London, UK (14th April 2011)—An exposure draft of the upcoming COBIT 4.1 Process Assessment Model (PAM) is now available for review and comment on the ISACA web site at www.isaca.org/cobitCAP. The PAM provides a process capability assessment based on ISO/IEC 15504 and COBIT.

 After conducting a global survey to determine market need, ISACA found that 89 percent of the nearly 1,400 respondents expressed a need for a rigorous and reliable IT process capability assessment.

“Since COBIT’s release, many organizations have been using it to assess and improve their IT processes.  However, until now there hasn’t been a consistent and reliable assessment approach,” said Roger Southgate, member of the COBIT Assessment Process (CAP) development team. “ISACA’s COBIT Assessment Process and the Process Assessment Model provide this consistency and reliability so business and IT executives will have confidence in the assessment process and the quality of the results as they maximize the business value of their IT investments.”

 The revelation that Texas state officials have admitted to the personal details of 3.5 million citizens being exposed to the public on the Net for around 12 months has been met with horror by Phil Lieberman, managing director of Lieberman Software.

 According to the MD of the privileged identity management specialist, the incident highlights the dangers of failing to use high-level security and audit controls on private data.

"This really should not have happened. It's a breakdown of security policies and means that the names and addresses, as well as the social security numbers of 3.5 million Texans are now - maybe, maybe not - in the public domain," he said.

Basingstoke, 12th April 2011 - Reports that Phoenix Ireland - formerly known as Scottish Provident Ireland - has apparently lost a tape containing the personal details of around 50,000 customers is another good reason for encrypting data, says Andy Cordial, managing director of Origin Storage, the secure storage specialist. "Actually it's 50,000 reasons, as each one of the people whose details have been lost will be a customer, or someone who has requested a quote from the insurance firm. And if they ever get to find out what has happened - which is quite likely as the news of this data loss gets out to a wider audience - they will not be well disposed towards the company," he said. "Even if only 10 per cent of customers hear about the potential data loss and decide to take their business elsewhere, and assuming each customer's business is worth 200 euro, that still a million euro-worth of lost business that could result from this incident," he added.

 ·         Ireland, and IT services domain lead at Common Assurance Maturity Model, who will present Federation for the Cloud:  Opportunities for a Single Identity

·         Jeffrey Ritter, an independent consultant and president of JeffreyRitter.com, who will share tips on how to develop and customize a cloud strategy

·         Dave Shackleford, director of risk and compliance, and acting director of security assessments at Sword and Shield Enterprise Security Inc., who will discuss critical cloud security decisions and how they map to respective delivery models

·         Richard E. Mackey, Jr., vice president of SystemExperts, who will explain how to monitor users and data in the cloud