Sizing and Implementing ISO/IEC in Controlled Environments

Size: px
Start display at page:

Download "Sizing and Implementing ISO/IEC in Controlled Environments"

Transcription

1 Quality Systems are Secure Systems 5 day IN-HOUSE WORKSHOP resulting in a cost-optimized conformance plan Sizing and Implementing ISO/IEC in Controlled Environments Companies understand that to trade products and provide services in the global marketplace they must prove adequate attention to information security. ISO/IEC Code of Practice for Information Security Management is the de facto worldwide standard used for this purpose. Interpreted from the British Standard, ISO/IEC Code of practice for information security management and its counterpart ISO/IEC FDIS Security techniques, together these embody 186 pages of guidance covering 10 security areas that detail 163 organizational security requirements. Although the standard suggests strategies for its practical application, ultimately it is left up to the user to interpret the standard in text form, determine the scope of application, organize the information for reviewing and reference purposes and to set up the infrastructure for adoption and dissemination. Considering that the standard impacts every group, individual and activity in the enterprise, adoption of the standard can appear costly and difficult, if not overwhelming. This need not be the case. Many companies already have in place business and technology controls frameworks that may meet many of the requirements of Equivalencies can be determined that can reduce the cost and effort of implementation by as much as 78%.

2 ISO/IEC is the de facto worldwide standard in information security management What organizations really need to know is how much of the standard they must apply to fully conform to guidelines. This course offers an unique approach to implementation that provides a method for determining equivalencies with the IT Governance Institute s CobiT framework that may already fulfill some of the controls requirements. This can significantly reduce the amount of cost and effort required for conformance in many cases a cost savings of more than 50%. QualityIT s ISO/IEC 17799: Sizing and Implementing in Controlled Environments five day course delivers a practical solution for sizing the effort needed to achieve complete conformance for any organization, regardless of its size, core business focus, security maturity level or technology infrastructure. It provides a complete overview of the principles embodied in ISO/IEC 17799, and teaches leadership groups how to integrate security seamlessly into the enterprise business and technology processes. Participants learn how to eliminate redundant requirements, leverage internal knowledge and skills, and plan and execute the implementation to minimize cost and disruption to staff and existing organizational processes. This course assumes a cross section of representative participants from Strategic and Tactical roles, including Executive and Senior Management, Networking and Communications, Project Management, System Acquisition & Development, Support, Project Management, Quality Assurance and Risk Management (recommended one from each group). The course guides participants through the Implementation planning process and provides all the tools necessary for assessing a company's current level of conformance and determining what specific actions must be taken to provide proof of full conformance to the level acceptable for audit purposes. It supplies remediation templates as well as a comprehensive framework for monitoring changes to security infrastructure and practices that could affect conformance levels. In addition to classroom instruction, the client receives automated equivalency and conformance tools, 21 implementation planning templates, and checklists for the 57 requirements not covered by the CobiT controls framework. By the end of the course, participants have verified their current level of conformance, scoped and sized the problem, mobilized as a group and organized the action plan to quickly correct any ISO/IEC audit deficiencies.

3 A comprehensive approach to planning and securing the enterprise Course Overview This course includes: QualityIT s Executive Guide to IT Quality & Security, a handbook of 31 principles The curriculum manual including approximately 600 Power point slides used in the 30 hours of classroom instruction with notes. REGULATORY MANDATES: A survey of current and pending regulatory mandates likely to impact organizations, including Sarbanes-Oxley, HIPAA, California 1386, U.S. Patriot Act, 911 Commission Findings, FISMA and Basel II. ISO/IEC OVERVIEW: A complete overview of the 10 security areas covered by ISO/IEC Potential business impacts on non-conformance based on current threats and reported cases. Comprehensive perspective on the challenges of integrating information security objectives into the business and technology processes. CONFORMANCE EQUIVALENCY TOOL: Instruction in how to determine the size of the effort using a simple automation tool designed to determine conformance equivalencies based on the Information Technology Governance Institute s CobiT framework. FRAMEWORK SOLUTION TOOL: Exposition of QualityIT s Framework Solution for Life Cycle Security based on upcoming revisions to IEEE P1074 Standard for Developing Software Life Cycle Processes and hands-on instruction in using the framework tool on typical technology projects. Step by step instructions for how to plan an implementation, and how to use the 22 implementation templates provided for this purpose. SUPPORTING TEMPLATES & CHECKLISTS: covering the 57 requirements not covered by the CobIT controls framework. EXECUTION PLANNING: Hands on Labs that guide participants through evaluation and execution planning for their organizations, resulting in a TO DO list take-away.

4 5 days of hands-on instruction resulting in actionable plans for ISO/IEEE conformance 5-Day In-House Course Schedule

5 Information Security is no longer optional Day 1-Morning Session: Survey and Impacts of Regulatory Mandates This day begins with a one hour orientation that provides an overview of curriculum objectives, followed by a survey of prevailing and upcoming regulatory mandates. Topics include: The course objectives overview, schedule and survey of deliverables The range of potential business impacts due to breaches Global business implications for non-conformance, case studies Introduction to ISO/IEC The unique challenges of enterprise wide transition and the risks of underestimating it Necessary obligations for Executive and Management Roles Transition Lead requirements for facilitating access to necessary Corporate resources, as required The essential need to execute as a formal Project Sarbanes-Oxley, current interpretations and prevailing approaches HIPAA, and relevance for non-health Care companies California 1386, hidden risks and implications 911 Commission: the Putnam additions and future implications

6 U.S. Patriot Act, and its relationship to Emergency Response and Computer Forensics Basel II, relevance for Financial Institutions FISMA, Government systems mandates and implications for the private sector Day 1-Afternoon Session: Perspective on the Enterprise Security Challenge This session explores the Enterprise Security challenge in depth, and how historical factors have conspired to shape perceptions that resist change. Topics include: A brief overview of business technology history and the emergence and evolution of IT process life cycles The history of security solutions over the last 20 years, and their rapid evolution in the face of accelerating threats Foundation security principles: Confidentiality, Integrity and Availability Current strategies and Trends The relationship of Security to the Business Continuity and Disaster Planning program The relationship of Security to Quality and Risk Management programs Obstacles to integrating security into the business, acquisition, software development, and service outsourcing processes Security Roles and Responsibilities, survey of past and progressive approaches Graphical exposition of convergence vectors between organizational life cycles ASSEMBLY LAB: Participants collaborate and execute the Business Impact Analysis and the Technology Dependency, and Sarbanes-Oxley Survey worksheets, obtaining quotients indicating the perceived level of current organizational and regulatory security risk.

7 ISO/IEC impacts all organizational groups and activities Day 2-Morning Session: Overview of ISO/IEC Areas 1-5 This day begins with in-depth exploration of 5 areas that mostly affect Strategic and Tactical security roles. A.3 Security policy A.4 Organizational security A.5 Asset classification and control A.6 Personnel security A.12 Compliance Topics include: Terms & Definitions Information Security Infrastructure requirements Policy definition, dissemination and change control Accountability for assets Information classification Security in job definition and sourcing Security Training Security incident response Third party access and contract requirements Outsourcing risks

8 Compliance with legal requirements The Policy and Compliance review process System audit requirements Day 2-Afternoon Session: Overview of ISO/IEC Areas 6-10 This day continues with in-depth exploration of 5 areas that mostly affect Tactical and Operational security roles. A.7 Physical and environmental security A.8 Communications and operations management A.9 Access control A.10 System development and maintenance A.11 Business continuity management Topics include: General workplace & Equipment controls, and secure areas Operational procedures and Responsibilities System Planning and Acceptance Housekeeping Controlling unauthorized software Network management Media handling and security Transaction and information exchange control Access control requirements of Users, Networks, Systems & Applications Monitoring access and resource use Mobile and remote teleworking controls Secure development and maintenance including Security Requirements of systems; Security in application systems; Cryptographic controls; System file security; Secure development and testing; Review and Support processes Business continuity and Disaster Recovery controls ASSEMBLY LAB: Participants collaborate and explore the ISO/IEC Compliance Checklist, obtaining a quotient indicating the organization s current level of non-conformance with ISO/IEC

9 Equivalencies can be mapped to common control frameworks that can reduce the cost of implementing ISO/IEC by as much as 78% Day 3-Morning Session: Scoping and Sizing the Implementation Effort This session concentrates on determining how much of ISO/IEC guidance must be addressed to achieve full conformance. Topics include: IT Governance Institute s basis for CobiT equivalency The structure and organization of equivalency findings Relevance of equivalencies for your environment Approach toward cross-referencing findings for other controls Frameworks (COSO, Cadbury, CoCo, ISO 9000, Six Sigma) Example equivalencies Case scenarios that indicate verifiable equivalencies The structure of QualityIT s Conformance Equivalency tool How to use the tool to determine equivalency

10 Day 3-Afternoon Session: Implementation Plan and Templates This session explores ISO/IEC implementation strategy and the accompanying 21 essential templates used for planning and execution. Topics include: ISO/IEC recommended implementation process and exploration of the recommended 22 Implementation templates: 1. Benefits Presentation Template Plan 2. Project Justification Signoff Document 3. Allocation of Security Responsibility Document 4. Organizational Statement of Commitment 5. Service Level Agreements Template 6. Example Security Policy Document 7. Security Awareness Signoff Template 8. Information Security Management Scope (ISMS) Document 9. Asset Valuation Plan 10. Vulnerability Assessment Strategy Document 11. Risk Prioritization Procedure 12. Risk Analysis Document 13. Security Risk Policy Document 14. Risk Acceptability Statement 15. Residual Risk Policy Statement 16. Residual Risk Policy Decision Template 17. Risk Management Plan Template 18. Risk Mitigation Controls Identification and Selection Procedure 19. Statement of Applicability (non-conformance checklist) 20. Master Traceability Matrix 21. Implementation Plan Document 22. Quality Assurance Completion Checklist ASSEMBLY LAB: Participants collaborate and execute the Conformance Equivalency tool, yielding the list of organizational activities that do not conform to ISO/IEC guidelines to be addressed by Implementation Planning.

11 A key factor in organizational security failure is lack of adequate coordination of the security effort across the enterprise Day 4-Morning Session: Framework Solution for Life Cycle Security Those ISO/IEC requirements not covered by CobiT are covered by QualityIT s Framework Solution for Life Cycle Security. This session introduces the Framework and demonstrates how it closes most of the remaining gaps of conformance with ISO/IEC This tool is derived from upcoming changes to the IEEE P1074 Standard for Developing Software Life Cycle Processes. Whereas ISO/IEC concentrates on the high level management aspects of information security, QualityIT s Framework Solution provides the change management infrastructure that ensures organizational technology efforts yield quality security deliverables that will meet ISO/IEC audit expectations. It ensures security relevant deliverables (products, processes and documentation) are properly managed especially at high risk times during which the technology infrastructure is undergoing significant change.

12 The Framework Solution complements the ISO/IEC effort by seamlessly integrating security into the technology development and maintenance processes where the highest organizational security risk lies. Participants learn how each organizational role fits into this framework, what their security obligations are, and how they must contribute in the effort to achieve and maintain optimal organizational security. It creates a sustainable security monitoring and change control infrastructure for technology and support deliverables. Topics include: What the Framework Solution is and where it comes from Structure and organization of the Framework Understanding the part each role plays in the model Range of typical IT projects Required roles for each type of project How project deliverables affect enterprise security artifacts and organizational processes Understanding what can and cannot be controlled External pre-requisites to technology projects Determining the level of security needed for a project and product The critical importance of security centric Project Management

13 Day 4-Afternoon Session: Using the Framework Solution Tool This session demonstrates how to use the Framework Solution tool to control security relevant changes to the Information Technology Infrastructure. Topics covered include: Selection of activities for the following projects o Complete in-house technology solution o Acquisition and integration project o Full or partial outsourced project o System retirement o Product patch upgrade Determining project Security Objectives Determining the security Risk and impacts: a primer in collaborative Threat Modeling Determining the Security Acceptability quotient Security Accreditation concepts Tracing the impact of project outcomes to Enterprise security artifacts ASSEMBLY LAB: Participants will execute the Framework Tool, selecting relevant activities for the various kinds of projects usually undertaken by the organization and explore the impact on Enterprise artifacts and processes using the supplied Enterprise Security Coordination Road Map.

14 Cost effective conformance with ISO/IEC is absolutely achievable Day 5-Morning Session: Completion of the Implementation Plan This session concentrates on completing the ISO/IEC Conformance Implementation Plan. Participants review what aspects of security are in their control, how to optimize their resources, minimize staff impacts and maintain budget. They are given an overview of the remaining supplied tools that can be helpful in controlling the project and optimizing security in the enterprise. Topics covered include: Review of Implementation obstacles Selection of relevant Implementation templates Allocation of security forum responsibilities Sketch contents of selected templates Exploration of toolkit worksheets o NIST Baseline Security Principles o Project Plan Template o Critical System Evaluation Worksheet o NIST System Self-Assessment Tool o QualityIT s Security Testing Process Assessment Tool o QualityIT s Security Test Plan Tool

15 Day 5-Afternoon Session: The Roadmap Forward This day brings the course to a close, by formalizing the Enterprise Security Forum and its procedures, or else validating the structure and procedures already in place. Participants collaborate and agree on what their specific responsibilities are with regard to insuring program adoption, tools and techniques that will ensure conformance success. Topics include: Implementation issues definition and prioritization Root cause analysis of department representative Issue resolution strategy Roadmap Action Plan

16 ISO/IEC Implementation strategy combined with QualityIT s Framework Solution for Life Cycle Security provides a complete enterprise security management solution. At Course Completion Upon course completion, participants will fully understand basic security concepts and terminoloogy, and best practices embodied in ISO/IEC 17799, IEEE P1074 and ISO/IEC and security guidance from ITGI/ISACA and NIST. They will have explored all the issues related to ISO/IEC conformance for their organiztion, and identified all equivalencies that can be eliminated from the implementation effort. Partificants will have created a fully formed plan for managing the implementation effort across the enterprise, and executing remedial activities that will bring the organization to full conformance with the ISO/IEC guideline. Participants will also understand the leadership part they each play in supporting the organizational security effort in their areas, and how to effectively coordinate and manage resources across enterprise groups optimize enterprise security protections and reduce investment.

17 A skilled workforce is a competitive asset, not an empty expense. Target Audience This course encompasses training for senior business and technology mangers, security officers and professionals, project managers, product and service architects, technical and QA leads, and support and operations managers identified to lead the Implementation process. Course Requirements There are no course pre-requisites. Participants are only expected to be proficient in their job role areas. Included Materials: Handbook: The Executive Guide to IT Quality & Security: 31 principles. Curriculum training manual with power point slides and notes Assembly Labs that guide participants through the Implementation sizing and planning process 22+ templates, checklists Excel Workbook of automated tools Cost: $10,000 all inclusive, maximum 10 participants

18 Bar Biszick-Lockwood, cisa, cissp, csqa Instructor Credits Bar Biszick-Lockwood is a Certified Information Systems Security Professional (CISSP), and a Certified Information Systems Auditor (CISA) and a Certified Software Quality Analyst (CSQA). She is an expert in Security Life Cycle standards and specializes in IT regulatory compliance audit, IS assessment and IT process re-engineering to optimize organizational security. Ms. Biszick-Lockwood authored the security activities for the pending revision of IEEE P1074 Standard for Developing Software Life Cycle Processes that provide practical guidance in applying optimal security controls to software projects and building adequate security controls into products. She is a member of IEEE, ISSA, ISACA, and SIM, has designed security curriculum for Construx and for Logical Security, the latter a security education company led by Shon Harris, author of McGraw-Hill's best selling CISSP All-In-One-Guide. She has been a featured speaker at numerous conferences including QAI s I International Conference on Information Technology Quality (QAI, Orlando April, 2001), Information Technology Conference on Security (QAI, Kansas City, May, 2001); Applied Computer Security Association Conference (ACSAC, Tucson, AZ 2004), and has provided training and in-house presentations at Adobe, Microsoft, for the Port of Seattle and City of Seattle Technology Professionals. Ms. Biszick-Lockwood uses a proprietary audit workbook featuring over 1850 data points to baseline organizational security for large and small organizations It provides a 360 degree view of organizational security risk and improvement designed to minimize cost and optimize security protections.

19 QualityIT offers and promotes highest quality instruction in information security and quality assurance that prepares organizations to meet the challenges of 21st century business with a competent workforce. QualityIT NE 83 rd Ct. Redmond, WA (206)

Certified Information Security Manager (CISM) Course Overview

Certified Information Security Manager (CISM) Course Overview Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,

More information

Security Management Models And Practices Feb 5, 2008

Security Management Models And Practices Feb 5, 2008 TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related

More information

TEL2813/IS2820 Security Management

TEL2813/IS2820 Security Management TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management

More information

CISM Certified Information Security Manager

CISM Certified Information Security Manager CISM Certified Information Security Manager Firebrand Custom Designed Courseware Logistics Start Time Breaks End Time Fire escapes Instructor Introductions Introduction to Information Security Management

More information

Information Security Risk Strategies. By

Information Security Risk Strategies. By Information Security Risk Strategies By Larry.Boettger@Berbee.com Meeting Agenda Challenges Faced By IT Importance of ISO-17799 & NIST The Security Pyramid Benefits of Identifying Risks Dealing or Not

More information

Effective COBIT Learning Solutions Information package Corporate customers

Effective COBIT Learning Solutions Information package Corporate customers Effective COBIT Learning Solutions Information package Corporate customers Thank you f o r y o u r interest Thank you for showing interest in COBIT learning solutions from ITpreneurs. This document provides

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

Introduction to ISO/IEC 27001:2005

Introduction to ISO/IEC 27001:2005 Introduction to ISO/IEC 27001:2005 For ISACA Melbourne Chapter Technical Session 18 th of July 2006 AD Prepared by Endre P. Bihari JP of Performance Resources What is ISO/IEC 17799? 2/20 Aim: Creating

More information

John Snare Chair Standards Australia Committee IT/12/4

John Snare Chair Standards Australia Committee IT/12/4 John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC

More information

"Charting the Course... ITIL 2011 Managing Across the Lifecycle ( MALC ) Course Summary

Charting the Course... ITIL 2011 Managing Across the Lifecycle ( MALC ) Course Summary Course Summary Description ITIL is a set of best practices guidance that has become a worldwide-adopted framework for IT Service Management by many Public & Private Organizations. Since early 1990, ITIL

More information

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive IT Governance ISO/IEC 27001:2013 ISMS Implementation Service description Protect Comply Thrive 100% guaranteed ISO 27001 certification with the global experts With the IT Governance ISO 27001 Implementation

More information

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value

More information

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Charting the Course... Certified Information Systems Auditor (CISA) Course Summary Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business

More information

Table of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING

Table of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING Table of Contents Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING Chapter 1: Significance of Internal Auditing in Enterprises Today: An Update 3 1.1 Internal Auditing History and Background

More information

CCISO Blueprint v1. EC-Council

CCISO Blueprint v1. EC-Council CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance

More information

ISO/ IEC (ITSM) Certification Roadmap

ISO/ IEC (ITSM) Certification Roadmap ISO/ IEC 20000 (ITSM) Certification Roadmap Rasheed Adegoke June 2013 Outline About First Bank Motivations Definitions ITIL, ISO/IEC 20000 & DIFFERENCES ISO/ IEC 20000 Certification Roadmap First Bank

More information

Threat and Vulnerability Assessment Tool

Threat and Vulnerability Assessment Tool TABLE OF CONTENTS Threat & Vulnerability Assessment Process... 3 Purpose... 4 Components of a Threat & Vulnerability Assessment... 4 Administrative Safeguards... 4 Logical Safeguards... 4 Physical Safeguards...

More information

USING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES

USING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES WHITE PAPER USING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES Table of Contents I. Overview II. COSO to CobIT III. CobIT / COSO Objectives met by using QualysGuard 2 3 4 Using QualysGuard

More information

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information The HITRUST CSF A Revolutionary Way to Protect Electronic Health Information June 2015 The HITRUST CSF 2 Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity,

More information

An Overview of ISO/IEC family of Information Security Management System Standards

An Overview of ISO/IEC family of Information Security Management System Standards What is ISO/IEC 27001? The ISO/IEC 27001 standard, published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is known as Information

More information

Weighing in on the Benefits of a SAS 70 Audit for Third Party Administrators

Weighing in on the Benefits of a SAS 70 Audit for Third Party Administrators Weighing in on the Benefits of a SAS 70 Audit for Third Party Administrators With increasing oversight and growing demands for industry regulations, third party assurance has never been under a keener

More information

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing

More information

Position Description IT Auditor

Position Description IT Auditor Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership

More information

TSC Business Continuity & Disaster Recovery Session

TSC Business Continuity & Disaster Recovery Session TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives

More information

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection Compliance and Standards Matrix Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions

More information

EXIN Expert in IT Service Management based on ISO/IEC Preparation Guide

EXIN Expert in IT Service Management based on ISO/IEC Preparation Guide EXIN Expert in IT Service Management based on ISO/IEC 20000 Preparation Guide Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied

More information

THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :

THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY : THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY 18 2017: INFORMATION SYSTEM AUDIT AND SECURITY MANAGEMENT ( 2 DAYS) MAY 15 AND 16 o INFORMATION

More information

ITSM20F_Umang. Number: ITSM20F Passing Score: 800 Time Limit: 120 min File Version: 4.0. Exin ITSM20F

ITSM20F_Umang.   Number: ITSM20F Passing Score: 800 Time Limit: 120 min File Version: 4.0. Exin ITSM20F ITSM20F_Umang Number: ITSM20F Passing Score: 800 Time Limit: 120 min File Version: 4.0 http://www.gratisexam.com/ Exin ITSM20F IT Service Management Foundation based on ISO/IEC 20000 (ITSM20F.EN) Version:

More information

ISO/IEC INTERNATIONAL STANDARD

ISO/IEC INTERNATIONAL STANDARD INTERNATIONAL STANDARD ISO/IEC 27006 Second edition 2011-12-01 Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems

More information

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf

More information

Exam Requirements v4.1

Exam Requirements v4.1 COBIT Foundation Exam Exam Requirements v4.1 The purpose of this document is to provide information to those interested in participating in the COBIT Foundation Exam. The document provides information

More information

Vendor: The Open Group. Exam Code: OG Exam Name: TOGAF 9 Part 1. Version: Demo

Vendor: The Open Group. Exam Code: OG Exam Name: TOGAF 9 Part 1. Version: Demo Vendor: The Open Group Exam Code: OG0-091 Exam Name: TOGAF 9 Part 1 Version: Demo QUESTION 1 According to TOGAF, Which of the following are the architecture domains that are commonly accepted subsets of

More information

M.S. IN INFORMATION ASSURANCE MAJOR: CYBERSECURITY. Graduate Program

M.S. IN INFORMATION ASSURANCE MAJOR: CYBERSECURITY. Graduate Program Detroit Mercy s Master of Science in Information Assurance with a major in Cybersecurity is a multi-disciplinary 30-credit-hour graduate degree. It is designed to produce a comprehensively knowledgeable

More information

Security and Privacy Governance Program Guidelines

Security and Privacy Governance Program Guidelines Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by

More information

University of Pittsburgh Security Assessment Questionnaire (v1.7)

University of Pittsburgh Security Assessment Questionnaire (v1.7) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided

More information

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection Compliance and Standards Matrix Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions

More information

WHO SHOULD ATTEND? ITIL Foundation is suitable for anyone working in IT services requiring more information about the ITIL best practice framework.

WHO SHOULD ATTEND? ITIL Foundation is suitable for anyone working in IT services requiring more information about the ITIL best practice framework. Learning Objectives and Course Descriptions: FOUNDATION IN IT SERVICE MANAGEMENT This official ITIL Foundation certification course provides you with a general overview of the IT Service Management Lifecycle

More information

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE Overview all ICT Profile changes in title, summary, mission and from version 1 to version 2 Versions Version 1 Version 2 Role Profile

More information

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway. Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation

More information

THE POWER OF TECH-SAVVY BOARDS:

THE POWER OF TECH-SAVVY BOARDS: THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting

More information

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project

More information

Information Technology Branch Organization of Cyber Security Technical Standard

Information Technology Branch Organization of Cyber Security Technical Standard Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:

More information

What is ISO/IEC 20000?

What is ISO/IEC 20000? An Introduction to the International Service Management Standard By President INTERPROM July 2015 Copyright 2015 by InterProm USA. All Rights Reserved www.interpromusa.com Contents INTRODUCTION... 3 SERVICE

More information

COBIT 5 Assessor Certification Course

COBIT 5 Assessor Certification Course COBIT 5 Assessor Certification Course About COBIT 5.0 Information is created, used, retained, disclosed and destroyed. Technology plays a key role in these actions and technology is becoming pervasive

More information

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager.

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager. Course Outline CISM - Certified Information Security Manager 20 Nov 2017 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led

More information

What is ISO/IEC 27001?

What is ISO/IEC 27001? An Introduction to the International Information Security Management Standard By President INTERPROM July 2017 Copyright 2017 by InterProm USA. All Rights Reserved www.interpromusa.com Contents INTRODUCTION...

More information

Continuous protection to reduce risk and maintain production availability

Continuous protection to reduce risk and maintain production availability Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading

More information

Shon Harris s Newly Updated CISSP Materials

Shon Harris s Newly Updated CISSP Materials Shon Harris s Newly Updated CISSP Materials WHY PURSUE A CISSP? Many companies are beginning to regard a CISSP certification as a requirement for their technical, mid-management, and senior IT management

More information

FDIC InTREx What Documentation Are You Expected to Have?

FDIC InTREx What Documentation Are You Expected to Have? FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the

More information

CISM QAE ITEM DEVELOPMENT GUIDE

CISM QAE ITEM DEVELOPMENT GUIDE CISM QAE ITEM DEVELOPMENT GUIDE ISACA 2015. All Rights Reserved. 2 TABLE OF CONTENTS PURPOSE OF THE CISM QAE ITEM DEVELOPMENT GUIDE... 3 PURPOSE OF THE CISM QAE... 3 CISM EXAM STRUCTURE... 3 WRITING QUALITY

More information

The Common Controls Framework BY ADOBE

The Common Controls Framework BY ADOBE The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.

More information

Rethinking Information Security Risk Management CRM002

Rethinking Information Security Risk Management CRM002 Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design

More information

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1 PCI Policy Compliance Using Information Security Policies Made Easy PCI Policy Compliance Information Shield Page 1 PCI Policy Compliance Using Information Security Policies Made Easy By David J Lineman

More information

Advent IM Ltd ISO/IEC 27001:2013 vs

Advent IM Ltd ISO/IEC 27001:2013 vs Advent IM Ltd ISO/IEC 27001:2013 vs 2005 www.advent-im.co.uk 0121 559 6699 bestpractice@advent-im.co.uk Key Findings ISO/IEC 27001:2013 vs. 2005 Controls 1) PDCA as a main driver is now gone with greater

More information

Guide to the implementation and auditing of ISMS controls based on ISO/IEC 27001

Guide to the implementation and auditing of ISMS controls based on ISO/IEC 27001 Guide to the implementation and auditing of ISMS controls based on ISO/IEC 27001 Information Security Management Systems Guidance series The Information Security Management Systems (ISMS) series of books

More information

Data Security Standards

Data Security Standards Data Security Standards Overall guide The bigger picture of where the standards fit in 2018 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a

More information

Predstavenie štandardu ISO/IEC 27005

Predstavenie štandardu ISO/IEC 27005 PERFORMANCE & TECHNOLOGY - IT ADVISORY Predstavenie štandardu ISO/IEC 27005 ISMS Risk Management 16.02.2011 ADVISORY KPMG details KPMG is a global network of professional services firms providing audit,

More information

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more. FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013 Visit us online at Flank.org to learn more. HITRUST CSF v9 Framework ISO 27001/27002:2013 Framework FLANK ISO 27001/27002:2013 Documentation from

More information

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA? Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA? A brief overview of security requirements for Federal government agencies applicable to contracted IT services,

More information

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS

More information

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *** Introduction and Bio CyberSecurity Defined CyberSecurity Risks NIST CyberSecurity Framework References *** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS *** Chapter 3. Framework Implementation Relationship

More information

NCSF Foundation Certification

NCSF Foundation Certification NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity

More information

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose: STAFF REPORT January 26, 2001 To: From: Subject: Audit Committee City Auditor Information Security Framework Purpose: To review the adequacy of the Information Security Framework governing the security

More information

Information Security Policy

Information Security Policy April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING

More information

Securing Your Digital Transformation

Securing Your Digital Transformation Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,

More information

Department of Management Services REQUEST FOR INFORMATION

Department of Management Services REQUEST FOR INFORMATION RESPONSE TO Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 250 South President

More information

BRING EXPERT TRAINING TO YOUR WORKPLACE.

BRING EXPERT TRAINING TO YOUR WORKPLACE. BRING EXPERT TRAINING TO YOUR WORKPLACE. ISACA s globally respected training and certification programs inspire confidence that enables innovation in the workplace. ISACA s On-Site Training brings a unique

More information

IT123: SABSA Foundation Training

IT123: SABSA Foundation Training IT123: SABSA Foundation Training IT123 Rev.002 CMCT COURSE OUTLINE Page 1 of 8 Training Description: SABSA is the world s leading open security architecture framework and methodology. SABSA is a top-tobottom

More information

SECURITY TRAINING SECURITY TRAINING

SECURITY TRAINING SECURITY TRAINING SECURITY TRAINING SECURITY TRAINING Addressing software security effectively means applying a framework of focused activities throughout the software lifecycle in addition to implementing sundry security

More information

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY The Foundation Certificate in Information Security (FCIS) course is designed to provide

More information

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized. Val-EdTM Valiant Technologies Education & Training Services Workshop for CISM aspirants All Trademarks and Copyrights recognized Page 1 of 8 Welcome to Valiant Technologies. We are a specialty consulting

More information

Information Technology General Control Review

Information Technology General Control Review Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor

More information

Integrating ITIL and COBIT 5 to optimize IT Process and service delivery. Johan Muliadi Kerta

Integrating ITIL and COBIT 5 to optimize IT Process and service delivery. Johan Muliadi Kerta Integrating ITIL and COBIT 5 to optimize IT Process and service delivery Johan Muliadi Kerta Measurement is the first step that leads to control and eventually to improvement. If you can t measure something,

More information

POSITION DESCRIPTION

POSITION DESCRIPTION UNCLASSIFIED IT Security Certification Assessor POSITION DESCRIPTION Unit, Directorate: Location: IT & Physical Security, Protective Security Wellington Salary range: H $77,711 - $116,567 Purpose of position:

More information

_isms_27001_fnd_en_sample_set01_v2, Group A

_isms_27001_fnd_en_sample_set01_v2, Group A 1) What is correct with respect to the PDCA cycle? a) PDCA describes the characteristics of information to be maintained in the context of information security. (0%) b) The structure of the ISO/IEC 27001

More information

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

More information

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18 Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are

More information

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager. 22 Mar

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager. 22 Mar Course Outline CISM - Certified Information Security Manager 22 Mar 2019 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led

More information

IT Attestation in the Cloud Era

IT Attestation in the Cloud Era IT Attestation in the Cloud Era The need for increased assurance over outsourced operations/ controls April 2013 Symeon Kalamatianos M.Sc., CISA, CISM Senior Manager, IT Risk Consulting Contents Introduction

More information

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE EXAM PREPARATION GUIDE PECB Certified ISO/IEC 38500 Lead IT Corporate Governance Manager The objective of the PECB Certified ISO/IEC 38500 Lead IT Corporate Governance Manager examination is to ensure

More information

Article II - Standards Section V - Continuing Education Requirements

Article II - Standards Section V - Continuing Education Requirements Article II - Standards Section V - Continuing Education Requirements 2.5.1 CONTINUING PROFESSIONAL EDUCATION Internal auditors are responsible for maintaining their knowledge and skills. They should update

More information

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016 Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data

More information

ITIL Managing Across the Lifecycle Course

ITIL Managing Across the Lifecycle Course ITIL Managing Across the Lifecycle Course Duration: 5 Days Course Delivery: Classroom Language: English Course Overview ITIL 2011 edition is comprised of five core publications: Service Strategy, Service

More information

A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS

A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS Introduction If you re a growing service organization, whether a technology provider, financial services corporation, healthcare company, or professional

More information

SOLUTION BRIEF Virtual CISO

SOLUTION BRIEF Virtual CISO SOLUTION BRIEF Virtual CISO programs that prepare you for tomorrow s threats today Organizations often find themselves in a vise between ever-evolving cyber threats and regulatory requirements that tighten

More information

KillTest *KIJGT 3WCNKV[ $GVVGT 5GTXKEG Q&A NZZV ]]] QORRZKYZ IUS =K ULLKX LXKK [VJGZK YKX\OIK LUX UTK _KGX

KillTest *KIJGT 3WCNKV[ $GVVGT 5GTXKEG Q&A NZZV ]]] QORRZKYZ IUS =K ULLKX LXKK [VJGZK YKX\OIK LUX UTK _KGX KillTest Q&A Exam : OG0-091 Title : TOGAF 9 Part 1 Version : Demo 1 / 5 1.According to TOGAF, Which of the following are the architecture domains that are commonly accepted subsets of an overall enterprise

More information

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT) DESIGNATION Reporting to Division Office Location IT MANAGER PERMANENT SALARY SCALE: P07 (R806 593.00) Ref:AgriS042/2019 Information Technology Manager CEO Information Technology (IT) Head office JOB PURPOSE

More information

E-guide Getting your CISSP Certification

E-guide Getting your CISSP Certification Getting your CISSP Certification Intro to the 10 CISSP domains of the Common Body of Knowledge : The Security Professional (CISSP) is an information security certification that was developed by the International

More information

Practical Guide to Cloud Computing Version 2. Read whitepaper at

Practical Guide to Cloud Computing Version 2. Read whitepaper at Practical Guide to Cloud Computing Version 2 Read whitepaper at www.cloud-council.org/resource-hub Sept, 2015 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! 2011/2012 Deliverables

More information

PROTERRA CERTIFICATION PROTOCOL V2.2

PROTERRA CERTIFICATION PROTOCOL V2.2 PROTERRA CERTIFICATION PROTOCOL V2.2 TABLE OF CONTENTS 1. Introduction 2. Scope of this document 3. Definitions and Abbreviations 4. Approval procedure for Certification Bodies 5. Certification Requirements

More information

REPORT 2015/149 INTERNAL AUDIT DIVISION

REPORT 2015/149 INTERNAL AUDIT DIVISION INTERNAL AUDIT DIVISION REPORT 2015/149 Audit of the information and communications technology operations in the Investment Management Division of the United Nations Joint Staff Pension Fund Overall results

More information

COURSE BROCHURE. COBIT5 FOUNDATION Training & Certification

COURSE BROCHURE. COBIT5 FOUNDATION Training & Certification COURSE BROCHURE COBIT5 FOUNDATION Training & Certification What is COBIT5? COBIT 5 (Control Objectives for Information and Related Technology) is an international open standard that defines requirements

More information

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Exam4Tests.   Latest exam questions & answers help you to pass IT exam test easily Exam4Tests http://www.exam4tests.com Latest exam questions & answers help you to pass IT exam test easily Exam : CISM Title : Certified Information Security Manager Vendor : ISACA Version : DEMO 1 / 10

More information

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014 UNITED NATIONS DEVELOPMENT PROGRAMME AUDIT OF UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY Report No. 1173 Issue Date: 8 January 2014 Table of Contents Executive Summary

More information

COBIT 5 With COSO 2013

COBIT 5 With COSO 2013 Integrating COBIT 5 With COSO 2013 Stephen Head Senior Manager, IT Risk Advisory Services 1 Our Time This Evening Importance of Governance COBIT 5 Overview COSO Overview Mapping These Frameworks Stakeholder

More information

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010 JAYACHANDRAN.B,CISA,CISM jb@esecurityaudit.com August 2010 SAS 70 Audit Concepts and Benefits Agenda Compliance requirements Overview Business Environment IT Governance and Compliance Management Vendor

More information

Balancing Between Risk and Compliance

Balancing Between Risk and Compliance Balancing Between Risk and Compliance Dave Mann, Ph.D. Senior Security Strategist BindView Development Business is risky! Want low risk? Get a savings account Risk Appetite = Organizational need for risk

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

Leveraging COBIT to Implement Information Security

Leveraging COBIT to Implement Information Security DISCUSS THIS ARTICLE Leveraging COBIT to Implement Information By John Frisken, CA COBIT Focus 5 May 2015 In delivering IT security consulting services to large enterprises in Australia, particularly in

More information