Online-exclusiveFeatures
The ISACA ® Journal
seeks to enhance the
proficiency and competitive
advantage of its international
readership by providing
managerial and technical
guidance from experienced
global authors. The Journal’s
noncommercial,
peer-reviewed articles
focus on topics critical to
professionals involved
in IT audit, governance,
security and assurance.
Read more from
these Journal
authors...
Journal authors are
now blogging at
www.isaca.org/journal/blog.
Visit the ISACA Journal
Author Blog to gain more
insight from colleagues and
to participate in the growing
ISACA community.
3701 Algonquin Road,
Suite 1010
Rolling Meadows, Illinois
60008 USA
Telephone + 1.847.253.1545
Fax + 1.847.253.1443
www.isaca.org
Do not miss out on the Journal ’s online-exclusive content. With new content weekly through feature articles
and blogs, the Journal is more than a static print publication. Use your unique member login credentials to
access these articles at
www.isaca.org/journal.
Online Features
The following is a sample of the upcoming features planned for May and June 2016.
Application of Situation
Awareness in Incident Response
By Teju Oyewole, CISA, CISM,
CRISC, COBIT Assessor, CISSP,
CSOE, ISO 27001 LA, ITIL,
MBCS, PMP
Auditing IS/IT Risk Management,
Part 3
By Ed Gelbstein, Ph.D.
Security in an Age
of Distraction
By Kerry A. Anderson, CISA,
CISM, CGEIT, CRISC, CCSK,
CFE, CISSP, CSSLP, ISSAP,
ISSMP
Discuss topics in the ISACA Knowledge Center:
www.isaca.org/knowledgecenter
Follow ISACA on Twitter:
http://twitter.com/isacanews; Hashtag: #ISACA
Join ISACA LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial
Like ISACA on Facebook:
www.facebook.com/ISACAHQ
4
Information Security Matters:
Challengeable Truths
Steven J. Ross, CISA, CISSP, MBCP
8
The Network
Khawaja Faisal Javed, CISA, CRISC, BCMS LA,
CBCP, CSA STAR, ECSA, ISMS LA, ITSM LA,
ITIL v3, MCP
10
IS Audit Basics: Auditing IS/IT Risk Management,
Part 2
Ed Gelbstein, Ph.D.
14
Information Ethics: Moral Dialogue on the
IT-leveraged Economy
Vasant Raval, DBA, CISA, ACMA
18
Book Review: Securing the Virtual Environment
How to Defend the Enterprise Against Attack
Reviewed by A. Krista Kivisild, CISA, CA, CPA
FEATURES
19
The Complexity Is in the Details
( )
Michael Vanderpool, CISA, CISSP
23
Encryption in the Hands of End Users
( )
Eric H. Goldman, CISA, Security+
29
Can Elliptic Curve Cryptography Be Trusted?
Veronika Stolbikova
34
Protecting Information—Practical Strategies
for CIOs and CISOs
Devassy Jose Tharakan, CISA, ISO 27001 LA, ITIL,
PMP
37
Going Beyond the Technical in SIEM
Aleksandr Kuznetcov, CISM
40
A Secure Data-gathering Approach in
Wireless Sensor Networks
Michael Roseline Juliana and Subramaniam
Srinivasan, Ph.D.
45
Big Data—Hot Air or Hot Topic?
Angel Serrano, CISA, CISM, CRISC
51
How Boards Realise IT Governance Transparency
Steven De Haes, Ph.D., Anant Joshi, Tim Huygh,
and Salvi Jansen
PLUS
56
Crossword Puzzle
Myles Mellor
57
CPE Quiz
Kamal Khan, CISA, CISSP, CITP, MBCS
59
Standards, Guidelines, Tools and Techniques
S1-S4
ISACA Bookstore Supplement
