Published: July 31 2009, 09:00 AM | 1 Comment(s)
by Robert Stroud

This is no different to the demands we have on IT today and is one of the themes of my session at the USA itSMF Fusion09 Convention to be held in Gaylord, Texas. My session -  “Teaming COBIT and ITIL for Improved Value and Service,” presented at 10am on September 22, 2009, will provide practical guidance on using COBIT 4.1 and ITIL V3 to bring benefit to your organization. For more informtation on the session, click here. The session will reference the recently released ISACA publication CObit User Guide for Service Managers that is available as a free download to ISACA members or purchase the book from the ISACA bookstore.

Share this post:  Email

Share

Published: July 30 2009, 11:38 AM | 5 Comment(s)
by Robert Stroud

Last week it was my great honor to be re-elected as an International Vice President of ISACA and the ITGI at ISACA's 40^th birthday celebration.  Formed 40 years ago as the EDP Auditors Association ISACA has grown dramatically not only numerically, but also in terms of the consistencies represented. 

Many people ask me why I volunteer much of my spare time to ISACA as a member. To answer that question, I'd like to paint a picture of the organization, its work and contributions back to the industry that I summarized from my friend Lynn Lawton in her final address as President to the membership.

At the Annual General Meeting, Lynn shared with the membership some of the successes of the movement. For instance, membership has more than doubled in the last six years with a significant increase in every one of those years, including 13% growth in 2008.  The chapters have continued to grow and at the end of calendar year 2008, ISACA has more than 180 chapters in 70 countries.

ISACA offers members, who may be auditors, security, risk or governance professionals or IT Management (one of the fastest growing domains), multiple value points including education, certification, networking with peers and of course my favorite benefit, access to intellectual property.

Certifications

ISACA offers three certifications, all have continued on their very successful path.

CISA - More than 28,000 registered for 2008 exams.  More than 60,000 certified around the world.

CISM - 5,000-plus registered for the 2008 exams, and 10,000-plus certified since inception only six years ago.

Both certifications continue to receive ANSI accreditation and are included on the US Department of Defense's short list of approved credentials for both its own information assurance personnel and the personnel of its vendors.

CGEIT, ISACA's newest certification, was offered for the first time in December 2008, with more than 300 registered worldwide. Due to the grandfathering period, which received unprecedented response, more than 4,000 have been certified since the program was introduced.

Publications

COBIT and VALIT Deliverables included:

• - Aligning COBIT^® 4.1, ITIL^® V3, ISO/IEC 27002 for Business Benefit
• - COBIT Mapping: Mapping of ITIL V3 With COBIT 4.1
• - Service Managers
• - Enterprise Value: Governance of IT Investments, Getting Started with Value Management
• - Enterprise Value: Governance of IT Investments, The Val IT Framework 2.0

Other books:

• - Defining Information Security Management Position Requirements: Guidance for Executives and Managers
• - Identifying and Aligning Business Goals and IT Goals: Full Research Report
• - Information Security Career Progression Survey Results
• - Information Security Governance: Guidance for Information Security Managers
• - ITAF^TM: A Professional Practices Framework for IT Assurance, IT Governance and Process Maturity
• - IT Governance Global Status Report 2008
• - IT Governance Roundtable: IT Staffing Challenges
• - Top Business/Technology Survey Results
• - Understanding How Business Goals Drive IT Goals
• - Unlocking Value: An Executive Primer On the Critical Role of IT Governance

Standards

ISACA has also released a series of standards for the IT profession. Multiple new standards and guidelines were issued in 2008, additionally a number of exposure drafts were sent out for comment  - these are examples of the contributions of many to the collective good of the whole membership.

Web site

The ISACA Web site is currently in revision.  The site is being developed in collaboration with the membership to ensure that ISACA is ready leverage the site as one of major communication and collaboration vehicles. 

One of the activities undertaken was the contest we held for members to "design the Web site" and many  great suggestions came from the focus group discussions and user testing sessions.

The major objectives of the web site, which is expected to go live in 2010, are:

• Web 2.0/collaboration
• Search, personalization, enhanced online experience
• Enhancing the overall value of the services provided to end users on the web site.
• Site reliability, database integration, password management, e-commerce management
• Support for the Chapters in setting up their own websites

This development is a major undertaking and in a predominantly volunteer organization the membership have really contributed along with a great staff and partners who are contributing (more on this in a future blog post as I will be continuing on the Web Oversight Taskforce).

STRATEGY (more on the strategy is available on my previous blog post)

The world doesn't stand still and either does ISACA.  Over the last year we spent a significant amount of time and effort on our strategic direction, researching ourselves and our business environment to develop a strategy that I believe will take us well into the next three to five years. The strategy builds on our strengths, and focuses on providing practical, pragmatic material for an increasingly diverse constituency; building and expanding on our existing IP; and streamlining our operations to enable us to deliver more products on a timely basis.

I included the following slide from Lynn's presentation which summarized the execution of the strategy exceptionally well and I plan to blog more on the future of COBIT in the very near future.

As you can see, ISACA is moving forward and places members and member benefit as the top priority and it will be an honor for me to continue serving the members in this my third year on the ISACA Board of Directors.  I cannot express my thanks to all the members of ISACA who have made 2008 a fantastic successful year no matter where you are.  I have been fortunate to visit many of you in the last year and I can honestly say that each of you has made a lasting impression on me.

I would like to give a personal thank you to each member of the COBIT Steering Committee as we all move onto to new roles in accelerating the rollout of the new strategy - each of you has given great service and is appreciated, your names live on inside the front covers of the publications. 

Also a huge thank you to the staff at ISACA who work tirelessly for the members, having recently seen them in action when visiting the offices they do a great job,

So if you need more information on ISACA please visit the website http://www.isaca.org/ or if you want to simply ask me a question drop me a note - talking about ISACA is one of my favorite topics!

Share this post:  Email

Share

Published: July 28 2009, 12:37 AM | no comments
by Peter Doherty

A few months ago here in Oz we held our annual CA Expo with nearly 2000 people across Melbourne and Sydney attending. The response was excellent to the presentations and content. What the attendees saw were some very insightful presentations from CA and our customers on market directions and strategies as well how CA customers are currently enabling their business with CA solutions. The customer sessions were not just testimonials to CA-- a number of the sessions were about lessons learned, providing tips to help other organizations who might face the same challenges. With the success of CA Expo, it is  time to take it on the road to other capital cities. Next month CA InfoXchange will be held in:

- Brisbane on Tuesday 25 August: www.ca.com/au/brisbane
- Canberra on Wednesday August 26: www.ca.com/au/canberra
- Perth on Friday August 28: www.ca.com/au/perth

This is a not to be missed opportunity. We'll have great case studies from leading Australia organisations like Westpac, St George, Optus, DAFF and not to mention yours truly, the ITIL Ninja J.  In addition to hearing the presentations, you will also be able to see them in action with technology pods demonstrating the solutions.

 

I look forward to seeing you there!

Share this post:  Email

Share

Published: July 24 2009, 02:00 PM | no comments
by Robert Stroud

I recently blogged using the airline industry as an example of the dependence of IT and within hours a colleague sent me a further example of the business dependence on IT. This time the error had the potential to be fatal. An Emirates Airbus A340-500 passenger jet suffered substantial damage after its tail clipped the runway during take-off from Melbourne Airport in Australia. It appears that the damage occurred due to a human error with the take off weight requiring manual pilot intervention to avert serious damage. A report I found on Travelmole.com mentioned that "the jet with 257 passengers and 18 crew aboard, heading for Dubai on a scheduled flight, had problems getting off the ground because wrong data had been fed into an onboard computer, according to the Australian Transport Safety Bureau...It was reported that the that due a communication error the cockpit fed into the computer a weight for the aircraft that was 100 tonnes lighter than its actual weight of 362 tonnes....The plane subsequently landed at Melbourne with no reported injuries."

When I googled "Emirates in damage control after near miss" I received 10,600 hits.  A quick review of the incident identified that Emirates were forced to move rapidly into damage control to protect their reputation as one of the reports incorrectly claimed that the malfunction was due to the airline attempting to save money by reducing fuel used at take-off.  Safety for any airline is a key principle and the target of extensive focus and many checks and balances and questions in this space could quickly destroy the reputation. 

This reminded me of one of the positive aspects of governance when correctly implemented. The metrics collected allowed the airline to quickly defend the situation and rapidly prove the facts. 

The growing complexity of the value network that Service Managers have to leverage including the move to cloud, complex value chains and the combination of business and IT processes make it critical that service managers ensure the appropriate controls and governance metrics and measurements are in place... more on that in the near future.

Share this post:  Email

Share

Published: July 23 2009, 09:00 AM | no comments
by Eric Feldman

Share this post:  Email

Share