The PRWIRE Press Releases https:// 2021-05-05T03:17:54Z New ISACA study finds cybersecurity leaders face global hiring challenges contributing to staff gaps and increased cyber-attacks 2021-05-05T03:17:54Z new-isaca-study-finds-cybersecurity-leaders-face-global-hiring-challenges-contributing-to-staff-gaps-and-increased-cyber-attacks Sydney, Australia (5 May 2021) – ISACA has released its annual State of Cybersecurity 2021 survey report which reveals concerning trends around hiring and staff retention continue in the cyber workforce. The global study of more than 3,600 cyber security leaders reports consistent challenges finding qualified, well-rounded candidates, while understaffed teams remain strongly correlated to an increasing number of cyber-attacks.Positively, the cybersecurity workforce was largely spared the pandemic devastation experienced by other sectors, but the survey found that longstanding issues persist.Respondents in Australia and New Zealand report similar views to their global colleagues including:66% of respondents indicate that their cybersecurity teams are understaffed (61% globally). 59% say they have unfilled cybersecurity positions (55% globally). 52% say their cybersecurity applicants are not well qualified (50% globally). Only 35% say HR regularly understands their cybersecurity hiring needs (31% globally). Additionally, soft skills remain the biggest skills gap according to 68% of respondents in Australia and New Zealand followed by security controls (34%) and data related areas (33%).The results also show that 59% of respondents in Australia and New Zealand had difficulty retaining talent last year during the pandemic citing the top three reasons for staff leaving as being recruited by another company (64%), lack of financial incentives (56%) and limited promotion and development opportunities (51%).Staff Gaps and Attacks LinkedAs in years past, the findings show that retention issues and increased cyberattacks are somewhat interrelated. Globally, 68% of respondents who experienced more cyberattacks in the past report being somewhat or significantly understaffed, and 63% who experienced more cyberattacks in the past indicated they have experienced difficulties retaining qualified cybersecurity professionals. “It has become even more evident in the past year just how vital cybersecurity is to ensuring business continuity, yet the years-long struggle to staff these teams continues,” said Jonathan Brandt, ISACA information security professional practices lead. “As a global cybersecurity community, it is imperative that we all come together to recalibrate how we hire, train and retain our future cyber leaders to ensure we have a solid workforce to meet these evolving cybersecurity needs.” Hiring and Skills Challenges Persist, Especially with Recent Graduates Despite the high demand for cybersecurity jobs, 50% of those surveyed globally generally do not believe that their applicants are well qualified. Additionally, only 27% of all survey respondents say that recent graduates in cybersecurity are well-prepared, though 58% indicate that they require a degree for entry-level cybersecurity positions. Global respondents note that they also seek prior hands-on cybersecurity experience (95%), credentials (89%) and hands-on training (81%) when determining whether a candidate is qualified. Organisations are addressing these challenges by: Training non-security staff who are interested in moving to security roles (43%)Increasing usage of contract employees or outside contractors (37%)Increasing use of reskilling programs (23%)Increasing use of performance-based training to build hands-on skill (22%)Increasing reliance on AI/automation (22%) “Making a meaningful difference in addressing the persistent skills gaps in the cybersecurity workforce will require a collaborative and concerted effort between government, academia and industry,” says Renju Varghese, Fellow & Chief Architect, CyberSecurity & GRC Services, HCL Technologies. “Through strategic partnerships and outreach, we will be able to not only better prepare graduates coming out of university programs but also equip a wide range of candidates from non-traditional paths with the skills needed to succeed in a cybersecurity career.” David Samuelson, ISACA CEO, said ISACA is not only committed to providing research and best practices to guide its global professional community, but also by taking action to help fill the skills gap. “This includes transforming our digital and learning tools to give individuals and companies training that is more relevant and customised than ever before and supporting the important work of the One In Tech foundation in advancing equity and inclusion in the tech workforce.” For a complimentary copy of State of Cybersecurity 2021 Part 1, insights from industry leaders and related resources, visit www.isaca.org/state-of-cybersecurity-2021. ###About ISACAFor more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation that supports IT education and career pathways for under-resourced, under-represented populations. Twitter: www.twitter.com/ISACANewsLinkedIn: www.linkedin.com/company/isacaFacebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact:Karen Keech, karen@establishedmedia.com, 0411 052 408 ISACA Offers New Certification for Upskilling and Cross-skilling in Emerging Technologies 2021-04-22T02:00:37Z isaca-offers-new-certification-for-upskilling-and-cross-skilling-in-emerging-technologies-1 Sydney, Australia (22 April 2021) — IT professionals seeking to boost their skillset in top emerging technologies and ensure their knowledge is up to date can now pursue the Certified in Emerging Technology (CET) certification from global IT professional association and learning organisation ISACA.Emerging technologies are essential to digital transformation and business progress, whether it is blockchain used in supply chains and in the financial industry, or artificial intelligence in driving efficiency across sectors. Established IT professionals, students and recent grads alike can set themselves apart with employers and gain foundational knowledge about the Internet of Things (IoT), artificial intelligence (AI), blockchain and cloud without having prior experience. The CET certification is unique in offering a vendor-agnostic, hybrid learning model which incorporates a stackable series of certificates. It features both performance-based and knowledge-based learning, including live labs in a virtual environment. The certificates, which can be achieved at one’s own pace from anywhere, provide both an examination of each technology and a holistic view of the connections among the emerging technologies, allowing IT professionals to upskill and cross-skill in the following domains: Cloud Fundamentals CertificateBlockchain Fundamentals CertificateIoT Fundamentals CertificateArtificial Intelligence Fundamentals Certificate“It is important for professionals in IT audit, risk, security, governance and privacy to have an understanding of emerging technologies and how they intersect with their work, as well as impact their organisations at a business level,” says David Samuelson, ISACA CEO. “With the new Certified in Emerging Technology certification, ISACA is pleased to offer our global community the tools to gain this knowledge and skillset and continue to take their careers to new heights.”The CET certification is a good fit for professionals at different levels and job functions—from students and recent graduates wanting to build their résumés, to those already established in roles in governance, risk and compliance; IT audit; network administration; software development; information security; enterprise architecture and business management who want to learn more about emerging technology and how it applies to their roles and organisations. “Continual up-skilling is a strong signal of professionalism in all IT fields,” said Caitlin McGaw, Principal, Candor McGaw. “Hiring managers are actively looking for people with emerging technology skills. However, since companies are still ramping up these technologies, many professionals have not yet had the chance to gain that experience. Being able to demonstrate the accomplishment of high-quality training and hands-on work with emerging technology will be a substantial competitive advantage for experienced professionals and recent grads alike.”The CET certification program offers study guides, self-paced training courses, virtual instructor-led training, additional lab packages and exams for each certificate, available at discounted rates to ISACA members. Custom training packages for up-skilling IT teams are also available. Once all four certificate exams are completed, the CET certification is awarded.This new certification joins an established set of ISACA credentials that have been part of the professional community’s learning journey for years, including Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), CSX Cybersecurity Practitioner Certification (CSX-P), Certified Data Privacy Solutions Engineer (CDPSE) and Information Technology Certified Associated (ITCA) certification. For more information about the CET certification, visit www.isaca.org/credentialing/cet. More detail about ISACA’s other credentials can be found at www.isaca.org/credentialing. ISACA publications, audit programs and other resources on emerging tech, including the recently published blockchain framework, are available at www.isaca.org/resources/emerging-technology-resources. CDPSE Exam Launches, Providing Technical Privacy Professionals with Path to Validate Experience 2021-04-07T23:10:27Z cdpse-exam-launches-providing-technical-privacy-professionals-with-path-to-validate-experience Sydney, Australia, 8 April: The demand for technical privacy professionals is high—but teams are often considered understaffed in these roles, according to ISACA’s recent Privacy in Practice 2021 survey report. Privacy technologists seeking to fill these key positions and advance their careers can demonstrate their technical privacy skills with ISACA’s Certified Data Privacy Solutions Engineer (CDPSE) certification and are now able to take the newly launched CDPSE exam. The CDPSE exam covers three key domain areas—privacy governance, privacy architecture and data lifecycle—which cover the tasks performed by individuals who have significant knowledge, experience and responsibilities in assessing, building and implementing comprehensive technical privacy solutions. “Given the looming talent and knowledge gaps in implementing privacy by design solutions in a landscape with continually evolving and increasingly complex privacy regulations and requirements, CDPSE has gained notable traction after its initial launch,” says Nader Qaimari, ISACA Chief Product Officer. “Technical privacy professionals can validate their experience through the new CDPSE exam, which matches ISACA’s globally recognised CISA, CISM, CGEIT, and CRISC certifications in rigour and requirements.”CDPSE exam takers can prepare for the exam with the CDPSE Review Manual, a comprehensive, peer-reviewed IT-related privacy review resource and an online self-paced review course that incorporates proven instructional design techniques and interactive eLearning modules. Additionally, a Question, Answers and Explanations (QAE) printed manual and 12-month subscription database will also be available later in April to aid with exam prep. Virtual and in-person instructor led training options for individuals and custom training packages for teams of privacy technologists are also available. CDPSE joins an established set of ISACA credentials that have been part of the professional community’s learning journey for years, including Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), and CSX Cybersecurity Practitioner (CSX-P).More information on the CDPSE exam content outline can be found at www.isaca.org/credentialing/certified-data-privacy-solutions-engineer/cdpse-exam-content-outline. To learn more about CDPSE and to apply for certification, visit www.isaca.org/credentialing/certified-data-privacy-solutions-engineer. More detail about ISACA’s other credentials can be found at www.isaca.org/credentialing. New ISACA Certification Helps Students and Career Changers Build IT Knowledge and Hands-On Skills to Thrive in IT Jobs 2021-03-16T02:29:18Z new-isaca-certification-helps-students-and-career-changers-build-it-knowledge-and-hands-on-skills-to-thrive-in-it-jobs Sydney, Australia (16 March 2021)—Those seeking a strong foundation in IT knowledge and hands-on experience to set themselves apart as they seek technology jobs can now earn the new Information Technology Certified Associate (ITCA) certification from global IT professional association and learning organisation ISACA. A dynamic addition to ISACA’s globally recognised credentials, ITCA offers students, recent graduates, those new to the IT profession or professionals seeking a career change with a flexible, hybrid format comprised of both traditional knowledge-based learning and performance-based learning through live labs in a virtual environment. The certification can be achieved at one’s own pace by completing all the following modular certificates that focus on different domain areas in IT—which can also be earned separately or stacked in different ways: Computing Fundamentals Networks and Infrastructure FundamentalsCybersecurity FundamentalsSoftware Development FundamentalsData Science Fundamentals“A key part of ISACA’s commitment to providing tools for lifelong learning is supporting professionals at every stage of their career journey, including in that critical period at the very beginning—whether they are new graduates or professionals seeking to make a career change to IT,” says David Samuelson, ISACA CEO. “We are proud to be able to serve this new generation of IT professionals and thought leaders, including those transitioning their careers due to the pandemic, by helping them differentiate and elevate themselves as they enter the job market and start their careers.”With the ITCA certification, young professionals, students or recent graduates with degrees in IT or computer science, and those seeking a job change can prepare themselves for in-demand jobs like computer systems administrator, technical support specialist, database administrator, systems engineer, applications developer, front-end web developer, and quality assurance analyst— in a flexible format that can fit into existing school and work schedules. According to the Australian Government’s Job Outlook, employment in software and application programmers is predicted to grow by 33,000 jobs by 2024, and more broadly the Professional, Scientific and Technical Services industry is estimated to grow 15% in the same time period. The certification can also serve more experienced audit, security or governance professionals looking to enhance their understanding of foundational IT concepts. “Working within the IT industry presents so many amazing opportunities for recent graduates, young professionals and career-changers,” says Daisy Jardine-Viner, recruitment specialist, NDK Infosec. “It’s a constantly evolving and in-demand hiring environment that offers the chance to work at the forefront of technology. There are multiple paths to consider going down—you don’t need to be a developer or programmer to be successful. There is a position in IT that will suit everyone’s skillsets and passions.”The ITCA program offers study guides, self-paced training courses, performance-based labs, and exams for each certificate, available at discounted rates to ISACA members. Once all five exams are completed, the candidate can apply to become ITCA certified.This new certification joins an established set of ISACA credentials that have been part of the professional community’s learning journey for years, including Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), CSX Cybersecurity Practitioner Certification (CSX-P) and Certified Data Privacy Solutions Engineer (CDPSE).For more information about ITCA, visit www.isaca.org/credentialing/itca. More detail about ISACA’s other credentials can be found at www.isaca.org/credentialing. ISACA Launches Blockchain Framework and Executive Guide to Help Enterprises Adopt the Emerging Tech 2020-12-20T23:02:15Z isaca-launches-blockchain-framework-and-executive-guide-to-help-enterprises-adopt-the-emerging-tech SYDNEY, AUSTRALIA (21 December 2020)—Blockchain has many enterprise applications that go beyond cryptocurrency, including smart contracts, supply chain, and healthcare records. To help tech professionals get a stronger grasp on the important technology and how to leverage it within their own organisations, ISACA has released two new resources: Blockchain Framework and Guidance and Blockchain: An Executive View. Blockchain Framework and Guidance offers a comprehensive blockchain reference, including overview, history, information about types and their benefits and features, as well as use cases and a framework for enterprise adoption. The framework goes into depth into key considerations—like stakeholder management, implementation considerations, interoperability concerns, governance model and management guidelines, and digital asset/token requirements. It also provides a complete set of high-level blockchain control objectives that include key questions that enterprises need to answer, including:Do the proposed blockchain control objective domains adequately cover risk vectors and business process objectives for the organisation transacting in this space?Have we identified the relevant stakeholders of blockchain control objectives?Do we understand our engagement with the larger blockchain ecosystem in evaluating risk and control objectives?Offering another primer on blockchain, the paper Blockchain: An Executive View explains blockchain technology in clear business language and explores the opportunities and challenges that enterprises may face when using blockchain. It shares use cases, outlines the enterprise benefits and risks, provides a guide to getting started with blockchain, and shares security, privacy and legal considerations, including offering security mitigation methods such as:Use standardised and tested libraries and interfaces.Conduct internal or peer code reviews.Leverage bug bounty programs to crowdsource other testing perspectives. "Enterprises considering the implementation of blockchain technology should first do their due diligence and take some key steps—including asking themselves strategic questions, exploring enterprise risks, and assessing how blockchain adoption would map to their existing technologies, both now and in the future” says Ron Quaranta, chairman and CEO of the Wall Street Blockchain Alliance, member of ISACA Emerging Technology Advisory Group, and lead author of the Blockchain Framework and Guidance. “The benefits of this technology can be powerful, provided that enterprises have strong governance, controls and security protocols in place. This framework is an important step in understanding blockchain technology and realising those benefits.”Adds Nader Qaimari, ISACA chief product officer, “The use of blockchain solutions is increasingly becoming a strategic priority for enterprises across sectors, and whether someone is hands-on in implementing blockchain or making a business case for it at the C-Suite level, education is key. Through these new resources, professionals have the foundational knowledge and tools to take the next steps in effectively adopting this unique technology.” Part of a set of ISACA resources on emerging technology that will continue to launch through the next year, Blockchain Framework and Guidance PDF electronic version is free and is available to download at https://www.isaca.org/bookstore/bookstore-misc-ebook/wbfg. Blockchain: An Executive View is also complimentary and can be accessed at https://www.isaca.org/bookstore/bookstore-misc-digital/wbfeg. ###About ISACAFor more than 50 years, ISACA® (www.isaca.org) has equipped individuals with knowledge, credentials, education and community to progress their careers and transform their organisations and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide. Twitter: www.twitter.com/ISACANewsLinkedIn: www.linkedin.com/company/isacaFacebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact:Karen Keech kkeech@daylightagency.com.au 0411 052 408 Security, Privacy, Cloud and Technology Resilience dominate top IT Audit Risks expected for 2021 2020-12-17T03:55:09Z security-privacy-cloud-and-technology-resilience-dominate-top-it-audit-risks-expected-for-2021 According to a new survey from Protiviti and ISACA, titled “IT Audit Perspectives: Top Technology Risks in 2021,” concerns around security, privacy, cloud and technology resilience are being further fueled by shifting business priorities, the pandemic-induced remote work environment and accelerated deployment of new technologies. Entering into 2021, IT audit groups – particularly those in more digitally mature organisations – are utilising more dynamic and real-time approaches to technology risk assessment, which enables them to be more agile and responsive to the rapidly evolving risk landscape, driven in no small part by pandemic-related challenges.The technology and audit benchmarking survey identified the top concerns that over 7,400 IT audit leaders and professionals from organisations around the world are facing and planning to address in 2021. The findings reveal that ‘digital leaders’ – those self-characterised as having innovative and disruptive qualities, including a proven track record of delivering on digital and innovation initiatives and effective adoption of emerging technologies – weigh risks differently from companies with lower levels of digital transformation maturity and those who are in the earlier stages of defining and delivering on their digital and innovation agenda. The survey report notes that digital leaders stand out in their frequency of performing technology audit risk assessments, driven by more agile ways of working as well as more integration and use of data and technology. However, the majority (67%) of organisations do not classify themselves as digital leaders, and 11% of those non-leaders are not conducting any form of technology risk assessment. The Top 10 IT Audit Risks for 2021The survey asked respondents to rate the significance of 39 technology risk issues. Of those, the top 10 IT audit risks identified were as follows: Cyber BreachConfidentiality and PrivacyRegulatory ComplianceUser AccessSecurity Incident ManagementDisaster RecoveryData GovernanceThird-Party RiskRemote Workplace InfrastructureAvailability Risk For the most part, the top 10 technology risks for digital leaders and other companies were the same, but risk indexes trended higher for digital leaders. This is likely a result of several factors, including the generally more complex technology environments of such organisations, as well as their more extensive use of advanced technologies (such as intelligent automation, IoT, artificial intelligence and machine learning), and the general levels of data and technology employed by digital leaders to support their enhanced customer engagement, operational performance and digitisation of products and services.One notable difference between digital leaders and other organisations was that cloud strategy and adoption was a top 10 risk for digital leaders but not for others, because digital leaders were more likely to include cloud technologies in their delivery of business services and in their longer-term planning and strategy. “Companies need visibility to effectively identify and evaluate risks. The sudden shift to remote work, as well as the broader disruption experienced by many, has revealed the importance of identifying and assessing technology risks on a more dynamic and frequent basis to develop closer-to-real-time views and responses,” said Andrew Struthers-Kennedy, a managing director with Protiviti and leader of the IT Audit practice. “We’re seeing significant demand from companies that need help integrating more dynamic and data-driven approaches to risk assessments into their internal audit activities. Internal audit functions that are able to achieve this will be much better positioned to deliver highly efficient and effective risk assurance.” The survey found that most organisations (61%) are now identifying and assessing technology risks for the purpose of audit planning as part of the overall internal audit risk assessment process. However, that leaves a somewhat worrying 39% of organisations that are not specifically assessing technology risks in the development of audit plans.Despite the geographical spread of the survey respondents and number of industries included, the ranking of technology risks was generally consistent. IT audit professionals from North America, Africa, Asia, Europe, the Middle East and Oceania all ranked cyber breaches as their top concern, with almost 80% globally noting that they plan to address the risk in their 2021 audit plans. Cyber breaches were also consistently a primary concern across industry sectors, including consumer packaged goods and retail; energy and utilities; financial services; healthcare; manufacturing and distribution; and technology, media and telecommunications.“Responses from this study show that missteps in risk management are amplified for organisations that have not yet mastered timely responses to business disruption,” said Robin Lyons, ISACA IT Audit Professional Practices Lead. “Audit functions that have a strategy that keeps pace with longer-term risks and high-velocity risks will demonstrate their value as they continue to provide assurance regardless of any disruption.”The report is based on a survey, fielded in September-October of 2020, of 7,470 executives and professionals, including Chief Audit Executives and IT audit vice presidents and directors, representing a wide range of industries globally. The survey was conducted in collaboration with ISACA, a global technology association and learning organisation.Survey Resources AvailableThe survey report is available for complimentary download from Protiviti here and from ISACA here, in addition to an infographic that highlights key findings. To view a short video about the study, click here.About ISACAFor more than 50 years, ISACA® (www.isaca.org) has equipped individuals with knowledge, credentials, education, and community to progress their careers and transform their organisations and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation with 145,000 members who work in information security, governance, assurance, risk, and privacy. It has a presence in 188 countries, including more than 220 chapters worldwide.Twitter: www.twitter.com/ISACANews LinkedIn: www.linkedin.com/company/isaca About Protiviti Protiviti (www.protiviti.com) is a global consulting firm that delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help leaders confidently face the future. Protiviti and our independent and locally owned Member Firms provide clients with consulting and managed solutions in finance, technology, operations, data, analytics, governance, risk and internal audit through our network of more than 85 offices in over 25 countries.Named to the 2020 Fortune 100 Best Companies to Work For® list, Protiviti has served more than 60 percent of Fortune 1000 and 35 percent of Fortune Global 500 companies. The firm also works with smaller, growing companies, including those looking to go public, as well as with government agencies. Protiviti is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in 1948, Robert Half is a member of the S&P 500 index. ###Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services.Contact:Karen Keech, kkeech@daylightagency.com.au, + 61 411 052 408 ISACA to hold first-ever virtual Privacy in Practice conference focusing on privacy insights and solutions 2020-11-11T02:00:45Z isaca-to-hold-first-ever-virtual-privacy-in-practice-conference-focusing-on-privacy-insights-and-solutions Sydney, Australia (11 November 2020) — ISACA’s inaugural Privacy in Practice conference, will take place on 9 December 2020 as an online event, and will give privacy professionals the opportunity to learn how to assess, build and implement privacy solutions for their organisations, ensure compliance with evolving privacy laws and regulations and mitigate risk at their enterprises.This is a new offering from ISACA and is its first privacy-focused conference. The growth in the privacy sector highlights the need for qualified professionals to create privacy solutions that are aligned with organisational goals and risk appetite.Opening keynote speaker Ivana Bartoletti, privacy and digital ethics expert, author, and co-founder of Women Leading in AI Network, will explore how technology intersects with the law, privacy and human rights, and what we can do to ensure we build and use technology for good in her presentation, “Privacy in the Age of Big Data”. Earlier this year, ISACA launched its Certified Data Privacy Solutions Engineer (CDPSE) certification, which is the first experience-based, technical certification of its kind. “Prioritising data privacy is now more essential than ever before,” says Nader Qaimari, chief product officer at ISACA. “ISACA’s CDPSE certification offers privacy professionals an opportunity to validate their technical skills and knowledge, and the Privacy in Practice Conference offers valuable privacy insights and solutions.”Each Privacy in Practice session will last one hour and be divided into tracks covering: Data Governance and LifecyclePrivacy Infrastructure, Security and ControlsPrivacy SolutionsSessions will be presented in real-time (CDT) as if attendees were at an in-person event, and many will feature a live Q&A with speakers. Attendees will have extended access to the sessions and content so that they may view them at their own pace. Session topics include balancing analytics and privacy; helping DPOs with privacy automation tools; digital ethics; privacy strategies; cloud adoption; and privacy standards, among others. Privacy in Practice attendees can earn up to nine continuing professional education (CPE) hours. More details and registration can be found at https://www.isaca.org/conferences/isaca-virtual-conference-privacy-in-practice.Attendees who hold ISACA’s CDPSE will receive a discount of US$150 off registration. Attendees who do not yet have the CDPSE certification but wish to obtain it can have the certification’s US$50 application fee waived and receive the same discount on conference registration.About ISACAFor more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide.Twitter: www.twitter.com/ISACANews LinkedIn: www.linkedin.com/company/isacaFacebook: www.facebook.com/ISACAGlobalInstagram: www.instagram.com/isacanews/ Contact:Karen Keech, 0411 052 408, kkeech@daylightagency.com.au ISACA Introduces New IT Risk Fundamentals Certificate 2020-11-02T03:42:33Z isaca-introduces-new-it-risk-fundamentals-certificate Sydney, Australia (2 November 2020)—Risk is inherent to the enterprise landscape, but a skilled practitioner can help identify, prepare for and mitigate risk, including risk related to information and technology (I&T). ISACA’s new remote-proctored IT Risk Fundamentals Certificate helps professionals gain the requisite knowledge to be able to better communicate with enterprise risk or IT risk professionals, or to begin their own risk career journey. Covering six risk topic areas—introduction to risk, risk governance and management, risk identification, risk assessment and analysis, risk response, and risk monitoring, reporting and communications—the IT Risk Fundamentals Certificate provides professionals with a strong foundation in both business risk and I&T risk to advance in their role or to lay the groundwork for future achievement of the Certified in Risk and Information Systems Control (CRISC) certification.The closed-book, remotely-proctored IT Risk Fundamentals Certificate exam can be taken from anywhere, and consists of 75 multiple-choice questions related to topics including: Risk terminology and types of riskRisk-related business functionsRisk management processGovernance and management of riskIdentifying riskAssessing and analysing riskResponding to riskMonitoring, reporting, and communicating risk“Risk has wide-ranging impacts across the enterprise, and even those not tasked with managing risk are finding they need an understanding of risk principles that informs important business decisions,” says Nader Qaimari, ISACA Chief Product Officer. “Building foundational knowledge in risk through credentialing can be an effective way to not only add value in an existing role, but also to take that first step in starting a risk career.”Training options for the exam include the IT Risk Fundamentals Study Guide, virtual instructor-led trainings, and enterprise training options. The certificate exam costs US $175 for ISACA members and $225 for non-members, and the IT Risk Fundamentals Study Guide costs $75 for both members and non-members. ISACA is now offering a bundle price for the study guide and exam that starts at $225 for members and $275 for non-members when using promo code ITRISK25, which expires 30 November 2020. To learn more or to register for the exam, visit www.isaca.org/credentialing/it-risk-fundamentals-certificate. The study guide can be purchased at www.isaca.org/bookstore/bookstore-risk-digital/witrg. For additional content and resources related to risk, including blog posts, articles, podcasts, webinars, white papers, and assessments, visit www.isaca.org/resources/it-risk. ###About ISACAFor more than 50 years, ISACA® (www.isaca.org) has equipped individuals with knowledge, credentials, education and community to progress their careers and transform their organisations and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide. Twitter: www.twitter.com/ISACANewsLinkedIn: www.linkedin.com/company/isacaFacebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact:Karen Keech kkeech@daylightagency.com.au 0411 052 408 ISACA Offers New Resources, Partnerships and Discounts for Cybersecurity Awareness Month 2020-10-08T00:24:32Z isaca-offers-new-resources-partnerships-and-discounts-for-cybersecurity-awareness-month Sydney, Australia (8 October 2020) – This year’s Cybersecurity Awareness Month is an important moment in time to recognise the latest cybersecurity challenges and opportunities, including cybersecurity in a pandemic. It is also a good opportunity to take advantage of opportunities to launch or advance cybersecurity careers, upskill cyber teams and evaluate new enterprise security resources. During this month, global tech and cybersecurity association ISACA is joining the global initiative by providing new cybersecurity guidance, resources, events, discounts and enterprise tools. Among the new security guidance ISACA is issuing this month is Managing Security Impacts in a Multicloud Environment. The paper highlights the benefits of using multicloud providers along with their associated security challenges, and concludes with steps an enterprise can take to create a multicloud security strategy. To access the complimentary resource, visit www.isaca.org/multicloud-security-impacts. “Using multiple clouds can be beneficial to organisations, but also leave them vulnerable to risk, so developing a strategy for multicloud use and security requires a nuanced, careful approach,” says Ed Moyle, founding partner, Security Curve, and lead developer for the ISACA cloud guidance. “It is important to ensure that multicloud is effectively managed so that it is both supporting the requirements of different enterprise teams while also remaining secure.” Additionally, ISACA is offering a range of resources, content and education that cover topics across the multifaceted cybersecurity spectrum, including: PartnershipsCloud Security Alliance: ISACA and CSA recently announced a strategic partnership to collaborate closely on critical initiatives to transform the auditing and assurance of cloud computing, including bringing to market the Certificate of Cloud Auditing Knowledge (CCAK) as a joint venture. Read more here. ResearchElection Security 2020 Survey: New research showed that disinformation is a perceived threat in upcoming elections—but education and training will go a long way in building trust. State of Cybersecurity 2020 Survey, Part 1 and 2: This annual study found insights into cybersecurity workforce and resources, as well as threat landscape and security practices. COVID-19 Study: This research explored the impact of COVID-19 on organisations, including heightened security concerns and threats. Education and TrainingLessons from Election Security Challenges: This 60-minute panel discussion available via replay explores lessons around data analytics, governance, audit, security, and information management that can be learned from the challenges of election security.The Top 3 Areas Where Today’s CISOs Need to Focus: On 9 October, listen to a replay of ServiceNow Advisory CISO James Blake discusses how CISOs can keep their businesses safe while being flexible to support the new reality.ISACA’s Cybersecurity Nexus (CSX) portfolio of products, including the Cybersecurity Fundamentals Certificate and the CSX-P certification, is available this month at a 20 per cent discount. Blog Posts and PodcastsISACA will publish a cybersecurity blog series in October and launch new security podcast episodes in addition to recent security posts and podcasts that are available, including:Understanding the Human Side of Cybersecurity: EuroCACS 2020 conference speaker Dr. Jessica Barker discusses the psychology and culture around cybersecurity. The Bedrock of a Post-COVID-19 Security Operations Center: Anup Deb delves into the necessary elements that should be built into the modern SOC.Cybersecurity Degrees or Certificates?: In this ISACA Podcast episode, Dustin Brewer and Frank Downs explore the value of cybersecurity degrees compared to certificates. Enterprise SolutionsISACA’s CMMI Cybermaturity Platform helps enterprises mitigate cybersecurity threats using a risk-based approach. It strategically measures, assesses and reports on the capabilities of cyber controls. Take advantage of a special limited-time offer for Cybersecurity Awareness Month. Virtual group training on information security, including training to prepare teams for the Certified Information Security Manager (CISM) certification or Cybersecurity Fundamentals certificate, helps enterprise organisations upskill their teams with the latest cybersecurity knowledge.ISACA’s CMMI now offers a gap analysis program to help organisations prepare for the DoD’s Cybersecurity Maturity Model Certification. ISACA now has 124 global training partners around the world who offer quality educational experiences for ISACA certifications, including those related to cybersecurity. For more content and resources around cybersecurity, visit ISACA’s Cybersecurity Awareness Month webpage here: www.isaca.org/resources/cybersecurity. ### About ISACAFor more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide. Twitter: www.twitter.com/ISACANewsLinkedIn: www.linkedin.com/company/isacaFacebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact:Julie Fenwick, +61 468 901 655; jfenwick@daylightagency.com.au New ISACA research shows 1 in 3 companies use Robotic Process Automation 2020-09-23T00:30:19Z new-isaca-research-shows-1-in-3-companies-use-robotic-process-automation Sydney, Australia (23 September 2020) – An increase in the adoption of Robotic Process Automation (RPA) is expected across multiple industries in the next five years, according to a survey report from global business technology and learning association ISACA.The global survey indicates that more than half of the respondents predict their organisation will embrace RPA within five years and the top three sectors to do this will be financial/banking (67%) followed by manufacturing/engineering (41%) and insurance (39%).RPA is software specifically developed and implemented to perform repetitive, manual tasks. In Australia companies have adopted RPA to improve safety and protect employees from high risk zones, increase speed & efficiency, repeatability, quality control and reduced waste. RPA can also provide immediate access to production data which supports a streamlined supply chain.In fact, respondents to the survey acknowledged that RPA adoption can offer a variety of benefits, ranking the top three as:Streamlining of internal business processes (70%)Reduction in errors (58%)Reduction in staffing costs (55%)Though a common employee concern around adopting RPA is that it could lead to job loss, only 37 per cent of survey respondents cited this as a source of resistance to RPA adoption in an enterprise. However, among the 27 per cent of respondents whose organisations experienced moderate or extensive resistance to RPA implementation, the fear of job elimination increases to 56 per cent and becomes the primary concern.Despite concerns, 35 per cent of respondents indicated that their organisations currently use RPA, and 59 per cent believe that their organisations will start implementing RPA within the next five years. The survey also found that organisations realise additional benefits when using an IT auditor to assure RPA. Yet despite this, of the organisations currently utilising RPA, only 38 per cent of respondents say that the IT auditor within their organisation incorporates RPA into the audit practice.“Though resistance to RPA is not entirely unwarranted, the productivity and financial benefits it can provide make it a worthwhile pursuit,” says Dustin Brewer, Principal Futurist, ISACA. “That said, it is important that enterprises ensure their RPA systems are secure and that implementation supports the enterprise’s goals.”The report, Implementing Robotic Process Automation (RPA): Trends in RPA Adoption, Uses and Implementation Challenges, reveals the findings from the survey of more than 2,000 ISACA certification holders on awareness and usage of RPA within their organisations.To read the complimentary survey report and guidance, visit www.isaca.org/bookstore/bookstore-wht_papers-digital/whprpa. Find additional educational resources from ISACA at www.isaca.org/resources. ###About ISACAFor more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide. Twitter: www.twitter.com/ISACANewsLinkedIn: www.linkedin.com/company/isacaFacebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact:Julie Fenwick, jfenwick@daylightagency.com.au 0468 901 655Karen Keech, kkeech@daylightagency.com.au 0411 052 408 Disinformation campaigns biggest potential threat to future Australian elections 2020-09-15T23:48:34Z disinformation-campaigns-biggest-potential-threat-to-future-australian-elections Sydney, Australia (16 September 2020) – IT professionals across Australia and New Zealand (ANZ) believe disinformation campaigns are the biggest potential threat to elections in our region, according to new research survey released today by nonpartisan, global technology association ISACA.Misinformation campaigns ranked at 72% amongst respondents, who also identified hacking or tampering with voter registration rolls (49%) and tampering with the tabulation of voter results (44%) as the other potential top threats to election security. More than half (57%) believe at least one of these threats will significantly impact the outcome of future national elections. “Given the recent headlines about nation-state cyber attacks in Australia, and news about misinformation campaigns through social media in the upcoming US presidential election, it’s not surprising that IT professionals view this as a potential threat on our shores,” states Ian Brightwell, CGEIT, Principal Consultant, DH4 and ISACA member. ISACA surveyed more than 8,500 IT governance, risk, security and audit professionals around the globe regarding election security. Despite possible threats, respondents from ANZ are generally more confident in election security across the board than their counterparts in the United States.83% are confident in the resiliency of the infrastructure in the national elections, compared to only 63% of respondents in the US 85% are confident fraudulent votes will not be cast in future elections, compared to 60% in the US83% of respondents are confident that their country’s election systems are secure from hacking and other technological threats, compared to 71% in the US “The objective of electoral officials is to help facilitate the smooth transition of power. In Australia, there is a high degree of confidence and trust in the electoral process, but these figures indicate the trust in the US has been eroded,” adds Brightwell. “This doesn’t mean that the electoral processes in the US aren’t robust, but that the US officials need to educate constituents on the process to curb disinformation and ensure it doesn’t affect the outcome. Every electoral commission needs to be transparent and have robust processes, standards and testing in place.” “Proper scrutiny using appropriate external audit controls is critical to maintain the validity of any election process. The outcome of these audits must be communicated in a transparent way to ward off disinformation from internal or external sources about the election’s integrity.” Interestingly, while just under half (49%) of ANZ respondents believe there is appropriate funding in place to prevent non-technological threats (i.e. human interference or unauthorised polling place access), only 28% believe adequate funding exists to prevent hacking. This signals that either more funding may need to be budgeted for this in future elections or that participants are unaware of the current levels of funding in place to secure elections. “Adequate funding for voting is essential to maintain the integrity and transparency of the election process. Post-COVID, more funding may be required for national elections from a health and safety perspective. These could include a wider range of voting services and options, such as longer opening times for early voting and postal voting, just as is being implemented for the up-coming Queensland state election in October. “Australia has conducted electronic voting at a state level in NSW to complement postal voting. This option should be a consideration by all jurisdictions in Australia as long as rigorous external controls are in place to ensure integrity and effective transparency is provided. One advantage of electronic voting would be to enable quicker results than current timeframes for counting of paper ballots,” concludes Brightwell. The survey found that respondents believe education about misinformation, laws addressing election security and increased training for election security personnel are all key components to ensure voter confidence and accountability. “As a learning organisation, ISACA has long recognised the power of education. In the case of election security, education has the power to instil confidence, ensure election professionals and volunteers are well trained, and help electorates identify and share information that is accurate instead of information that is intended to manipulate voters’ perceptions,” said Nader Qaimari, ISACA chief learning officer. ### About ISACAFor more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide. Twitter: www.twitter.com/ISACANewsLinkedIn: www.linkedin.com/company/isacaFacebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact:Julie Fenwick, jfenwick@daylightagency.com.au, +61 468 901 655Karen Keech, kkeech@daylightagency.com.au, +61 411 052 408 New privacy regulations impact Australian businesses with operations in California 2020-08-25T01:02:43Z new-privacy-regulations-impact-australian-businesses-with-operations-in-california-1 Sydney, Australia (25 August 2020) – With over 15,000 Californian residents employed by Australian companies that span more than 83 different industries, including wine production, manufacturing and investment, a new privacy law means Australian organisations must ensure more privacy regulations and compliance are adhered to off the back of GDPR.The California Consumer Protection Act (CCPA), which went into effect on 1 January 2020, but is now being enforced globally is the first law of its kind in the US, but may also set the precedent for privacy legislation in other states. Though the CCPA focuses on the data of California consumers, this legislation has international scope as organisations anywhere in the world may need to be compliant with it.“The expansive reach of the CCPA and scope of data it covers can make compliance feel daunting to many,” says David Bowden, vice president, information security, data privacy, compliance and information technology at Zwift, and member of the ISACA Privacy Advisory Group. “Having a comprehensive audit program is an incredibly valuable tool for guiding through these intricacies, avoiding repercussions and assuring compliance.”To assist companies navigate this complex privacy landscape, ISACA has launched a new CCPA Audit Program and a free white paper entitled Privacy: Beyond Compliance to equip audit and privacy professionals with the tools to comply with this regulation, as well as understand philosophies and approaches related to privacy. Accordingly, the new ISACA audit program will assist auditors to:evaluate the design and operating effectiveness of the organisation’s practices and ongoing management of CCPA complianceidentify control weaknesses The audit program also includes sections on data security and managing security incidents and data breaches. By following the detailed testing steps outlined in the accompanying program spreadsheet, auditors can help organisations mitigate business impacts through three key elements:Strong data classification supporting identification and location of consumer data Consistent private data methodology ensuring that third-party vendor handling of private data mirrors that of the entityAgile project management and solid change management programsTo provide additional context, ISACA has also published Privacy: Beyond Compliance, a white paper that explores the current state of privacy as it relates to compliance, ethics and humanity. Delving into a range of considerations, including COVID-19 contact tracing and how enterprises can stay accountable for temporary privacy violations during a crisis, the publication also outlines eight key focus areas for boards of directors around privacy—including surveillance and tracking, privacy by design, and looking at data as a reflection of a person’s life. “Beyond complying with privacy regulations, today’s privacy professionals should recognise the human impact of poor privacy practice, and augment their privacy strategies in response to a rapidly evolving global digital landscape,” says Guy Pearce, lead developer for the white paper, and chief digital officer, Convergence.tech. “This foundation equips organisations to perform their fiduciary duties to their customers, clients or citizens more ethically and more sustainably, benefiting not only those the organisation serves, but also differentiating the organisation as one that can be trusted because of what it does, not only because of what it says it does.”### About ISACAFor more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organisations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organisation that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide.Twitter: www.twitter.com/ISACANewsLinkedIn: www.linkedin.com/company/isacaFacebook: www.facebook.com/ISACAGlobal Instagram: www.instagram.com/isacanews Contact:Julie Fenwick, jfenwick@daylightagency.com.au 0468 901 655 Karen Keech, kkeech@daylightagency.com.au 0411 052 408 ISACA’s CISA Certification Continues Momentum After 40 Years 2018-06-20T23:15:00Z isacas-cisa-certification-continues-momentum-after-40-years Sydney, Australia (21 June 2018) — ISACA’s flagship certification, the Certified Information Systems Auditor (CISA), is marking its 40th anniversary at a time when its emphasis on helping enterprises effectively and securely leverage their technology has become increasingly resonant on the enterprise landscape. The CISA certification, with its traditional connection to the audit/assurance community and growing applications for risk, security and data privacy professionals, has been earned by more than 140,000 global practitioners since its inception in June 1978. “As organisations navigate digital transformation and a shifting regulatory landscape, the ability to reliably assess vulnerabilities and assure that technology controls are being deployed effectively is increasingly critical to the enterprise’s success,” said Kim Cohen, ISACA’s Director of Certification. “It is with good reason that so many organisations consider the CISA a mandatory credential when filling positions that require expertise across a range of audit, security, risk, compliance and privacy functions.” While CISA was recognised as the Best Professional Certification Program of 2017 by SC Media and is ranked among the top-paying IT certifications for 2018 by Global Knowledge, the certification’s cachet among hiring managers, recruiters and industry professionals has spanned decades. “As someone who has recruited extensively in the IT audit professional community for 25 years, I can attest that the sustained demand for individuals with the CISA credential, across varied industries and amid a fast-evolving technology landscape, speaks volumes about the reputation that CISA-certified professionals have earned as indispensable assets for their enterprises,” said Derek Duval, owner, Duval Search Associates. The designation is regarded as the gold standard for information systems audit, control and security professionals – a reputation that, after 40 years, continues to gain momentum and resonate throughout the globe. “I have worked in several countries, across three continents, with a wide variety of clients spanning several industry sectors during my professional career over the last three decades,” said Dr. Nancy Onyango, CISA, Director of Internal Audit with the International Monetary Fund. “The one constant that I have always observed, and have been struck by, is the caliber of staff who hold ISACA’s CISA certification. From Nairobi to London, Johannesburg to Washington DC, I can always count on these professionals to deliver quality work and bring strong insights into governance, risk management and controls in the information and technology arenas.” For more information on CISA and how to schedule an exam at one of ISACA’s global testing locations, visit www.isaca.org/cisa. ### About ISACA Nearing its 50th year, ISACA® (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organisations. ISACA leverages the expertise of its 450,000 engaged professionals in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI® Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including 217 chapters worldwide and offices in both the United States and China. Twitter: www.twitter.com/ISACANews LinkedIn: www.linkedin.com/company/isaca Facebook: www.facebook.com/ISACAHQ Instagram: www.instagram.com/isacanews/ Contact: Julie Fenwick, jfenwick@daylightagency.com.au, 0468 901 655 Harriet Hall, hhall@daylightagency.com.au, 0401 068 041 Survey: Fewer Than 1 in 3 Companies Ready for May 25 GDPR Deadline 2018-05-17T04:25:43Z survey-fewer-than-1-in-3-companies-ready-for-may-25-gdpr-deadline Sydney, Australia (17 May 2018)—The GDPR compliance deadline looms eight days away, but only 29 per cent of companies in APAC will be ready, according to a new global survey conducted by ISACA. Conducted last month, ISACA’s GDPR Readiness Survey provides a near-real-time look at readiness levels, top compliance barriers and expected readiness timeframes. GDPR, a regulation out of the European Union, impacts entities doing business in or with the EU starting 25 May 2018. Not only are most organisations unprepared for the deadline, but only around half of the companies surveyed (51%) expect to be compliant by end-of-year 2018, and 40 per cent do not know when they will be fully compliant. According to ISACA’s research, locally the top five challenges related to GDPR compliance are: Data discovery and mapping (55%) Organisational education and change programs (49%) Prioritising GDPR compliance among other business priorities (42%) Ensuring cross-departmental collaboration and buy-in (42%) Assessing what your organisation needs to do to become compliant (39%) Cost was the sixth highest concern, at 33 per cent. About 20 per cent say it will cost under US $1 million to become GDPR compliant, with 14 per cent spending $1 million or more. Two-thirds of the business technology professionals surveyed in APAC were unsure how much their organisations would be spending. Among the survey’s most concerning findings is the level of employee education on GDPR and their role in compliance. Only 42 per cent of respondents say their organisations’ employees have been educated to a satisfactory level about their responsibilities to maintain GDPR compliance. “Employee awareness and education are critical components of ongoing GDPR compliance,” said Chris K. Dimitriadis, Ph.D., CISM, CRISC, CISA, past board chair of ISACA and chair of ISACA’s GDPR Working Group. “Awareness of—and commitment to—well-defined security, data management, and privacy policies and procedures clearly need to be an integral part of every organisation’s culture, from the top down.” The good news is that the majority of executive leaders in APAC recognise the importance of GDPR and its implications. According to the ISACA data, two-thirds of respondents (66%) believe their organisation’s executives have made becoming GDPR-compliant a priority. Organisations also expect to achieve significant benefits from GDPR compliance. The top three anticipated positive outcomes are: Improved business reputation (57%) Greater data security (56%) Competitive advantage in the EU (38%) “One of the most practical and cost-effective ways organisations can support GDPR and other compliance requirements is to help employees understand the business value of the information they deal with on a regular basis,” said Tim Upton, CEO at TITUS, which sponsored ISACA’s survey and research report. “That way, employees become more aware of their responsibilities when it comes to handling and protecting data within the flow of work, providing added value to the ways organisations earn and maintain the trust of customers and employees.” More information on the survey, including insights from GDPR experts, is available at www.isaca.org/gdpr-readiness-survey. About ISACA Nearing its 50th year, ISACA® (isaca.org) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organisations. ISACA leverages the expertise of its 450,000 engaged professionals in information and cybersecurity, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI® Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including more than 215 chapters worldwide and offices in both the United States and China. Twitter: www.twitter.com/ISACANews LinkedIn: www.linkedin.com/company/isaca Facebook: www.facebook.com/ISACAHQ Instagram: www.instagram.com/isacanews/ Contact: Julie Fenwick, 0468 901 655, jfenwick@daylightagency.com.au Harriet Hall, 0401 068 041, hhall@daylightagency.comau