The annual ISACA conference (formerly Information Systems Audit and Control Association), held on 11 and 12 September, saw presentations from international and local speakers on IT governance, IT security and IT assurance.
International conference speakers included Howard Schmidt, a former White House cyber security advisor; Erik Guldentops, executive professor at the University of Antwerp in Belgium and advisor to the IT Governance Institute (ITGI) and Barry Lewis, president of Canadian IT security consulting company Cerberus ISC.
Some of the key messages coming out of the conference were on emerging business models, security threats, failed projects and risk management.
Schmidt demonstrated that new emerging business models provide challenges for organisations. For example, he said IT has gone from being insulated in business to being key to communicating with the outside world, and business processes are becoming more integrated with IT.
He also said insider threats are no longer just disgruntled employees, but outsiders gaining insider entry by means such as impersonation.
According to Guldentops, IT governance is part of corporate governance and company boards and executives are increasingly looking to receive value from their investments in IT. The ITGI has determined through its research that companies do not take their historical performance into account when determining return on investment (ROI) and that, as a result, ROI is often less than predicted. He said that many IT projects are doomed and should be stopped before completion to save on costs. Gartner says more than $600 billion a year is lost on ill-conceived or ill-executed IT projects.
Lewis`s address focused on Bluetooth, which he believes is not an enterprise-ready technology and should be left out of business completely. He said wireless transmission is just like a radio signal and is available to anyone who wants to access it. "Bluetooth is especially easy to access as it has no security built around it and organisational policies should ban it."
Post-conference training workshops were offered entitled "Implementing IT governance using CobiT" and "Wireless network security and audit"
Share
Editorial contacts