Information Security Matters: A Tide
in the Affairs
Steven J. Ross, CISA, CISSP, MBCP
6
Information Ethics: Character Traits of
an IT Professional
Vasant Raval, DBA, CISA, ACMA
10
Five Questions With...
Robby B. Sebopeng, CISA
12
IT Audit Basics: What Every IT Auditor
Should Know About Data Analytics
Tommie Singleton, CISA, CGEIT, CPA
Features
15
Book Review: The Web Application
Hacker’s Handbook Finding and Exploiting
Security Flaws, 2nd Edition
Reviewed by Upesh Parekh, CISA
The ISACA ® Journal
seeks to enhance
the proficiency and
competitive advantage
of its international
readership by providing
managerial and
technical guidance from
experienced global
authors. The Journal’s
noncommercial,
peer-reviewed articles
focus on topics critical to
professionals involved
in IT audit, governance,
security and assurance.
3701 Algonquin Road, Suite 1010
Rolling Meadows, Illinois 60008 USA
Telephone + 1.847.253.1545
Fax + 1.847.253.1443
www.isaca.org
VOLUME 6, 2013
Want more of the practical, peer-reviewed articles you have come to expect from the Journal Additional online-only articles will be available on the
first business day of each month in which no Journal is released, i.e., February, April, June, August, October and December. These articles
will be available exclusively to ISACA® members during their first year of release. Use your unique member login credentials to access them at
www.isaca.org/journalonline.
Online Features
The following articles will be available to ISACA members online on 2 December 2013.
Buffer Overflows—Seven Points IS
Auditors Must Know
Markus Pfister, CISA
Defensive Strategic Posture in the Field of
Information Security
David Eduardo Acosta R., CISA, CISM, CRISC,
BS 25999 LA, CCNA Security, CHFI Trainer,
CISSP, PCI QSA, OPST
(También disponible en español)
The Value in Using IT-directed Investor
Relationship Management
Frank Bezzina, Ph.D., Pascal Lélé, Ph.D.,
Ronald Zhao, Ph.D., Simon Grima, Ph.D.,
Robert W. Klein, Ph.D., and
Martin Hellmich, Ph.D.
Journal Online
Journal
Information Insecurity—Motivator of
Corporate Compliance Practice
Jeimy J. Cano M., Ph.D., CFC, CFE, CMAS
(También disponible en español)
20
Security Labeling of IT Services
Using a Rating Methodology
Antonio Ramos, CISA, CISM, CRISC, CCSK
24
An Integrated Risk Assessment
Program—A Cliché or a Need?
Syed Fahd Azam, CISA
27
Leading Information Security
Klaus Julisch
( )
31
Doing Business in India Requires
Digital Compliance
Anil Vaidya, DBA, CISA, CISM
37
Revisiting the Human Factor in
Organizational Information
Security Management
Ken H. Guo, CMA
A Sustainable and Efficient Way to Meet
Client’s Growing Security Expectations
Buck Kulkarni, CISA, CGEIT, PgMP
The Criticality of Mobile
Device Management
Adesanya Ahmed, CRISC, CGEIT, ACMA, ACPA
( )
Plus
52
Crossword Puzzle
Myles Mellor
53
Quiz #151
Based on Volume 4, 2013
Prepared by Kamal Khan, CISA, CISSP,
CITP, MBCS
55
Standards, Guidelines, Tools
and Techniques
S1-S8
ISACA Bookstore Supplement
Journal authors are
now blogging at
www.isaca.org/journal/blog.
Visit the ISACA Journal
Author Blog to gain more
insight from colleagues and
to participate in the growing
ISACA community.
Read more from these
Journa l authors…
Follow ISACA on Twitter: http://twitter.com/isacanews; Hash tag: #ISACA
Discuss topics in the ISACA Knowledge Center: www.isaca.org/knowledgecenter
Join ISACA LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial
Like ISACA on Facebook: www.facebook.com/ISACAHQ
