49:43Z isaca-embraces-new-decade-with-a-new-look-and-new-web-site-experience Sydney, Australia (5 February 2020) – Last year, global tech association ISACA marked its 50th anniversary, celebrating the evolution of its professional community and the tech landscape over the past five decades. Now as it advances into a new decade, the association is focused on looking ahead—and undergoing a transformation with a new brand and new website. “This new brand more strongly reflects our mission—a laser focus on our professional community, including helping them and their organisations advance the best in global technology,” says David Samuelson, ISACA CEO. “This is more than just a new logo and website—it’s a shift in what we bring to the industry, including new and innovative learning solutions to help ensure our members and enterprise teams have the knowledge and skills they need to thrive in a rapidly changing environment.” ISACA’s new logo aligns with the diversity, agility and momentum it brings as a people-focused, global organisation. The rotating circular graphics in the logo were designed to represent several key elements, including the people and the connections ISACA fosters, the gears that drive the community forward, and keyholes that signify the ability to unlock new paths and opportunities through our content and certifications. This look and feel will extend to ISACA’s brand and other visual elements, including its new website. This revamped web presence will offer increased functionality, stronger security and improved user experience to better inform and connect the ISACA global professional community, as well as spotlight ISACA members in new and engaging ways. The new visual identity comes as ISACA is making other exciting changes, including fully integrating the CMMI Institute, and officially launching the One in Tech Foundation later this year. These shifts are part of a dynamic evolution to the new ISACA—one global organisation and community. To explore ISACA’s new website and brand, visit www.isaca.org. About ISACA For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. Twitter: www.twitter.com/ISACANews LinkedIn: www.linkedin.com/company/isaca Facebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact: Julie Fenwick, jfenwick@daylightagency.com.au +61 468 901 655 Lauren Graham, lgraham@daylightagency.com.au +61 432 614 401 AI Considered the Most Important Technology of the 2020s 2019-12-04T00:12:25Z ai-considered-the-most-important-technology-of-the-2020s Sydney, Australia (4 December 2019) – AI and machine learning rated as the most important business technology of the 2020s above cloud platforms and big data, according to new ISACA research released today. The Next Decade of Tech: Envisioning the 2020s research explores the anticipated implications of technological advancements on the workforce and society as a whole in the next decade. However, only 39% of respondents in Australia and New Zealand (ANZ) believe it is likely or very likely that businesses will give sufficient attention to the ethical considerations around AI and machine learning to prevent potentially unintended consequences in their deployments, such as autonomous weapons, data poisoning and attacks on critical infrastructure. This is in contrast to the global findings in which respondents were split 50/50. “While some organisations are experimenting with AI for insignificant business tasks, others are taking ambitious strides by delegating mission-critical roles to AI algorithms,” states Phillimon Zongo, ISACA member & Director of Cyber Resilience, and Co-Founder & Director at Cyber Resilience. “Yet to date, no industry standards exist to guide the secure development and maintenance of AI systems. The proliferation of AI raises intriguing opportunities; however, associated risks exist, and if not properly mitigated, the impacts can result in significant consequences.” Among the more than 5,000 business technology professionals who were surveyed by ISACA, a global, non-profit IT professional association celebrating its 50th anniversary, 93% in ANZ believe the augmented workforce, or people, robots and AI working closely together, will reshape how some or most jobs are performed in the next decade. The overall impact may have mixed results with: 41% indicating that IT industry salaries will increase; 62% believe job security and stability will decrease; and 85% agree that AI will have a major or moderate impact on the profitability of most businesses. The research canvassed additional future technological advancements with respondents predicting the next decade could lead to the rise of social robots – assisting patients with physical disabilities, educating children and elder care. A quarter (25%) of respondents suggest human augmentation, or people implanting technologies into their body to enhance capability and efficiency, will occur more frequently. And more than half (55%) believe individual countries attempting to “disconnect” from the global internet will become more common, meaning citizens would predominantly have access only to the information within the country they live, with little or no external information accessible. For more resources related to ISACA’s Next Decade of Tech: Envisioning the 2020s research, including global figures, a related infographic, podcast, video, blog posts and presentation, visit www.isaca.org/next-decade-of-tech. About ISACA Now in its 50th anniversary year, ISACA (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by information and technology, and ISACA equips practitioners with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its 460,000 engaged practitioners—including its 140,000 members—in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including more than 220 chapters worldwide and offices in both the United States and China. Twitter: www.twitter.com/ISACANews LinkedIn: www.linkedin.com/company/isaca Facebook: www.facebook.com/ISACAHQ Instagram: www.instagram.com/isacanews Contact: Julie Fenwick, jfenwick@daylightagency.com.au +61 468 901 655 Lauren Graham, lgraham@daylightagency.com.au +61 432 614 401 New Study Reveals Risk Levels Are Increasing, But Response Time Lags for Mitigating Emerging Threats 2019-10-29T23:06:23Z new-study-reveals-risk-levels-are-increasing-but-response-time-lags-for-mitigating-emerging-threats Sydney, Australia (30 October 2019)—More than half of risk professionals worldwide say their organisation’s risk levels have increased in the past 12 months, according to new research from ISACA, CMMI Institute and Infosecurity Group. The State of Enterprise Risk Management 2020 report reveals that only 29 per cent of respondents have a high degree of confidence that their enterprise can accurately predict the impact of threats and vulnerabilities associated with emerging technologies. Additionally, fewer than a third (31%) of security pros say their enterprises can respond quickly when new threats are identified, a problematic dynamic given today’s fast pace of business and technology-driven change. State of ERM 2020 found that the most critical categories of risk facing enterprises today are: Cybersecurity (29%) Reputation (15%) Financial (13%) The top five cybersecurity risk management challenges are changes/advances in technology, changes in types of threats, too few security personnel, missing skills in existing cybersecurity personnel, and increased number and frequency of threats. Risk identification processes commonly adopted, but infrequently optimised The study also found that nearly two-thirds of respondents have defined processes for risk identification, but only 38 per cent believe that those processes are at either the managed or optimised level of the maturity spectrum. This high adoption, low optimisation trend shows there is significant need for action and improvement. Global regions face wide spectrum of cybersecurity threats The State of Enterprise Risk Management 2020 study also reports diversity in the types of attacks seen across geographic locations and industry sectors. For example, respondents from Asia and India report more nation-state attacks than those in North America, Oceania and Europe. When it comes to managing the fallout of an issue, only 43 per cent of respondents’ enterprises employ insurance as a mitigation control. Organisations in North America and Africa are the highest adopters of insurance, with Latin America being the lowest. Management and governance gap revealed The study reveals a potential disconnect between management and governance of enterprises when it comes to risk. Respondents note that, on average, boards of directors are only updated on cybersecurity risk on a quarterly basis – sometimes even less. Chief information security officers (CISOs) are updated much more frequently, with 70 per cent saying they receive updates at least once a month. This knowledge gap is a key opportunity for CISOs to expand their visibility at the governance level. “Big risks can be ignored when the right people aren’t in the room for the conversation,” said Tracey Dedrick, ISACA board director. “Start at the highest level within the organisation and get the people in the room that own the risk from the top down. This will ensure the right themes are addressed and important organisational alignment takes place.” Five steps for mitigating and addressing risk According to ISACA, enterprises can work to mitigate and address their risks by taking the following five steps: Use current trends and technology to predict future outcomes. “The trajectory of cloud—both its adoption dynamics and the risk it introduces—can serve as a bellwether for future technologies,” said ISACA Board Chair Brennan P. Baybeck. “While cloud was initially seen as creating new risks and challenges to be solved, it also delivers incredible value. Strong governance and risk management helps ensure that the value exceeds the risk—and the same is true for newly emerging technologies.” Clearly define risk. For enterprises that struggle with their risk management maturity, it is particularly important to refine and clearly define risk tolerances in order to advance along the maturity spectrum. Know your business. Remember that no two companies face the same level of risk. For example, operational risk is significantly more difficult to forecast within manufacturing compared to other industries. Cybersecurity and technology risk, by contrast, are hardest (by a wide margin) to forecast for the financial services sector. Don’t get siloed. Your stakeholders will have varying priorities when it comes to risk. That means taking a balanced approach to ensuring that multiple perspectives are acknowledged and addressed in your risk mitigation planning. Set expectations and optimise risk. Clear and direct expectations about risk tolerance – along with corresponding guidance for risk decision-makers – can go a long way to helping optimise risk for the enterprise over the long term. About ISACA Now in its 50th anniversary year, ISACA (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by information and technology, and ISACA equips practitioners with the knowledge, credentials, education and community to advance their careers and transform their organisations. ISACA leverages the expertise of its 460,000 engaged practitioners—including its 140,000 members—in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including more than 220 chapters worldwide and offices in both the United States and China. Twitter: www.twitter.com/ISACANews LinkedIn: www.linkedin.com/company/isaca Facebook: www.facebook.com/ISACAHQ Instagram: www.instagram.com/isacanews About CMMI Institute A subsidiary of ISACA Enterprises, CMMI® Institute is the global leader in the advancement of best practices in people, process, and technology. The Institute provides the tools and support for organisations to benchmark their capabilities and build maturity by comparing their operations to best practices and identifying performance gaps. For over 25 years, thousands of high-performing organisations in a variety of industries, including aerospace, finance, healthcare, software, defense, transportation, and telecommunications, have improved their performance and earned a CMMI maturity level rating and proved they are capable business partners and suppliers. Twitter: https://twitter.com/CMMI_Institute About Infosecurity Group With over 23 years of experience in providing year-round education and networking opportunities for visitors, solution-providers and thought-leaders alike, the Infosecurity Group (https://www.infosecurity-group.com/) looks to bring the global infosecurity community together in person, in print and online. Featuring the award-winning Infosecurity Magazine as well as established events all around the globe, our purpose is to help you find “everyone and everything you need to know about information security.” Twitter: https://twitter.com/Infosecurity LinkedIn: https://www.linkedin.com/company/infosecurity-group/ Contact: Julie Fenwick, jfenwick@daylightagency.com.au +61 468 901 655 Lauren Graham, lgraham@daylightagency.com.au +61 432 614 401