From The Desk Of The President

Transcription

1 March Issue 1

2 InfocITy Auditor 2

3 March Issue 3

4 InfocITy Auditor 4

5 March Issue From The Desk Of The President March Dear Reader, Greetings! As we celebrate 20years since the chapter s formation, we must also acknowledge another key milestone that has passed by. I am sure you know what I am talking about, yes COBIT is 20 years old and this year COBIT celebrates 20 years of publication. This is indeed a milestone worth celebrating as COBIT has turned out to be one of the most influential governance publications and COBIT 5 has seen such a sea change in landscape and adoption, it is almost unbelievable. At the Bangalore Chapter plans are in place to celebrate this milestone along with the 20 years of the Chapter s existence. We are in the process of organizing events to celebrate and commemorate this key milestone. As usual efforts are on to bring out the spirit of celebration in all facets of the Chapter s activities to celebrate the various milestones including Special programs to mark 20 years since formation. Events to commemorate the 20 th Anniversary of COBIT s publication Special Continuing Professional education sessions Member engagements and events Special research publications and Last but not the least a special annual conference. ISACA Bangalore Chapter has always recognized that the Chapter has been successful at what it does due to your continued participation and support. At the Bangalore Chapter we are very happy to see and welcome participation from you our members in all ways possible. Some of the ways you could participate include Leading and speaking in Continuing Professional Education(CPE) sessions Becoming faculty members for various CISA/CISM/CRISC and CGEIT courses conducted by the chapter. Contributing content i.e. articles, research papers, white papers etc. for publication to the chapter magazine and/or the ISACA journal. Participating and being present in CPE sessions and contributing to the discussions and knowledge sharing; also taking full advantage of the networking opportunities offered. Spreading the message about ISACA and encouraging your peers/colleagues/friends and fellow professionals to participate in events(most events are open to all and often free) and in becoming part of ISACA. Participating in on-line forums both at the Bangalore level and on isaca.org leading to all round enrichment. Sharing knowledge and information by speaking at ISACA conferences. Contributing to ISACA exam questions by participating in the Item writing campaigns etc. The above are just some of the ways you can further engage with ISACA and ISACA Bangalore chapter and not only enrich yourself but also contribute and give back to the community to which you belong. We look forward to hearing from you please reach out to us on chapter@isacabangalore.org with your thoughts, ideas and /or feedback and most importantly if you wish to do more! Raghu R V Hon. President 5

6 InfocITy Auditor Chapter activity highlights 1. ISACA Bangalore Chapter celebrated 20 th year! (09-Jan-2016) Venue: Time: Sterlings Mac Hotel, Old Airport road, Bangalore 5:30-9:00 pm 88 members participated including 21 Platinum Members, Founder President & 8 past presidents. The Platinum members and founding members were felicitated. It was a good opportunity for all the members to celebrate the chapter s commendable milestone. 2. Special CPE Meeting Jointly held with PROTIVITI Venue: Time: The Pride Hotel, Richmond Road, Bengaluru. 6:00-8:00 pm CPE Credits:Two (2) CPE hours awarded Session Details: Topic: Internal Financial Controls- Beyond Financial Reporting In the aftermath of major global financial frauds, several countries enacted legislation around financial reporting controls that mandates the board of directors, senior management and the auditors of the financial statements to assess and report on the adequacy and effectiveness of an organization s internal financial controls, with an objective of enhancing the robustness of the corporate governance structure in place. Yes, so far we have been talking about global perspective and it s time for organizations in India to focus on the Indian Companies Act, 2013 requirements around Internal Financial Controls. Needless of say, an implementation of this nature and volume would require a robust technology platform. Whilst Information Technology security has to be in place, other threats in a highly networked environment also have to be addressed. These are necessary cornerstones for a robust Internal Financial Controls implementation. The sessions will cover: Key Concepts Definition and Difference between IFC and ICFR COSO 2013 Principles and Point of Focus Approach for IFC Implementation Internal Controls what does it cost to us? Procedural, Technology and People Entity Level Controls Process Level Controls Technology Controls, including Network security Role of Management and Internal Audit Speakers: Nirmalya Gupta, Managing Director, Protiviti - has close to twenty five years of working experience. Vijai K (Associate Director), IT Consulting, Protiviti India - has more than 13 years of years of experience, assisted and advised clients on various assurance and advisory services. Senthil Kumar, Regional Managing Director (Middle East & India) - has extensive experience in providing IT risk advisory and assurance services. 3. CPE Meeting (13-Feb-2016) Venue: Time: ISACA Chapter office, Bengaluru. 6:00-8:00 pm CPE Credits:Two (2) CPE hours awarded Session Details: Topic: Payment Security for Mobile and NFCIn the course of business, accepting payments over multiple channels is very much a need of time. It involves a huge amount of trust between a customer paying for the product or service availed and the seller. Mobile payments have gained precedence in the past 2 years, as everything is into mobile and we have new modes 6

7 March Issue of payments now like Apple Pay and Samsung Pay services. As per the latest Gartner study, there will be around 3 billion Smart phone and tablets will be sold to endusers by end of With the number of smart phones and tablets on the increase, and a decrease in traditional PC sales, attack son mobile device Sarematuring. By 2017, Gartner predicts that the focus of end point breaches will shift to tablet sand Smart phones. With out doubt this will open up a plethora of opportunities in Payments space, but do we have the right strategy to counter the risks? Session agenda: Changing Payment security landscape Payments Breaches and Reasons NFC & Mobile payments: Emerging technologies, Opportunities & Risks Mobile Payments Applications Security Speaker profile: Dharshan Shanthamurthy, CEO and Information Security Evangelist Qualifications: PCI-QSA, PA QSA, CISA, CISSP, CEH, FCA, ISO Implementer, CEH, OCTAVE (SEI-CMU) Authorized Trainer and Advisor, SANS Certified Web Application Pen Tester (GWAPT), Microsoft Certified Professional (MCP), VISA Qualified Payment Application Security Professional (VISA QPASP) Dharshan is the founder and CEO of SISA Information Security a global leader of PCI Certification and Risk Assessment. Dharshan is a Payment Security enthusiast with more than a decade experience in securing Payments for global customers of SISA. He was the proposer, lead and author of the PCI DSS Risk Assessment Guideline that was published by the PCI Security Standards Council in No of participants: 23 members Feedback: The session was well appreciated by all Day CISA Review Classes for June 2016 exam (starting 14-Feb-2016) Venue: Time: ISACA Chapter office, Bangalore 6:00-9:00 pm Session Details: Chapter Directors have imparted an overview on all the courses to aspirants. No of participants: 18 students Feedback: Students provided feedback that the classes were very good. 5. Public Intro-Seminar on ISACA Certification Courses for June 2016 exam(20-feb-2016) Venue: Time: Session Details: The Trinity Isle, Seshadripuram, Bangalore 6:00-9:00 pm Chapter Directors have imparted an overview on all the courses to aspirants. No of participants: 24participants Feedback: The seminar was well received. 6. Supported Event - ISMS Auditor/ Lead Auditor Training Course (Starting 23-Feb-2016) Venue: Time: Hotel Raaj Residency, Bangalore Full day CPE Credits: 40 CPE hours awarded Session Details: Five day training course for Information Security Management Systems (ISMS) Auditor/ Lead Auditor in ISO 27001: 2013 (Exemplar Global approved) conducted by International Standards Certifications Pvt. Ltd. 7. CPE Meeting (27-Feb-2016) Venue: ISACA Chapter office, Bengaluru. Time: 6:00-8:00 pm 7

8 InfocITy Auditor CPE Credits:Two (2) CPE hours awarded Session Details: Topic: Usage of Analytics in Risk Management. Speaker: Mr. Vinay Disney, WIPRO. Speaker profile: Vinay, having 20 years of experience covering various aspects of risk management both in an advisory and functional capacity. Experience covers projects involving multiple industries as well as global clients. Currently the CRO at Wipro Limited. Prior to Wipro worked for PWC. Chartered Account with CISA certification. No of participants: 24 members Feedback: The session was well appreciated by all. 8. CPE Meeting (12-Mar-2016) Venue: ISACA Chapter office, Bengaluru. Time: 6:00-8:00 pm CPE Credits:Two (2) CPE hours awarded Session Details: Topic: Emerging trends in fraud & use of technology in detecting & preventing them. Session Abstract: Every day we hear of new frauds and the magnitude of the fraud keeps increasing. There are various new legislation (including the new Companies Act) that the government has introduced to prevent frauds and to early identify them. However, the manner/ ways in which frauds have been perpetrated have always outpaced the checks and controls. In this session, you will hear on some of the emerging trends in fraud & how technology is currently being used by regulators/ corporate etc. in detecting & preventing them. Speaker: Mr.SaketBhartia.Ernst & Young LLP Speaker profile: Saket is an Executive Director with Fraud Investigation & Dispute Services (FIDS) and heads the Bangalore team. He is a Chartered Accountant (CA), Certified Fraud Examiner (CFE), Certified Internal Auditor (CIA) and a B Com graduate. He has an overall experience of 17 years, has worked internationally and delivered projects in 16 countries across the globe. He specializes in Anti-Fraud Controls reviews, Forensic Investigations, Risk Management, Internal Audits, Internal Controls reviews, Compliance (FCPA, UK Bribery, SOX etc.) and other consulting work. Before joining Ernst & Young, Saket has worked with large organizations like Capgemini, Hewlett Packard, Vodafone, KPMG and PwC. In the immediately previous role at Capgemini, he was responsible for Global Sales and Delivery for the Management Assurance Services team. No of participants: 39 members Feedback: Participants gave feedback that the session was excellent. 9. Supported Event - The Data Breach Summit Asia Conference (16-Mar-2016) Venue: Time: Session Details: The Taj West End 8:30 AM 5:30 PM The summit was a unique one-day conference focused on cyber security prevention and mitigation strategies with special focus on data breaches. This event was organized by Information Security Media Group (ismg). Highlights of the summit were: 80+ industry peers From Fraud or Forensics, Infrastructure to Risk management you will meet delegates from across functions at the summit. Network with them and learn about how they address security concerns in their organizations. Participating companies include SBI, Fidelity Investments, ICICI Bank, MCX, GE Healthcare, Cognizant, and Omega Healthcare and more. 8

9 March Issue 20+ Top-line speakers Hear from industry leaders on today s pressing IT security concerns. Speakers comprise of Dr. A S Ramasastri, Director, IDRBT; K S Narayanan, CISO, PwC; Manoj Sarangi, CISO, HCL Technologies; Rudra Murthy, CISO, Digital India; Sethu Raman, Sr VP & CRO, Mphasis; SivakumarSriram, CRO India & South Asia, VISA and many more. Power-packed conference Key areas of discussion at the summit include the following:- - Actionable Threat Intelligence: You Bought It. Now What? - API s The Unmanned And Ever Expanding Threat Interface - Building Public/Private Partnerships To Respond To Breaches - Data Breach Outlook: Global Trends Today, And The Indian Stance - IAM Strategy To Prevent Against Third Party Service Providers ISACA Bangalore Chapter put up a stall at this event. The stall was at the entrance and hence had good visibility. It received good appreciation as well. 10. CISM Sunday Classes CISM review classes have been organized at ISACA Bangalore Chapter office for June, 2016 exam registrants. - Breach And Incidence Response Planning: Bridging The Legal, Business & Technology Gaps There are 5 participants for the said classes. The classes will span over four Sundays starting with 20th March, ******* 19th Annual Karnataka conference Block your calendars, Register now!! Theme : Digital India - GRC Challenges Date : 23rd and 24th July, 2016 Venue : Shangri-La, Bangalore Register today and take advantage of the early bird offer! On-line registration open now! Registration Fees ISACA Member Non-members Students Rs.4,250/- Rs. 5,100/- Rs. 2,500/- Rs. 5,000/- Rs. 6,000/- Rs. 2,500/- Register at - 9

10 InfocITy Auditor 10

11 March Issue 11

12 InfocITy Auditor 12

13 March Issue 13

14 InfocITy Auditor Upcoming Events 19th Annual Karnataka Conference The details of the event are as below: Venue: Shangri La Hotel, Bangalore Date: 23 rd & 24 th Jul, 2016 Theme: Digital India GRC Challenges We look forward to having you with us! In case you require any further information or assistance, please feel free to reach out to us at CISA,CISM,CGEIT, CRISC review classes for Sep exam To be conducted in July/August 2016 CPE Meetings To be held on second and fourth Saturdays of all months ****** Executive Committee Mr. Raghu RV - President Mr. Rajaraman C - Vice President Mr. Suresh G Patankar - Secretary Mr. Satish Kumar Dwibhashi - Treasurer Mr. Natarajan KR - Past President Ms. VijayaVanitha S - Director-Programs Mr. SPRVithal - Director-Membership Mr. Arun Kumar Hallur - Director-Marketing Mr. VaidyanathanIyer - Director-GRA Mr. VelmurugaVenkatesh - Director-Research Mr. Ananth Kumar MS - CISA Coordinator Mr. Rajasekharan KR - CISM-Coordinator Mr. SatishKini - CGEIT-Coordinator Mr. Sundaram Sridhar - CRISC- Coordinator Ms. Praveena KR - Academic Relations & Newsletter editor 14

15 March Issue 15

16 InfocITy Auditor 16

17 March Issue 17

18 InfocITy Auditor 18