What are the top technology issues facing business in the coming year?
Disruptive technologies are continuously emerging and requiring us to innovate. Many enterprises see this as a challenge; I see it as an opportunity. The key is in managing any newly introduced risks and ensuring appropriate governance of information and technology. One of the key opportunities on the near-term horizon is the Internet of Things. In some senses, it's already here; however, it's poised to explode significantly in the coming year. Big data and advanced analytics represent another key area of opportunity. Big data as a concept has been around for a while, but businesses are only just now starting to use the supporting analytics that will help them derive the most value from data repositories. Once that analytics capability is in place, the data that organizations have been collecting all along starts to become transformative.
How can internal auditors better communicate IT security risks to the board and senior management?
Effective communication between auditors and the audit committee is essential. The first step is to speak the audit committee's language, understand the areas of concern to the business, and frame concerns and suggestions in those terms. If auditors can speak their language, they are more likely to be heard. Second, auditors should use their knowledge of the enterprise's business objectives to clearly explain how risks impact those objectives. Third, embrace empiricism: Use objective benchmarks and real-life examples in discussions of risks. ISACA will be publishing an IT audit benchmarking survey in October that will provide some key insights into this area. Lastly, understand the consequences and articulate them clearly, transparently, and realistically. One need only look at the headlines for examples of what can happen when risks aren't understood and managed, but likewise understand that always coming with a message of panic can lead to fatigue over the long term.
Surveys show there is a shortage of qualified cybersecurity professionals worldwide. How is ISACA helping fill the skills gap?
There is a huge demand globally for professionals with both the technical security skills and business knowledge required to address today's cybersecurity challenges. Specifically, a Cisco report says that 1 million security jobs remain unfilled. ISACA aims to equip those professionals with the knowledge and skills they need through our Cybersecurity Nexus (CSX) program. Through CSX, we will offer resources for security professionals at every level of their careers; we envision this will help employers develop their security workforces and advance their security programs. We've also recently introduced the Cybersecurity Fundamentals Certificate, along with a series of six free cybersecurity webinars. A guidance document about implementing the U.S. Cybersecurity Framework using COBIT is also in the works and scheduled for publication in August.