The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

Cybersecurity, Private Clouds, Privacy: ISACA Issues Guidance on Top 2013 Trends

IT risk survey shows that 69 percent feel public cloud risk outweighs benefit

Rolling Meadows, Illinois, USA — Global nonprofit IT association ISACA today issued guidance on managing three top trends expected to pose major challenges to businesses in 2013: cybersecurity threats, private vs. public clouds and data privacy. As part of its role as a provider of best practices and expertise, ISACA helps its 100,000 constituents worldwide navigate the shifting IT landscape in order to build trust in and value from enterprise information.

Increasingly Sophisticated Cybersecurity Threats
Viruses that send unsolicited emails and attack web sites, as well as search engine poisoning—where unwitting users are misdirected toward questionable or fraudulent sites—are among the increasingly sophisticated tactics used to capture and exploit consumer data and pose threats to international supply chains. 

“As more devices utilize IP addresses, the attack surface will become larger and threats to cyber security will increase. Cyber criminals will dedicate themselves to finding increasingly complex methods for attacks in 2013,” said Jeff Spivey, CRISC, CPP, international vice president of ISACA and director of Security Risk Management Inc. 

A team of ISACA members is dedicated to researching cybersecurity issues and developing guidance to help enterprises protect their information assets. According to ISACA’s Cybercrime Audit/Assurance Program, cybercrime is not just an IT issue; it is a business issue. ISACA recommends that management address cybercrime across all areas, including:


  • Awareness
  • Prevention
  • Detection
  • Incident management
  • Crisis management
  • Cooperation with investigating organizations 


Debate over Private vs. Public Cloud
Over the next 12 months, information security concerns will prompt a growing interest in private or hybrid (public/private) cloud solutions. The expected rise of “personal clouds” will add to the challenge of protecting data for a mobile workforce that embraces BYOD (“bring your own device”). Cost, speed, manageability and security are the factors most debated in cloud computing. 

ISACA’s 2012 IT Risk/Reward Barometer shows that IT professionals remain wary of public clouds; 69 percent believe that the risk of using public clouds outweighs the benefit. Opinions of private clouds are the opposite—the majority (57 percent) believes the benefit outweighs the risk. Other findings include:


  • Among people using cloud for mission-critical services, there is a 25-point difference between those who use private (34 percent) versus public (9 percent).
  • One of the high-risk actions employees take online is using an online file-sharing service, such as Dropbox or Google Docs, for work documents (67 percent).
  • The most effective way to reduce IT risk is to educate employees (36 percent). 


Despite these concerns, CFOs (to whom over half of CIOs report) still look to cloud for return on investment. 

“In the cloud debate, the trump card will often be played by the business-line leader responsible for customer satisfaction and profitable revenue. To shape the solution, IT leaders can push aside the hype and broadly evaluate risk and return—through the eyes of the business,” said Brian Barnier, principal analyst at ValueBridge Advisors and a risk advisor with ISACA. “There are no cute tricks. It is about knowing the business. This is where ISACA’s 44 years of increasing business focus can help IT leaders more easily achieve business objectives.”

For free resources that help calculate cloud ROI and help ensure security in the cloud, visit

Growing Privacy Concerns

In the coming year, IT professionals will have to manage not just threats of data leakage and identity theft, but also growing consumer and employee concerns about data privacy. 

 “The protection of personally identifiable information (PII) is the responsibility of both organizations and individuals,” said Greg Grocholski, CISA, international president of ISACA and chief audit executive at The Dow Chemical Company. “Organizations need to have a governance structure in place to ensure that PII is managed and protected throughout its life cycle. Individuals must be aware of what PII they are providing and to whom. To be successful, data protection must be a joint effort.” 

He continued, “Privacy by design, confidentiality of location-based information,  the consumerization of IT, and an increase in legislative and regulatory mandates that will drive more privacy audits are among the top 2013 trends in data privacy that ISACA anticipates will need to be addressed.” 

COBIT 5 helps business leaders govern privacy, evaluate the risk around privacy ensure proper security management and effectively govern sensitive information. The framework is available as a free download from

About the IT Risk/Reward Barometer

The annual IT Risk/Reward Barometer helps gauge current attitudes and organizational behaviors related to the risk and reward associated with the blurring boundaries between personal and work devices (BYOD), cloud computing, and increased enterprise risk related to online employee behavior at peak seasonal times.

The study is based on September 2012 online polling of 4,512 ISACA members from 83 countries, including 1,407 from the United States. A separate online survey was fielded among 1,224 US consumers by M/A/R/C Research from 8–10 October 2012. At a 95 percent confidence level, the margin of error for the total sample is +/- 2.8 percent. To see the full results, visit


With more than 100,000 constituents in 180 countries, ISACA ( is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) designations. 

ISACA continually updates and expands the practical guidance and product family based on the COBIT framework. COBIT helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.