Matt Loeb, ISACA global president and CEO
Information Systems Audit and Control Association (ISACA) is a certification institution that engages in IT audit, control, security, network security, risk, business, governance and other relevant fields. Today, as more importance is attached to information and network security, what is the development trend of IT audit and IT risk control and management? How to guarantee information security and construct a more secure network environment? Under the background of China vigorously promoting Made in China 2025 and Internet Plus，how to strengthen IT audit? Matt Loeb, ISACA global president and CEO has accepted the interview of China Electronics News.
Promote the innovation of China and benefit from China’s rapid development
Matt Loeb was the former global president and president of the fund of IEEE institution. He has visited China for many times, however, this was the first time he came to China as ISACA global president and CEO. Due to different identities, what he focuses on this time is also different.
When talking about the challenges China and the rest of the world are faced with in network and information security aspects, Matt Loed gave his frank opinions. In fact, as other countries in the world are conquering challenges, so does China. Since technology develops at a fast pace and it has already penetrated all walks of our life, governments, industries and academic institutions all are confronted with common problems of technical difficulties and risk prevention.
Faced with risk and technical challenges, ISACA hopes to help members and enterprises to dig out the potentials of information technology and to cope with challenges from the following perspectives. First, to build confidence of members and institutions and to ensure their information systems are reliable and safe. Second, regardless of the scale of enterprises, that information system can serve their business systems should be made sure so as to realize business targets. Third, to ensure that the risk of information and business systems is controllable. To guarantee the security of data and capital. At present, ISACA has 140,000 members worldwide, more than 700 Chinese members, and more than 2,000 ISACA certification holders. The personnel are distributed in specific fields such as IT audit, information security, network security and risk management. Because of the great demand for network security and the rapid growth of the demand, 150 ISACA plans are established globally. Loeb still thinks that the current development speed is not fast enough and it needs accelerating. This is also one of the important reasons for him coming to China. He said: “We hope that we can get on the train of China featuring rapid development of economy. Challenges come from various respects. We also hope that we can become a significant part of the innovation of China to support the development of innovative technology of China.”
Cybersecurity Practitioner Certification has great advantages
In terms of protecting data and system security, there are many technologies, institutions and standards.
What is the advantage of ISACA certification?
Loed said, many organizations have developed a lot of tools to guarantee the security of data and systems and developed quite a few certifications while different certifications concentrate on different fields of security. Most of institutions are facing the same problem, that is, what they test is the ability of certification holders to master written knowledge. Thus, the approach they take to test the ability of candidates is the written exam of answering questions. Candidates passing the exam does not represent their real abilities to conduct practical operations. The uniqueness of ISACA certification lies in that ISACA examines the practical operation abilities and reaction of candidates. Individual reaction capabilities and technical abilities are tested by the questions appearing in the simulated network environment. Therefore, there is not a standard answer. Scores are given based on candidates’ hands-on, reaction and operation capabilities.
Loeb introduced that ISACA certification system CSX is divided into three levels. The first one is the practioner targeting at front-line personnel, which was launched at the first quarter of 2016. The second targets at experts. The third is for master. These candidates are required to have the ability to cope with network security incidents comprehensively.
Network security covers many dimensions. How can ISACA certification system cover all dimensions?
How to make sure that with ISACA certification, you are able to test network security comprehensively?
On this question, Loeb held that we cannot 100% make sure that everything is under control. Some enterprises may claim that they have made full preparations and they will not suffer from cyper attack. Such a promise is not reliable because cyberspace is attacked at every day, every hour and even every second. Furthermore, the situation is constantly changing. What ISACA certification exam makes sure is that candidates can not only deal with the risk they are familiar with but address unknown and unfamiliar risks.
Loeb expressed that such a training is like the training of pilots who have to cope with various flight conditions in the simulated flights. They are trained to solve uncommon problems within a few seconds. Several years ago, an airplane landed in the Hudson River in New York. The pilot did not encounter such a situation in simulated flights. At that moment, pilot’s temporary reaction capability was tested. He should make a instinctive reaction based on accumulative experience. ISACA will use the same method to build up such an ability of members through various approaches so that members can make the right decision within the shortest time when encountering emergency.