Students

ISACA: Partnering for stronger information security

Computer hacking is a major problem in these days of electronic file systems and Internet commerce, prompting many companies to hire information technology security experts to help protect their sensitive information assets. A budding partnership between the W. P. Carey Information Systems Department and the ISACA Phoenix Chapter addresses the need to develop deeper expertise in this area among IT professionals.

2012-03-30

Computer hacking is a major problem in these days of electronic file systems and Internet commerce, prompting many companies to hire information technology security experts to help protect their sensitive information assets. Many companies find they need to conduct wide searches to find professionals experienced in IT security. But that could all change if a budding partnership between the W. P. Carey Information Systems Department and the ISACA Phoenix Chapter comes to fruition. ISACA, formerly known as the Information Systems Audit and Control Association, has 95,000 members worldwide and 958 in the Phoenix chapter. They work in a variety of IT-related positions, including IS auditor, consultant, educator, IS security professional, regulator, chief information officer and internal auditor. <imgsrc="/knowit/wp-content/uploads/archive/Gail-Ricketts-ISACA-KNOW.jpg"alt=""align="left"/> ”Because of hackers, security is a very big risk for corporations,” says Gail P. Ricketts, president of the ISACA Phoenix Chapter. “A lot of businesses need but can’t find people with skills in IT security. That’s one reason we are looking to set up an advanced education program with W. P. Carey. We have a lot of talent here. We just need to build a skill set. We need to interact with the business community and help build the pool of potential hires.” Spanning knowledge gap Ricketts, an engagement manager at Experis Finance, and Michael Goul, chairman of the Department of Information Systems, have been discussing the possibility of teaming up to develop new curriculum on IT security to be made available through the W. P. Carey School’s Center for Executive and Professional Development. The goal is to provide students and Phoenix-area IT professionals with training in the security aspects of IT. “The Center’s focus is on developing practical business education skills in professionals,” says Dawn Feldman, executive director of the center. “Offering courses that address this growing information security knowledge gap would help us better serve the development needs of local companies. Ricketts says that such a curriculum would also complement the security awareness program offered by the SANS Institute, which provides computer security training and certification to more than 165,000 security professionals around the world. Establishing such a program at ASU would be only one aspect of the W. P. Carey-ISACA partnership. It also would expose students to ISACA and its various certification programs and provide them with networking opportunities, while also allowing the two organizations to tap each other’s expertise. W. P. Carey also could augment and supplement the association’s Continuing Professional Education courses, and connect the organization and the business community with the IS Department’s network of graduates, many of whom remain in the Valley after completing their degrees. “We already have a de facto partnership with ISACA,” Goul says. “Some of our faculty members have been speakers at their meetings, and ISACA leaders like Gail have been guest lecturers in our classes. And a lot of our students become ISACA members to build their professional networks. So it’s just natural for us to make the partnership more formal.” Training on three tracks ISACA’s Certified Information Systems Auditor (CISA) designation is recognized globally and has been earned by more than 88,000 professionals. CISA is considered the standard of achievement for professionals who audit, control, monitor and assess an organization’s IT and business systems. The association also offers three other certifications that are growing in popularity. They are:

• Certified Information Security Manager (CISM), which is aimed at individuals who design, build and manage enterprise information security programs
• Certified in the Governance of Enterprise IT (CGEIT), which promotes the advancement of professionals who wish to be recognized for their knowledge and application of IT governance principles and practices
• Certified in Risk and Information Systems Control (CRISC), which is for those who identify and manage risks through the development, implementation and maintenance of information systems controls

The audit and control area has long been the main focus of ISACA. But changes in IT in recent years have resulted in more emphasis being placed on designing, building and managing information security programs, and on IT governance principles and practices. “We promote education in all three tracks — audit, governance and security,” says Ricketts, who earned the W. P. Carey Executive MBA in 2011 and who has been a guest lecturer in information systems classes. “These skills go hand-in-hand with business processes. You have to make sure students have an awareness of how much the business community relies on IT. They have to have the ability to be part of the business.” Goul, who personally holds the CISA designation, says the IS Department faculty agrees with Ricketts and is “committed to partnering with ISACA.” Marilyn Prosch, an assistant professor in the IS Department, already is an informal partner with the organization. She said the ISACA website and its COBIT framework for IT management and governance have been required reading for some W. P. Carey accounting courses, and Ricketts has lectured in her classes on IT security. Prosch, who works on data protection and helped develop the American Institute of CPA’s Generally Accepted Privacy Principles, has sought input from the ISACA on the institute’s newly released Privacy Maturity Model. “I teach this in class and presented it to the ISACA Phoenix Chapter just last week,” Prosch says. “Our IS Department is now looking for more ways to partner with ISACA.” Bottom line

• With companies facing the increasing risk of computer hacking there is a growing need in the Phoenix area for IT professionals skilled in designing, building and managing information security programs.
• Developing a partnership between the W. P. Carey IS Department and the ISACA Phoenix Chapter would allow students and business professionals to learn new skill sets, expose them to ISACA’s professional certification programs and provide them with valuable networking opportunities.
• The partnership also would allow the two organizations to tap each other’s expertise and connect ISACA and the business community with IS Department students and graduates, many of whom remain in the Phoenix area after completing their degrees.
• ISACA, formerly known as the Information Systems Audit and Control Association, has 95,000 members worldwide and 958 in the Phoenix chapter. They work in a variety of IT-related positions, including IS auditor, consultant, educator, IS security professional, regulator, chief information officer and internal auditor.

KnowIT