Back to a Nice momentRead Now
Back to a Nice moment!
Having a moment-to-moment connection with your changing emotional experience is the key to understanding how emotion influences your thoughts and actions.
Self awareness is one of the key skills to build emotional intelligence.
Now, quickly assess yourself answering Yes/No to the below 6 questions:
1. Do you experience feelings that flow, encountering one emotion after another as your experiences change from moment to moment?
2. Are your emotions accompanied by physical sensations that you experience in places like your stomach, throat, or chest?
3. Do you experience individual feelings and emotions, such as anger, sadness, fear, and joy, each of which is evident in subtle facial expressions?
4. Can you experience intense feelings that are strong enough to capture both your attention and that of others?
5. Do you pay attention to your emotions? Do they factor into your decision making?
If any of these experiences are unfamiliar, or majority of your answer is “NO” you may have “turned down” or “turned off” your emotions.
Let’s move forward:
Build EQ and become emotionally healthy you must reconnect to your core emotions, accept them, and become comfortable with them. You can achieve this through the practice of :
Why Goal setting:)Read Now
10 Important Reasons:)
1. Setting desired goal and obsessed with the goal help to receive a real physical power and enthusiasm;
2. Goal setting is important to build a clarity of mind;
3. Means to easily aligned your personal skill to organization goal;
4. When you set goal and memorizing it, your subconscious mind will capture your goal and by tune to your conscious mind it will guide you to accomplish it automatically;
5. A means to grow and move you forward;
6. A means to hold you accountable and help you take responsibility;
7. A means to set priorities ;
8. Makes you feel Important;
9. Goal setting is one means to convert idea, knowledge, and learnings to an actionable steps;
10.Help you to design and live your best self, and give your best self to your organizations and nations.
If you are performing to your best self today then you are opening a new bright opportunity for the coming generations.
Now let's move forward,
Today's Massk Family Coffee break reminder!
The Power of Deep ThinkingRead Now
Are you content with your thinking processes? Do you appreciate how you think? Do like the quality of your thoughts? Or are you easily distracted, unable to focus on the task at hand? The way we think can make or break us. Quality thoughts create supportive beliefs, which can help us to endure times of great difficulty. At the same time, however, negative and unbeneficial thought processes can make us more likely to give up when the going gets tough. It’s time to change that for the better. Let’s introduce deep thinking to our lives! - Steve Mueller
November 25th, 2021Read Now
One of Bruce Lee’s pupils ran three miles every day with him. One day, they were about to hit the three-mile mark when Bruce said, “Let’s do two more.” His pupil was tired and said, “I’ll die if I run two more.” Bruce’s response? “Then do it.” His pupil became so angry that he finished the full five miles. Exhausted and furious, he confronted Bruce about his comment, and Bruce explained it this way: “Quit and you might as well be dead. If you always put limits on what you can do, physical or anything else, it’ll spread over into the rest of your life. It’ll spread into your work, into your morality, into your entire being. There are no limits. There are plateaus, but you must not stay there; you must go beyond them. If it kills you, it kills you. A man must constantly exceed his level.”
Source: Forbes , Author Travis Bradberry
The new corporate and business environment in general more depending on technology and yet requires auditors to be more emotionally intelligent, more understanding of Cyberrisk and the key security technical skills than just be skilled on auditing process. Implementing a successful IT control environment and cyberresilience in an organization is no longer the responsibility of IT departments only. Whereas BoD and the entire organizations’ staff have a responsibility for the adequate survival. Here Auditors role is to some extent more focus on defense-in-depth strategies and working on cyberresilience by continuous and progressive process of tasks. To achieve the cyberresilience task Auditors are the main players in changing the attitude and working culture of the organizations.
I believe that the following critical layers should be considered during Audit engagement to get optimum security audit result and the auditor must have a hands-on experience on each layers’ in depth. Those layers and its Functional mapping in terms of required Audit Expertise skill, Focus Area, Activity, Policy, Strategy, tools/ resource, audit approach and educational readiness should be established well.
1. Govern and manage – Giving assurance on ongoing oversight of cybersecurity. This stage is the first and the most critical level which also encirclement the remaining three layers by creating best environment for Comply, Educate, manage risk. Reviewing Information security program, strategy and plan development, implementation and maintenance is also the focus area.
2. Prevent- Examine proactive operation. We start from evaluating risk identification technique and then check security expert performance how they apply the required and best methods to shield, defend, protect the identified vulnerabilities, before exploitation or before cybercrime happened.
3. Detect- Review ongoing operation monitoring. We have also guided organizations toward the improvement of the monitoring and hunting practices they carry out. Evaluate how organization detect, analyse, eliminate malicious code and System Monitoring.
4. Recover- Consult quick return to operation. We should evaluate how rapidly organizations develop improvement plan to Sustain in case of disaster and respond as fast as possible without creating other interrelated harm.
I believe that the above four layers functional mapping can help you and your organization not only properly assessing Cybersecurity practice, but also establishing a strategy to implement and improve the processes and practices that carried out. This will benefit your work as security professionals and auditors, making the entire audit and control process simpler and more complete, and it will help organizations achieve better results in cyberresilience.
Please be advised that for your further reading, Journal online-exclusive article has posted on the ISACA website at. Read More
A previous Journal article I wrote, “Information Systems Security Audit: An Ontological Framework,” briefly describes the security audit activities/process in one hierarchical structure. Now, in my recent Journal article, “IT Asset Valuation, Risk Assessment and Control Implementation Model,” I propose a different model that helps to measure, manage and implement concepts objectively by using the previously proposed ontological framework. The aim of my recent Journal article is to help you quantitatively conduct asset valuation, risk measurement, impact analysis and identification of the existing control gap of the company’s IT resource for a regulatory body, management, auditors and other concerned parties. My colleagues and I challenged to give similar pledge and equal valuation, due to nonexistence of clear and agreed-on models.
In general, the model would enable us to:
Read Shemlse Gebremedhin Kassa’s recent Journal article:
“IT Asset Valuation, Risk Assessment and Control Implementation Model,” ISACA Journal, volume 3, 2017.
Technology is evolving at an amazing pace and offering a vital benefit for businesses. On the other hand, it has also brought ever-increasing security threats. There is no agreed upon and well-suited security audit framework for tackling IT security challenges, and there is also no holistic approach for the audit process. Because of this lack of agreement, it is getting more challenging to monitor assets; confidentiality, integrity and availability (CIA); threats; vulnerability; risk; and control.
This article proposed 8 audit processes in 1 hierarchical framework to understand and design visualizations on the previously mentioned security concepts.
The following are a few of the benefits of using the framework:
ISACA® Volume 5, Sep 2016: for your further reading please refer https://www.isaca.org/Journal/Blog/Lists/Posts/Post.aspx?ID=333
Shemlse G/Medhin Kassa, CISA, MSCS, CEH
Audit is one of the major management and technical activities to identify all the possible risks in any organization. A security audit is a type of audit that provides a fair and measurable way to examine how secure a system or site really is. In the very nature financial sectors especially, banks are more exposed to risk or security threat than any other sectors, while they are highly aggravated to adopt new technology. Although, security is a never ending process that requires continuous follow up but it is rapidly changing. Therefore, Banking industries frequently need to identify their current security status and adopt the required updated Information Security and audit.
The study has been conducted on the Ethiopian Banking Industry using mixed research method as a research paradigm and questionnaire and interview are used as a method of data collection. The survey result is used for identifying the readiness of banking industry to adopt security audit, identify the required criteria’s and advise the industry to come up to better security auditing process. Questionnaires were prepared based on ISO, NIST and ICT readiness check list for developing country. Finally the research proposes 12 minimum security requirements, auditors’ responsibility towards those requirements and presents the status of Ethiopian banking industry. Consequently, the total results of security implementation in Ethiopian banking industry based on survey study stood at 46.2%, which shows the industry is found in an embryonic stage of security audit readiness.
EBA® Volume 1, Feb 2015: for your further reading please refer https://www.linkedin.com/pulse/ethiopien-bank-industries-radinasse-information-audit?published=t
Shemlse G/Medhin Kassa, CISA, MSCS, CEH