User Blogs

User Blogs

Discussions and Blogs

Apr 19
2011

ISACA Survey: Regulatory Compliance Is Top Concern in 2011

Posted by: Cinthia Pilar in MyBlog

Tagged in: Governance , Compliance

Cinthia Pilar

Regulatory compliance will be the top business issue affecting enterprise information technology (IT) in the next 12 to 18 months, according to a major new ISACA member survey of more than 2,400 IT, security, and audit and assurance managers from 126 countries worldwide.

Conducted by ISACA, a global association serving more than 95,000 IT governance, assurance and security professionals, the survey found that the business issues that traditionally challenge ISACA members—such as compliance, governance and information security management—continue to dominate the list, but the increase in regulations, data breaches and new technologies such as cloud computing and the rise of personal technology in the workplace are accelerating complexity and risk. The findings are available in Top Business/Technology Issues Survey Results, offered as a free download at www.isaca.org/toptech
 
"This year's survey shows more clearly than ever that information technology cannot be managed in a vacuum. From the growing number of government regulations to consumer privacy concerns to hacktivist attacks, enterprise IT assets are being challenged in ways that go far beyond the server room," said Tony Noble, CISA, a member of ISACA's Guidance and Practices Committee and vice president of IT audit at Viacom Inc. "The study also reveals a marked perception that the business side of the organization believes IT is managed in a silo, which indicates an opportunity for better aligning business with IT to unlock greater value."
 
Key business issues affecting IT, according to Top Business/Technology Issues Survey findings, along with their weighted scores,* are:

·         Regulatory compliance (Score: 4.6)
·         Enterprise-based IT management and governance (Score: 4.4)
·         Information security management (Score: 4.1)
·         Disaster recovery/business continuity (Score: 3.1)
·         Challenges of managing IT risks (Score: 2.5)
·         Vulnerability management (Score: 2.1)
·         Continuous process improvement and business agility (Score: 2.0)
 
Survey data reveal four areas that just missed the top seven this year, but are expected to rise in importance in future member surveys: cloud computing, mobile device management, virtualization and business intelligence.
 
Regulatory compliance is No. 1 concern
Enterprises are facing a need to manage growth in a challenging global economy while at the same time comply with a growing number of regulations and standards. New or changed regulations expected to impact enterprise IT in the next 12 to 18 months include Basel, Frank-Dodd, PII, Do Not Track, Solvency II and HITECH Meaningful Use, as well as an overall tightening of tax and privacy regulations worldwide. Within this topic, the top-ranked technology concern (chosen by 53 percent of respondents) was segregation of duties and privileged access monitoring.
 
Managing IT project risk is focus within governance of enterprise IT (GEIT)
The survey shows that there is a growing focus on enterprise-based IT management and IT governance. This finding aligns with the IT Governance Institute's global status report on GEIT , which showed that 95 percent of the C-level executives surveyed consider governance of enterprise IT important. According to the Top Business/Technology Issues survey, managing IT project risk tops the list of concerns within this area, rated as most important by 45 percent.
 
Growing number of security breaches highlight need for management
After many well-publicized data breaches and losses and massive spending on state-of-the-art security technologies, organizations are realizing that information security is about being able to manage information adequately. One of the top concerns expressed by ISACA members was the lack of senior management involvement in setting direction for information security, which was ranked as important or very important by a total of 80 percent of responses.
 
"Occurrences such as WikiLeaks, the Zeus botnet and an overall rise in identity theft show in 2010 that the variety and volume of threats is on the upswing. Security is everyone's business, not just IT's. This area will continue to be a losing battle if organizations don't get top-down commitment," noted Greg Grocholski, CISA, director at ISACA and corporate auditor at The Dow Chemical Co.
 
Lack of awareness among business management hinders disaster recovery 
From flooding to power outages to acts of terrorism and civil unrest, all business activity is at risk for disruption. Despite advances in software, continuity remains an elusive goal. According to the survey, the biggest problem (87 percent) is the lack of awareness among business managers that they are responsible for being able to maintain critical functions in the event of a disaster.
 
These business issues are among the topics that will be addressed at upcoming ISACA events. The North America Computer Audit, Control and Security (CACS) conference in Las Vegas, Nevada, USA, on 15-19 May 2011 will examine the human factors of IT and feature several sessions on advancements in social media, cloud computing and mobile devices. The World Congress, taking place in National Harbor, Maryland, USA, on 27-29 June 2011, provides high-level thought leadership across the complete range of ISACA disciplines: IT audit, governance, compliance, security and risk management. 
 
About ISACA
With 95,000 constituents in 160 countries, ISACA (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations.
 
ISACA continually updates COBIT, which helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.

* The weighted score is the average ranking multiplied by the number of responses, and the scoring gives weight to the degree of importance on which survey respondents ranked each issue. Higher scores indicate higher importance.

Trackback(0)
Comments (0)add comment

Write comment

busy

Subscribe via Email

 Your Email:
Banner

Tag Cloud

2012 abduction Aberdeen Group alarm alarms Android Apple Apps atm safety ATM scams atm security ATM Skimming Audit authentication Bank Fraud Banking Security BillGuard BlackBerry botnet BPM breaches Browser Security BS 25999 burglar burglary Business Continuity BYOD card fraud change management cheating children pictures Cloud Cloud Security Cobit collaboration Community discussion Compliance computer failure Consumer Fraud Consumer IT Tips consumer privacy consumer scams contactless credit card credit card breaches Credit Card Fraud credit cards credit fraud criminal Criminal Hackers Criminal Identity Theft Cross-Device Security customer privacy cyber crime cyber criminals cyber fraud Cyber gangs cyber invasion cyber monday Cyber Security cyberbullying cybercrime cybercriminal cybercriminals cybersafety cybersecurity cyberwise data Data Backup data breach Data Breaches data privacy data security Data Storage data theft DDOS Device Reputation digital devices Digital Forensics digital life Digital Security digitally secure Disaster Recovery DNS download DPI driver's license dumps E-Commerce eBanking Electronic Discovery Electronic ESI electronic passport email and web security EMV Endpoint Security entity theft Epsilon ERM ESI ethical hacker Ethics Events Facebook Facebook privacy facebook safety tips facebook scam FCC FCPA FDIC Federal Government FFIEC Financial Crisis financial fraud firewall FourSquare Fraud gaming Gartner Geo-tagging gold farming google alerts Governance GPS grc GRC evaluation GRC Marketplace GRC technology readiness GRChange Green IT grey charges guard dogs hacked hacker Hackers hacking Hackproof Hacktivism holidays home burglar home invasion home security Hotspot HotSpot Shield VPN HP IAM iCloud id ID Theft identity fraud identity proofing identity protection Identity theft identity theft prevention identity theft protection Information Management Information Security Information Supply Insider Threat Internal Audit Internal Controls internet safety internet tracking investment fraud iOS app iovation IP address iphone iphone apps iPhone security IRS IRS Scams ISACA ISO 27000 ISO 27001 ISO 31000 IT Alignment it compliance it governance IT GRC Forum Events it risk management IT Security IT Service Management ITIL jailbreaking Jobs keylogger kids privacy kids safety laptop security license linkedin scam Litigation lottery scam Malware malware phishing marathon master password mCommerce Member Discount Mobile Mobile Apps Mobile Banking mobile device Mobile Device Management Mobile Devices Mobile payment mobile phone mobile phone security mobile privacy mobile risks mobile security Mobile Wallet mSecurity Multi-Regulatory Compliance multifactor authentication myblog netgear Network Security New Years NFC NFC app Online Backup Online Banking online dating online fraud online gaming online identity online privacy online safety online scams Online Security online shopping Operational Management OSHA Outsourcing P2P Security Panel Partner Offers passport password password alert password manager password security passwords PCI Performance Management personal data personal device Personal Security pheasting phishing phishing alert Phishing email phishing scams Policy predator Privacy privacy and security privacy issues privacy policy Prize Draw protecting kids online proxy proxy server public WIFI QR Codes ransomeware ransomware Regulation E remote access resume fraud Risk Assessment Risk Management router RSA Rules safety tips scam scammer scammers Scams scareware Seasonal Security security apps security tips sext Shopping Shoulder Surfers shredding skimming Skimming Fraud small business smartphone smartphones smishing Social Media Social Media privacy social media safety social media scams Social Media security social network Social Security SOX spam spammers spokesman Spyware SSDs ssn Standards strangers Strategy tablets tax fraud tax return scams tax scam tax scams Tech tech support technology Threat Management Tokenization TQM trojan Twitter typosquatting Virus viruses VPN wallet web Webcast Q&A Wi-Fi WIFI wifi hacking WiFi password Wifi security wireless Worms
Banner

air max pas cher nike air max pas cher air max pas cher nike air max pas cher air max pas cher nike air max pas cher air max pas cher nike air max pas cher air max pas cher nike air max pas cher air max pas cher air max pas cher air max 90 pas cher nike air max pas cher air max pas cher nike tn pas cher nike air max pas cher nike tn nike tn pas cher tn pas cher louboutin pas cher chaussure louboutin pas cher louboutin soldes air max pas cher air max pas cher nike air max pas cher doudoune moncler pas cher doudoune moncler barbour paris barbour paris pas cher hogan outlet hogan outlet online scarpe hogan outlet tiffany outlet tiffany outlet italia air jordan air jordan pas cher jordan pas cher air jordan site officiel